ce_const_cmp2+0x18/0x20 [ 1141.096582][ T9411] alloc_pages_vma+0xdd/0x620 [ 1141.096582][ T9411] wp_page_copy+0x226/0x1560 [ 1141.096582][ T9411] ? find_held_lock+0x35/0x130 [ 1141.096582][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1141.096582][ T9411] ? lock_downgrade+0x920/0x920 [ 1141.096582][ T9411] ? swp_swapcount+0x540/0x540 [ 1141.096582][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1141.096582][ T9411] do_wp_page+0x543/0x1540 [ 1141.096582][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1141.096582][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1141.096582][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1141.096582][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1141.096582][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1141.096582][ T9411] ? __kasan_check_read+0x11/0x20 [ 1141.096582][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1141.096582][ T9411] __do_page_fault+0x536/0xd80 [ 1141.096582][ T9411] do_page_fault+0x38/0x590 [ 1141.096582][ T9411] do_async_page_fault+0x30/0xa0 [ 1141.096582][ T9411] async_page_fault+0x39/0x40 [ 1141.096582][ T9411] RIP: 0023:0x808fa5d [ 1141.096582][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1141.096582][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1141.096582][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1141.096582][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 0000000000002bb6 [ 1141.096582][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1141.096582][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1141.096582][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1141.416751][ T9411] Mem-Info: [ 1141.420284][ T9411] active_anon:40072 inactive_anon:233 isolated_anon:0 [ 1141.420284][ T9411] active_file:2863 inactive_file:17600 isolated_file:0 [ 1141.420284][ T9411] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1141.420284][ T9411] slab_reclaimable:15592 slab_unreclaimable:60517 [ 1141.420284][ T9411] mapped:39858 shmem:307 pagetables:3250 bounce:0 [ 1141.420284][ T9411] free:147115 free_pcp:512 free_cma:0 [ 1141.465633][ T9411] Node 0 active_anon:136780kB inactive_anon:896kB active_file:0kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1141.497315][ T9411] Node 0 DMA free:2820kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:228kB inactive_anon:0kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1141.531478][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1141.538033][ T9411] Node 0 DMA32 free:22552kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136552kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4496kB bounce:0kB free_pcp:2052kB local_pcp:492kB free_cma:0kB [ 1141.580006][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1141.587869][ T9411] Node 0 DMA: 7*4kB (ME) 9*8kB (UM) 6*16kB (UM) 6*32kB (UM) 4*64kB (UM) 3*128kB (UME) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2820kB [ 1141.606259][ T9411] Node 0 DMA32: 1084*4kB (UME) 341*8kB (ME) 166*16kB (ME) 71*32kB (UME) 41*64kB (UME) 30*128kB (UME) 13*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 22296kB [ 1141.627339][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1141.638976][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1141.651156][ T9411] 13159 total pagecache pages [ 1141.656891][ T9411] 0 pages in swap cache [ 1141.661917][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1141.669213][ T9411] Free swap = 0kB [ 1141.673785][ T9411] Total swap = 0kB [ 1141.678781][ T9411] 524155 pages RAM [ 1141.683534][ T9411] 0 pages HighMem/MovableOnly [ 1141.688809][ T9411] 141707 pages reserved [ 1141.693817][ T9411] 0 pages cma reserved [ 1141.698521][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=11346,uid=0 [ 1141.716475][ T9411] Out of memory: Killed process 11346 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1141.738234][ T1129] oom_reaper: reaped process 11346 (syz-executor.1), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 1141.788859][T25958] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1141.860627][T25958] CPU: 2 PID: 25958 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1141.875226][T25958] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1141.884875][T25958] Call Trace: [ 1141.884875][T25958] dump_stack+0x197/0x210 [ 1141.884875][T25958] dump_header+0x10b/0x82d [ 1141.884875][T25958] ? oom_kill_process+0x94/0x420 [ 1141.884875][T25958] oom_kill_process.cold+0x10/0x15 [ 1141.884875][T25958] out_of_memory+0x334/0x13c0 [ 1141.884875][T25958] ? oom_killer_disable+0x280/0x280 [ 1141.884875][T25958] ? mutex_trylock+0x264/0x2f0 [ 1141.884875][T25958] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1141.884875][T25958] __alloc_pages_slowpath+0x222b/0x2920 [ 1141.884875][T25958] ? warn_alloc+0x110/0x110 [ 1141.884875][T25958] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1141.884875][T25958] ? should_fail+0x1de/0x852 [ 1141.884875][T25958] ? __kasan_check_read+0x11/0x20 [ 1141.884875][T25958] __alloc_pages_nodemask+0x646/0x910 [ 1141.884875][T25958] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1141.884875][T25958] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1141.884875][T25958] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1141.884875][T25958] alloc_pages_vma+0xdd/0x620 [ 1141.884875][T25958] wp_page_copy+0x226/0x1560 [ 1141.884875][T25958] ? find_held_lock+0x35/0x130 [ 1141.884875][T25958] ? follow_pfn+0x2a0/0x2a0 [ 1141.884875][T25958] ? lock_downgrade+0x920/0x920 [ 1141.884875][T25958] ? swp_swapcount+0x540/0x540 [ 1141.884875][T25958] ? do_raw_spin_unlock+0x178/0x270 [ 1141.884875][T25958] do_wp_page+0x543/0x1540 [ 1141.884875][T25958] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1141.884875][T25958] __handle_mm_fault+0x327b/0x3da0 [ 1141.884875][T25958] ? vm_iomap_memory+0x1a0/0x1a0 [ 1141.884875][T25958] ? handle_mm_fault+0x292/0xa50 [ 1141.884875][T25958] ? handle_mm_fault+0x7a0/0xa50 [ 1141.884875][T25958] ? __kasan_check_read+0x11/0x20 [ 1141.884875][T25958] handle_mm_fault+0x3b2/0xa50 [ 1141.884875][T25958] __do_page_fault+0x536/0xd80 [ 1141.884875][T25958] do_page_fault+0x38/0x590 [ 1141.884875][T25958] do_async_page_fault+0x30/0xa0 [ 1141.884875][T25958] async_page_fault+0x39/0x40 [ 1141.884875][T25958] RIP: 0010:__put_user_4+0x1c/0x30 [ 1141.884875][T25958] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1141.884875][T25958] RSP: 0018:ffffc90006e5ff30 EFLAGS: 00050293 [ 1141.884875][T25958] RAX: 0000000000002bb6 RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1141.884875][T25958] RDX: dffffc0000000000 RSI: 1ffff110001213bb RDI: ffff888000909af0 [ 1141.884875][T25958] RBP: ffffc90006e5ff48 R08: 0000000000000001 R09: ffff888000909dd0 [ 1141.884875][T25958] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1141.884875][T25958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1141.884875][T25958] ? schedule_tail+0xd8/0x130 [ 1141.884875][T25958] ret_from_fork+0x8/0x30 [ 1141.884875][T25958] RIP: 0023:0xf7f3ca39 [ 1141.884875][T25958] Code: Bad RIP value. [ 1141.884875][T25958] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1141.884875][T25958] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1141.884875][T25958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1141.884875][T25958] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1141.884875][T25958] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1141.884875][T25958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1142.339366][T25958] Mem-Info: [ 1142.349496][T25958] active_anon:40042 inactive_anon:233 isolated_anon:0 [ 1142.349496][T25958] active_file:2876 inactive_file:17602 isolated_file:0 [ 1142.349496][T25958] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1142.349496][T25958] slab_reclaimable:15565 slab_unreclaimable:60290 [ 1142.349496][T25958] mapped:39858 shmem:307 pagetables:3237 bounce:0 [ 1142.349496][T25958] free:147343 free_pcp:562 free_cma:0 [ 1142.412562][T25958] Node 0 active_anon:136780kB inactive_anon:896kB active_file:44kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1142.484918][T25958] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:228kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1142.533321][T25958] lowmem_reserve[]: 0 532 532 532 532 [ 1142.542372][T25958] Node 0 DMA32 free:25468kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136552kB inactive_anon:896kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4496kB bounce:0kB free_pcp:240kB local_pcp:120kB free_cma:0kB 03:36:29 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) [ 1142.700131][T25958] lowmem_reserve[]: 0 0 0 0 0 [ 1142.726981][T25958] Node 0 DMA: 8*4kB (UME) 10*8kB (UM) 8*16kB (UM) 6*32kB (UM) 4*64kB (UM) 3*128kB (UME) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2864kB [ 1142.775269][T25958] Node 0 DMA32: 1509*4kB (UME) 454*8kB (UME) 202*16kB (UME) 71*32kB (UME) 37*64kB (UME) 30*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 25476kB [ 1142.822162][T25958] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1142.838659][T25958] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1142.850383][T25958] 13167 total pagecache pages [ 1142.856687][T25958] 0 pages in swap cache [ 1142.862576][T25958] Swap cache stats: add 0, delete 0, find 0/0 [ 1142.874212][T25958] Free swap = 0kB [ 1142.881046][T25958] Total swap = 0kB [ 1142.890668][T25958] 524155 pages RAM [ 1142.899222][T25958] 0 pages HighMem/MovableOnly [ 1142.907147][T25958] 141707 pages reserved [ 1142.914101][T25958] 0 pages cma reserved [ 1142.919737][T25958] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=11325,uid=0 [ 1142.944482][T25958] Out of memory: Killed process 11325 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1142.973446][ T1129] oom_reaper: reaped process 11325 (syz-executor.1), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB 03:36:30 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x3, [{}]}, @func_proto, @enum={0x3000000}]}}, &(0x7f0000003580)=""/4096, 0x46, 0x1000, 0x1}, 0x20) 03:36:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x17}, 0x3c) 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) 03:36:30 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x23, 0x0, 0x0) 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) 03:36:30 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x3, [{}]}, @func_proto, @enum={0x3000000}]}}, &(0x7f0000003580)=""/4096, 0x46, 0x1000, 0x1}, 0x20) 03:36:30 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x23, 0x0, 0x0) 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) 03:36:30 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x23, 0x0, 0x0) 03:36:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x17}, 0x3c) 03:36:30 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x23, 0x0, 0x0) 03:36:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0x17}, 0x3c) 03:36:30 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f00000000c0)={0x0, 0x2}) 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) 03:36:30 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0xffffffffffffffac, 0x0}, 0x4000040) 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) [ 1143.566419][T26085] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1143.579851][T26085] CPU: 1 PID: 26085 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 03:36:30 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f00000000c0)={0x0, 0x2}) [ 1143.588951][T26085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1143.588951][T26085] Call Trace: 03:36:30 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x44, 0x0, &(0x7f0000000100)) [ 1143.588951][T26085] dump_stack+0x197/0x210 [ 1143.588951][T26085] dump_header+0x10b/0x82d [ 1143.588951][T26085] ? oom_kill_process+0x94/0x420 [ 1143.588951][T26085] oom_kill_process.cold+0x10/0x15 [ 1143.588951][T26085] out_of_memory+0x334/0x13c0 [ 1143.588951][T26085] ? oom_killer_disable+0x280/0x280 [ 1143.588951][T26085] ? mutex_trylock+0x264/0x2f0 [ 1143.588951][T26085] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1143.588951][T26085] __alloc_pages_slowpath+0x222b/0x2920 03:36:30 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f00000000c0)={0x0, 0x2}) [ 1143.588951][T26085] ? warn_alloc+0x110/0x110 [ 1143.588951][T26085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1143.588951][T26085] ? should_fail+0x1de/0x852 [ 1143.588951][T26085] ? __kasan_check_read+0x11/0x20 [ 1143.588951][T26085] __alloc_pages_nodemask+0x646/0x910 [ 1143.588951][T26085] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1143.588951][T26085] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1143.588951][T26085] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1143.588951][T26085] alloc_pages_vma+0xdd/0x620 [ 1143.588951][T26085] wp_page_copy+0x226/0x1560 [ 1143.588951][T26085] ? find_held_lock+0x35/0x130 [ 1143.588951][T26085] ? follow_pfn+0x2a0/0x2a0 [ 1143.588951][T26085] ? lock_downgrade+0x920/0x920 [ 1143.588951][T26085] ? swp_swapcount+0x540/0x540 [ 1143.588951][T26085] ? do_raw_spin_unlock+0x178/0x270 [ 1143.588951][T26085] do_wp_page+0x543/0x1540 [ 1143.588951][T26085] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1143.588951][T26085] __handle_mm_fault+0x327b/0x3da0 [ 1143.588951][T26085] ? vm_iomap_memory+0x1a0/0x1a0 [ 1143.588951][T26085] ? handle_mm_fault+0x292/0xa50 [ 1143.588951][T26085] ? handle_mm_fault+0x7a0/0xa50 [ 1143.588951][T26085] ? __kasan_check_read+0x11/0x20 [ 1143.588951][T26085] handle_mm_fault+0x3b2/0xa50 [ 1143.588951][T26085] __do_page_fault+0x536/0xd80 [ 1143.588951][T26085] do_page_fault+0x38/0x590 [ 1143.588951][T26085] do_async_page_fault+0x30/0xa0 [ 1143.588951][T26085] async_page_fault+0x39/0x40 [ 1143.588951][T26085] RIP: 0010:__put_user_4+0x1c/0x30 [ 1143.588951][T26085] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1143.588951][T26085] RSP: 0018:ffffc900063fff30 EFLAGS: 00050293 [ 1143.588951][T26085] RAX: 0000000000002c20 RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1143.588951][T26085] RDX: dffffc0000000000 RSI: 1ffff110040ad33b RDI: ffff8880205696f0 [ 1143.588951][T26085] RBP: ffffc900063fff48 R08: 0000000000000001 R09: ffff8880205699d0 [ 1143.588951][T26085] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1143.588951][T26085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1143.588951][T26085] ? schedule_tail+0xd8/0x130 [ 1143.588951][T26085] ret_from_fork+0x8/0x30 [ 1143.588951][T26085] RIP: 0023:0xf7f3ca39 [ 1143.588951][T26085] Code: Bad RIP value. [ 1143.588951][T26085] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1143.588951][T26085] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1143.588951][T26085] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1143.588951][T26085] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1143.588951][T26085] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1143.588951][T26085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1144.030181][T26085] Mem-Info: [ 1144.036039][T26085] active_anon:40072 inactive_anon:233 isolated_anon:0 [ 1144.036039][T26085] active_file:2899 inactive_file:17584 isolated_file:0 [ 1144.036039][T26085] unevictable:0 dirty:21 writeback:0 unstable:0 [ 1144.036039][T26085] slab_reclaimable:15545 slab_unreclaimable:59782 [ 1144.036039][T26085] mapped:39871 shmem:307 pagetables:3215 bounce:0 [ 1144.036039][T26085] free:147945 free_pcp:374 free_cma:0 [ 1144.088130][T26085] Node 0 active_anon:136832kB inactive_anon:896kB active_file:116kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1144.124776][T26085] Node 0 DMA free:2768kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:220kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1144.124811][T26085] lowmem_reserve[]: 0 532 532 532 532 [ 1144.124824][T26085] Node 0 DMA32 free:25304kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136612kB inactive_anon:896kB active_file:68kB inactive_file:0kB unevictable:0kB writepending:24kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9168kB pagetables:4596kB bounce:0kB free_pcp:348kB local_pcp:0kB free_cma:0kB [ 1144.124844][T26085] lowmem_reserve[]: 0 0 0 0 0 [ 1144.124857][T26085] Node 0 DMA: 6*4kB (UME) 8*8kB (UM) 6*16kB (UM) 5*32kB (UM) 4*64kB (UM) 3*128kB (UME) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2776kB [ 1144.124901][T26085] Node 0 DMA32: 1510*4kB (UME) 533*8kB (UME) 172*16kB (UME) 70*32kB (UME) 31*64kB (UME) 29*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 25088kB [ 1144.124999][T26085] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1144.125005][T26085] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1144.125009][T26085] 13166 total pagecache pages [ 1144.125031][T26085] 0 pages in swap cache [ 1144.125036][T26085] Swap cache stats: add 0, delete 0, find 0/0 [ 1144.125040][T26085] Free swap = 0kB [ 1144.125043][T26085] Total swap = 0kB [ 1144.125047][T26085] 524155 pages RAM [ 1144.125051][T26085] 0 pages HighMem/MovableOnly [ 1144.125054][T26085] 141707 pages reserved [ 1144.125057][T26085] 0 pages cma reserved [ 1144.125077][T26085] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11312,uid=0 [ 1144.125467][T26085] Out of memory: Killed process 11312 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34932kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:36:31 executing program 1: r0 = syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x8447, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f00000000c0)={0x0, 0x2}) 03:36:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) 03:36:31 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000004bc0)) 03:36:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) 03:36:31 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0xffffffffffffffac, 0x0}, 0x4000040) 03:36:31 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000004bc0)) 03:36:31 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) 03:36:31 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000004bc0)) 03:36:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) 03:36:31 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) 03:36:31 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0xffffffffffffffac, 0x0}, 0x4000040) 03:36:31 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) 03:36:31 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0) 03:36:31 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvfrom$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) 03:36:31 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff}) pwritev(r0, 0x0, 0x0, 0x0) 03:36:32 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000004bc0)) 03:36:32 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff}) pwritev(r0, 0x0, 0x0, 0x0) 03:36:32 executing program 1: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 03:36:32 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000340)={0x0, 0xffffffffffffffac, 0x0}, 0x4000040) 03:36:32 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff}) pwritev(r0, 0x0, 0x0, 0x0) 03:36:32 executing program 0: pipe(&(0x7f0000000200)={0xffffffffffffffff}) pwritev(r0, 0x0, 0x0, 0x0) 03:36:32 executing program 1: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 03:36:32 executing program 1: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 03:36:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256_mb(\x00'}, 0x58) 03:36:32 executing program 1: r0 = perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={0x0, 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 03:36:32 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x2, &(0x7f0000000300)={{{@in, @in6=@mcast2}}}, &(0x7f0000000080)=0x37b) 03:36:32 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000002c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib}}, 0x90) 03:36:32 executing program 1: syz_emit_ethernet(0x32, &(0x7f00000001c0)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, "6e37a0"}}}}}}, 0x0) 03:36:32 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x2, &(0x7f0000000300)={{{@in, @in6=@mcast2}}}, &(0x7f0000000080)=0x37b) 03:36:32 executing program 1: syz_emit_ethernet(0x32, &(0x7f00000001c0)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, "6e37a0"}}}}}}, 0x0) 03:36:32 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x2, &(0x7f0000000300)={{{@in, @in6=@mcast2}}}, &(0x7f0000000080)=0x37b) 03:36:32 executing program 1: syz_emit_ethernet(0x32, &(0x7f00000001c0)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, "6e37a0"}}}}}}, 0x0) 03:36:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256_mb(\x00'}, 0x58) 03:36:32 executing program 3: r0 = socket$inet(0x2, 0x3, 0x20000000084) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108) 03:36:32 executing program 1: syz_emit_ethernet(0x32, &(0x7f00000001c0)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, "6e37a0"}}}}}}, 0x0) [ 1145.596494][T26375] ebtables: wrong size: *len 264, entries_size 144, replsz 144 03:36:32 executing program 2: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x28, 0x2, &(0x7f0000000300)={{{@in, @in6=@mcast2}}}, &(0x7f0000000080)=0x37b) 03:36:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256_mb(\x00'}, 0x58) 03:36:32 executing program 3: r0 = socket$inet(0x2, 0x3, 0x20000000084) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108) 03:36:32 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="25bca274769e620aa734fa0095e0d0a18db43915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c67cd7dcc6760253ef0b2a20a602210318f8104a27ea570002000034951dc119dac04eab9c68842086234a45fbe2020000da", 0x63, 0x400}], 0x0, 0x0) 03:36:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x80000000004) write(r0, &(0x7f000058bfe4)="23000000140003b7ff000000040860eb0100100006a40e07fff00fd57f25ffffff0100", 0x23) 03:36:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha256_mb(\x00'}, 0x58) [ 1145.741233][T26390] ebtables: wrong size: *len 264, entries_size 144, replsz 144 03:36:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x80000000004) write(r0, &(0x7f000058bfe4)="23000000140003b7ff000000040860eb0100100006a40e07fff00fd57f25ffffff0100", 0x23) [ 1145.787343][T26391] EXT4-fs (loop2): Encoding requested by superblock is unknown 03:36:32 executing program 3: r0 = socket$inet(0x2, 0x3, 0x20000000084) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108) 03:36:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x80000000004) write(r0, &(0x7f000058bfe4)="23000000140003b7ff000000040860eb0100100006a40e07fff00fd57f25ffffff0100", 0x23) [ 1145.904433][T26404] ebtables: wrong size: *len 264, entries_size 144, replsz 144 03:36:33 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x80000000004) write(r0, &(0x7f000058bfe4)="23000000140003b7ff000000040860eb0100100006a40e07fff00fd57f25ffffff0100", 0x23) 03:36:33 executing program 3: r0 = socket$inet(0x2, 0x3, 0x20000000084) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108) [ 1145.934196][T26391] EXT4-fs (loop2): Encoding requested by superblock is unknown [ 1146.010016][T26410] ebtables: wrong size: *len 264, entries_size 144, replsz 144 03:36:33 executing program 1: io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) 03:36:33 executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000180)="800040003804000019000300e60100006c000000000000000100000002000000004000000040000080000000000000e16c5ebeda0000ffff53ef", 0x3a, 0x400}], 0x8000, 0x0) 03:36:33 executing program 3: open(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80240, 0x0) 03:36:33 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="25bca274769e620aa734fa0095e0d0a18db43915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c67cd7dcc6760253ef0b2a20a602210318f8104a27ea570002000034951dc119dac04eab9c68842086234a45fbe2020000da", 0x63, 0x400}], 0x0, 0x0) 03:36:33 executing program 1: io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) 03:36:33 executing program 3: open(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80240, 0x0) 03:36:33 executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000180)="800040003804000019000300e60100006c000000000000000100000002000000004000000040000080000000000000e16c5ebeda0000ffff53ef", 0x3a, 0x400}], 0x8000, 0x0) 03:36:33 executing program 3: open(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80240, 0x0) [ 1146.356008][T26429] EXT4-fs (loop2): Encoding requested by superblock is unknown 03:36:33 executing program 3: open(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80240, 0x0) 03:36:33 executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000180)="800040003804000019000300e60100006c000000000000000100000002000000004000000040000080000000000000e16c5ebeda0000ffff53ef", 0x3a, 0x400}], 0x8000, 0x0) 03:36:33 executing program 1: io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) 03:36:33 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="25bca274769e620aa734fa0095e0d0a18db43915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c67cd7dcc6760253ef0b2a20a602210318f8104a27ea570002000034951dc119dac04eab9c68842086234a45fbe2020000da", 0x63, 0x400}], 0x0, 0x0) 03:36:33 executing program 3: setresgid(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 1146.516144][T26441] EXT4-fs (loop2): Encoding requested by superblock is unknown 03:36:33 executing program 3: setresgid(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 03:36:33 executing program 1: io_setup(0x1ff, &(0x7f00000004c0)=0x0) io_pgetevents(r0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0) 03:36:33 executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000000)='./bus\x00', 0x0, 0x1, &(0x7f0000000280)=[{&(0x7f0000000180)="800040003804000019000300e60100006c000000000000000100000002000000004000000040000080000000000000e16c5ebeda0000ffff53ef", 0x3a, 0x400}], 0x8000, 0x0) 03:36:33 executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)="25bca274769e620aa734fa0095e0d0a18db43915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c67cd7dcc6760253ef0b2a20a602210318f8104a27ea570002000034951dc119dac04eab9c68842086234a45fbe2020000da", 0x63, 0x400}], 0x0, 0x0) 03:36:33 executing program 1: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:33 executing program 3: setresgid(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 1146.836052][T26467] EXT4-fs (loop2): Encoding requested by superblock is unknown 03:36:34 executing program 0: r0 = memfd_create(&(0x7f0000000180)='}\x00N\x06\x94\xe2\xe0\xe3\xab\xe1\x03\x1e\xc8\x8a\x17\x88\';g\xdd\x04r\x0e\x8d\xff{+\a/\xd2\x93\xa7\xcc=6\x15.f\xf4\xa2\x93\x91d&\x17\xc7\x82\x89\xe8\x95\"\xa9W\xbd\x91\x96\xd7=]\x9e\xe6\xf1I\v\x91z\xfa\xeb\xd1\x81\xc2j\x10 v\x93\xc7\xc9+\xc7\x8ds\x8f\x15\x8aR\xc3j\x80\xc3H\xf3%\'4\x11\x85a\xc6\x96\xd0gf*P\xfa\x1aET\x01\x05Y\xcaY\xc0!\xcf\xae\xb1\x9f{\xc0\x14F^\x8f\x8ej\xa17\x02\xdb\xd62\xdc\xadn\t\xa6z\xad\x9b\xbcf\x96\n\x81*\xcf0\x11\xaf\xbd\xd5\v\x1f\x10fuY\xc4\xd3\xf6V8\xc67\x85\xe8\xdfZ4Y\x9c\xdb^\xf9\xe3uv\xc9\xc6s\xde3E\x9c\fE\xd2\xce\xf5\x06\xc0\x8b\x86\xe0h\xae\xce\xb4\x16\x0f\xd4XRr\xcb0{R\"\xf6}\xb1s\xac\x7f\x80\xff{bM\x93\x90\xae\x1d1@G\"n3:5\xba\xbc[6 C\xad\x13\xb6;\xbfHZa\x81h\x91(\xb2\x13\xd6\xbe\xb2u.\xd4J\x9d\x1c\xd7\x8d+\v<]\xb0\xb6a\xe6A\x93\x1c\x98/\xdb\x11\xf7\xd9)\xe9?\xb8\xd1\xfe\x912\x8041\x82\x89\xad\x12v\x12\b%\xd1>\xb8\x99p\xd731\xae`!\xab3\nI\xfc\x03*\xc7\xd1x\xe6\xc3\xf4 d\xa4\xb0\xb2?\xf1\xd7\x81\xb7\xc2\x15\xbd\x8f\xf3\xa6;\br\f4\xfd\xce\x8b\x90\xf6\xf7\x95\xc7\x1f\xe2~\x14\xdf6+P\x10\xb5\x83,\xf6,\x82@b!\xb5N\xfd\xe0\xeek\xe3\x1a\rJjT\xa5\x1cYt2L\x02\x1a.v\xd6\x01\x7fd\xf3*~\b,}\xc3m}\xf8\xe4\xec', 0x0) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)='./file\xff\xff', &(0x7f0000000000)=ANY=[], 0x0, 0x1400) 03:36:34 executing program 3: setresgid(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 03:36:34 executing program 1: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:34 executing program 0: r0 = memfd_create(&(0x7f0000000180)='}\x00N\x06\x94\xe2\xe0\xe3\xab\xe1\x03\x1e\xc8\x8a\x17\x88\';g\xdd\x04r\x0e\x8d\xff{+\a/\xd2\x93\xa7\xcc=6\x15.f\xf4\xa2\x93\x91d&\x17\xc7\x82\x89\xe8\x95\"\xa9W\xbd\x91\x96\xd7=]\x9e\xe6\xf1I\v\x91z\xfa\xeb\xd1\x81\xc2j\x10 v\x93\xc7\xc9+\xc7\x8ds\x8f\x15\x8aR\xc3j\x80\xc3H\xf3%\'4\x11\x85a\xc6\x96\xd0gf*P\xfa\x1aET\x01\x05Y\xcaY\xc0!\xcf\xae\xb1\x9f{\xc0\x14F^\x8f\x8ej\xa17\x02\xdb\xd62\xdc\xadn\t\xa6z\xad\x9b\xbcf\x96\n\x81*\xcf0\x11\xaf\xbd\xd5\v\x1f\x10fuY\xc4\xd3\xf6V8\xc67\x85\xe8\xdfZ4Y\x9c\xdb^\xf9\xe3uv\xc9\xc6s\xde3E\x9c\fE\xd2\xce\xf5\x06\xc0\x8b\x86\xe0h\xae\xce\xb4\x16\x0f\xd4XRr\xcb0{R\"\xf6}\xb1s\xac\x7f\x80\xff{bM\x93\x90\xae\x1d1@G\"n3:5\xba\xbc[6 C\xad\x13\xb6;\xbfHZa\x81h\x91(\xb2\x13\xd6\xbe\xb2u.\xd4J\x9d\x1c\xd7\x8d+\v<]\xb0\xb6a\xe6A\x93\x1c\x98/\xdb\x11\xf7\xd9)\xe9?\xb8\xd1\xfe\x912\x8041\x82\x89\xad\x12v\x12\b%\xd1>\xb8\x99p\xd731\xae`!\xab3\nI\xfc\x03*\xc7\xd1x\xe6\xc3\xf4 d\xa4\xb0\xb2?\xf1\xd7\x81\xb7\xc2\x15\xbd\x8f\xf3\xa6;\br\f4\xfd\xce\x8b\x90\xf6\xf7\x95\xc7\x1f\xe2~\x14\xdf6+P\x10\xb5\x83,\xf6,\x82@b!\xb5N\xfd\xe0\xeek\xe3\x1a\rJjT\xa5\x1cYt2L\x02\x1a.v\xd6\x01\x7fd\xf3*~\b,}\xc3m}\xf8\xe4\xec', 0x0) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)='./file\xff\xff', &(0x7f0000000000)=ANY=[], 0x0, 0x1400) 03:36:34 executing program 1: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:34 executing program 1: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:34 executing program 0: r0 = memfd_create(&(0x7f0000000180)='}\x00N\x06\x94\xe2\xe0\xe3\xab\xe1\x03\x1e\xc8\x8a\x17\x88\';g\xdd\x04r\x0e\x8d\xff{+\a/\xd2\x93\xa7\xcc=6\x15.f\xf4\xa2\x93\x91d&\x17\xc7\x82\x89\xe8\x95\"\xa9W\xbd\x91\x96\xd7=]\x9e\xe6\xf1I\v\x91z\xfa\xeb\xd1\x81\xc2j\x10 v\x93\xc7\xc9+\xc7\x8ds\x8f\x15\x8aR\xc3j\x80\xc3H\xf3%\'4\x11\x85a\xc6\x96\xd0gf*P\xfa\x1aET\x01\x05Y\xcaY\xc0!\xcf\xae\xb1\x9f{\xc0\x14F^\x8f\x8ej\xa17\x02\xdb\xd62\xdc\xadn\t\xa6z\xad\x9b\xbcf\x96\n\x81*\xcf0\x11\xaf\xbd\xd5\v\x1f\x10fuY\xc4\xd3\xf6V8\xc67\x85\xe8\xdfZ4Y\x9c\xdb^\xf9\xe3uv\xc9\xc6s\xde3E\x9c\fE\xd2\xce\xf5\x06\xc0\x8b\x86\xe0h\xae\xce\xb4\x16\x0f\xd4XRr\xcb0{R\"\xf6}\xb1s\xac\x7f\x80\xff{bM\x93\x90\xae\x1d1@G\"n3:5\xba\xbc[6 C\xad\x13\xb6;\xbfHZa\x81h\x91(\xb2\x13\xd6\xbe\xb2u.\xd4J\x9d\x1c\xd7\x8d+\v<]\xb0\xb6a\xe6A\x93\x1c\x98/\xdb\x11\xf7\xd9)\xe9?\xb8\xd1\xfe\x912\x8041\x82\x89\xad\x12v\x12\b%\xd1>\xb8\x99p\xd731\xae`!\xab3\nI\xfc\x03*\xc7\xd1x\xe6\xc3\xf4 d\xa4\xb0\xb2?\xf1\xd7\x81\xb7\xc2\x15\xbd\x8f\xf3\xa6;\br\f4\xfd\xce\x8b\x90\xf6\xf7\x95\xc7\x1f\xe2~\x14\xdf6+P\x10\xb5\x83,\xf6,\x82@b!\xb5N\xfd\xe0\xeek\xe3\x1a\rJjT\xa5\x1cYt2L\x02\x1a.v\xd6\x01\x7fd\xf3*~\b,}\xc3m}\xf8\xe4\xec', 0x0) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)='./file\xff\xff', &(0x7f0000000000)=ANY=[], 0x0, 0x1400) 03:36:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) 03:36:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000000a06050368fe07602b00003f0e430a001400020045b300070300000319001a00120002000e00010006000300"/57, 0x39}], 0x1) 03:36:34 executing program 3: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:34 executing program 0: r0 = memfd_create(&(0x7f0000000180)='}\x00N\x06\x94\xe2\xe0\xe3\xab\xe1\x03\x1e\xc8\x8a\x17\x88\';g\xdd\x04r\x0e\x8d\xff{+\a/\xd2\x93\xa7\xcc=6\x15.f\xf4\xa2\x93\x91d&\x17\xc7\x82\x89\xe8\x95\"\xa9W\xbd\x91\x96\xd7=]\x9e\xe6\xf1I\v\x91z\xfa\xeb\xd1\x81\xc2j\x10 v\x93\xc7\xc9+\xc7\x8ds\x8f\x15\x8aR\xc3j\x80\xc3H\xf3%\'4\x11\x85a\xc6\x96\xd0gf*P\xfa\x1aET\x01\x05Y\xcaY\xc0!\xcf\xae\xb1\x9f{\xc0\x14F^\x8f\x8ej\xa17\x02\xdb\xd62\xdc\xadn\t\xa6z\xad\x9b\xbcf\x96\n\x81*\xcf0\x11\xaf\xbd\xd5\v\x1f\x10fuY\xc4\xd3\xf6V8\xc67\x85\xe8\xdfZ4Y\x9c\xdb^\xf9\xe3uv\xc9\xc6s\xde3E\x9c\fE\xd2\xce\xf5\x06\xc0\x8b\x86\xe0h\xae\xce\xb4\x16\x0f\xd4XRr\xcb0{R\"\xf6}\xb1s\xac\x7f\x80\xff{bM\x93\x90\xae\x1d1@G\"n3:5\xba\xbc[6 C\xad\x13\xb6;\xbfHZa\x81h\x91(\xb2\x13\xd6\xbe\xb2u.\xd4J\x9d\x1c\xd7\x8d+\v<]\xb0\xb6a\xe6A\x93\x1c\x98/\xdb\x11\xf7\xd9)\xe9?\xb8\xd1\xfe\x912\x8041\x82\x89\xad\x12v\x12\b%\xd1>\xb8\x99p\xd731\xae`!\xab3\nI\xfc\x03*\xc7\xd1x\xe6\xc3\xf4 d\xa4\xb0\xb2?\xf1\xd7\x81\xb7\xc2\x15\xbd\x8f\xf3\xa6;\br\f4\xfd\xce\x8b\x90\xf6\xf7\x95\xc7\x1f\xe2~\x14\xdf6+P\x10\xb5\x83,\xf6,\x82@b!\xb5N\xfd\xe0\xeek\xe3\x1a\rJjT\xa5\x1cYt2L\x02\x1a.v\xd6\x01\x7fd\xf3*~\b,}\xc3m}\xf8\xe4\xec', 0x0) mmap(&(0x7f00002e4000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) name_to_handle_at(r0, &(0x7f00002e4000)='./file\xff\xff', &(0x7f0000000000)=ANY=[], 0x0, 0x1400) [ 1147.053189][T26493] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 03:36:34 executing program 3: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) [ 1147.065642][T26493] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. 03:36:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000000a06050368fe07602b00003f0e430a001400020045b300070300000319001a00120002000e00010006000300"/57, 0x39}], 0x1) 03:36:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) 03:36:34 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) [ 1147.184389][T26508] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 03:36:34 executing program 3: keyctl$set_reqkey_keyring(0x5, 0xfffffffffffffffe) add_key$keyring(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='$.\x00', 0x0) 03:36:34 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) [ 1147.194941][T26508] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. 03:36:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) 03:36:34 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) 03:36:34 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) 03:36:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000000a06050368fe07602b00003f0e430a001400020045b300070300000319001a00120002000e00010006000300"/57, 0x39}], 0x1) 03:36:34 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r0, 0x8992, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) 03:36:34 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) 03:36:34 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) [ 1147.291641][T26522] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 1147.314982][T26522] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. 03:36:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080)="390000000a06050368fe07602b00003f0e430a001400020045b300070300000319001a00120002000e00010006000300"/57, 0x39}], 0x1) 03:36:34 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000600)='cgroup.threads\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x8) [ 1147.366166][T26528] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 1147.379774][T26528] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'. 03:36:34 executing program 1: syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000001140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:34 executing program 0: creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ecryptfs\x00\x85wj\x06>\x19\xac\xd0\xaa\x18ps\xf3\x17\xe9,\xfc', 0x0, 0x0) 03:36:34 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000000)={r3}, 0x8) [ 1147.433563][T26534] BFS-fs: bfs_fill_super(): No BFS filesystem on loop1 (magic=00000000) [ 1147.547538][T26537] Error parsing options; rc = [-22] [ 1147.701823][T26534] BFS-fs: bfs_fill_super(): No BFS filesystem on loop1 (magic=00000000) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000300)="10f097ce5b0351cc2f9518dc", 0xc) 03:36:35 executing program 0: creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ecryptfs\x00\x85wj\x06>\x19\xac\xd0\xaa\x18ps\xf3\x17\xe9,\xfc', 0x0, 0x0) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 1: syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000001140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1148.021841][T26551] BFS-fs: bfs_fill_super(): No BFS filesystem on loop1 (magic=00000000) [ 1148.047021][T26555] Error parsing options; rc = [-22] 03:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000300)="10f097ce5b0351cc2f9518dc", 0xc) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 0: creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ecryptfs\x00\x85wj\x06>\x19\xac\xd0\xaa\x18ps\xf3\x17\xe9,\xfc', 0x0, 0x0) 03:36:35 executing program 1: syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000001140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1148.152918][T26560] Error parsing options; rc = [-22] 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) [ 1148.172600][T26564] BFS-fs: bfs_fill_super(): No BFS filesystem on loop1 (magic=00000000) 03:36:35 executing program 0: creat(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='ecryptfs\x00\x85wj\x06>\x19\xac\xd0\xaa\x18ps\xf3\x17\xe9,\xfc', 0x0, 0x0) 03:36:35 executing program 1: syz_mount_image$bfs(&(0x7f00000000c0)='bfs\x00', &(0x7f0000001140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1148.289317][T26570] Error parsing options; rc = [-22] 03:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000300)="10f097ce5b0351cc2f9518dc", 0xc) [ 1148.334367][T26575] BFS-fs: bfs_fill_super(): No BFS filesystem on loop1 (magic=00000000) 03:36:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000300)="10f097ce5b0351cc2f9518dc", 0xc) 03:36:35 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:35 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x0, 0x5010, 0x0) chdir(&(0x7f0000000040)='./file0\x00') mount(&(0x7f0000001340)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000180)='./file0\x00', 0x0, 0x1001004, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 03:36:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:35 executing program 2: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:35 executing program 3: r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'sit0\x00'}}, 0x1e) connect$pppoe(r2, &(0x7f0000000180)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e) dup3(r1, r2, 0x0) 03:36:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:36 executing program 1: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000340)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="2d63707520ff92b2f197d86ad80547edb4cd282eaa6ef7ad6224d7b3ecb7b7a2436978ac3aad2814b44d3d3a4a9f842473a457206fcb95c665a50bd1a286b2445614306acda1963025e1dfa600a8713bc838b04a459a4600db8401f170d92ee34e1f04ea91df2bacb934a272caa68cb930f14608493b756c3d164ffa1f3c97a8728bf67e946ec1000000000000000035716ed0be9fb90437e907d4ee63c572a67fb888108744339e535a893509d12bb3d06a2e00"/189], 0x5) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:36:36 executing program 3: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000a1aff7)={@local}, 0x14) 03:36:36 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x0, 0x5010, 0x0) chdir(&(0x7f0000000040)='./file0\x00') mount(&(0x7f0000001340)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000180)='./file0\x00', 0x0, 0x1001004, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 03:36:36 executing program 3: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000a1aff7)={@local}, 0x14) 03:36:36 executing program 2: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x0, 0x5010, 0x0) chdir(&(0x7f0000000040)='./file0\x00') mount(&(0x7f0000001340)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000180)='./file0\x00', 0x0, 0x1001004, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 03:36:36 executing program 3: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000a1aff7)={@local}, 0x14) 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 3: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000a1aff7)={@local}, 0x14) 03:36:36 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x0, 0x5010, 0x0) chdir(&(0x7f0000000040)='./file0\x00') mount(&(0x7f0000001340)=ANY=[@ANYBLOB='./file0'], &(0x7f0000000180)='./file0\x00', 0x0, 0x1001004, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x0) 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 2: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 0: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) [ 1149.561449][ T9411] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1149.590547][ T9411] CPU: 3 PID: 9411 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1149.600282][ T9411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1149.600282][ T9411] Call Trace: 03:36:36 executing program 0: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) [ 1149.600282][ T9411] dump_stack+0x197/0x210 [ 1149.600282][ T9411] dump_header+0x10b/0x82d [ 1149.600282][ T9411] ? oom_kill_process+0x94/0x420 [ 1149.600282][ T9411] oom_kill_process.cold+0x10/0x15 [ 1149.600282][ T9411] out_of_memory+0x334/0x13c0 [ 1149.600282][ T9411] ? oom_killer_disable+0x280/0x280 [ 1149.600282][ T9411] ? mutex_trylock+0x264/0x2f0 [ 1149.600282][ T9411] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1149.600282][ T9411] __alloc_pages_slowpath+0x222b/0x2920 [ 1149.600282][ T9411] ? warn_alloc+0x110/0x110 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:36 executing program 1: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) [ 1149.600282][ T9411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1149.746139][ T9411] ? should_fail+0x1de/0x852 [ 1149.746139][ T9411] ? __kasan_check_read+0x11/0x20 [ 1149.746139][ T9411] __alloc_pages_nodemask+0x646/0x910 [ 1149.746139][ T9411] ? cpuacct_charge+0x1db/0x360 [ 1149.746139][ T9411] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1149.746139][ T9411] ? update_curr+0x3e0/0x8d0 [ 1149.746139][ T9411] ? update_curr+0x3e0/0x8d0 [ 1149.746139][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1149.746139][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1149.834780][ T9411] alloc_pages_vma+0xdd/0x620 [ 1149.834780][ T9411] wp_page_copy+0x226/0x1560 [ 1149.834780][ T9411] ? find_held_lock+0x35/0x130 [ 1149.857855][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1149.879780][ T9411] ? lock_downgrade+0x920/0x920 [ 1149.884784][ T9411] ? swp_swapcount+0x540/0x540 [ 1149.884784][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1149.914285][ T9411] do_wp_page+0x543/0x1540 [ 1149.914285][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1149.914285][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1149.964861][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1149.964861][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1149.995474][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1149.995474][ T9411] ? __kasan_check_read+0x11/0x20 [ 1150.014790][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1150.014790][ T9411] __do_page_fault+0x536/0xd80 [ 1150.014790][ T9411] do_page_fault+0x38/0x590 [ 1150.014790][ T9411] do_async_page_fault+0x30/0xa0 [ 1150.014790][ T9411] async_page_fault+0x39/0x40 [ 1150.014790][ T9411] RIP: 0023:0x808fa5d [ 1150.014790][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1150.084719][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1150.084719][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1150.115350][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 0000000000002d2e [ 1150.124737][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1150.124737][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1150.124737][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 03:36:36 executing program 0: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) [ 1150.255693][ T9411] Mem-Info: [ 1150.357110][ T9411] active_anon:42727 inactive_anon:233 isolated_anon:0 [ 1150.357110][ T9411] active_file:2861 inactive_file:17639 isolated_file:0 [ 1150.357110][ T9411] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1150.357110][ T9411] slab_reclaimable:15587 slab_unreclaimable:59805 [ 1150.357110][ T9411] mapped:39858 shmem:307 pagetables:3361 bounce:0 [ 1150.357110][ T9411] free:143797 free_pcp:325 free_cma:0 [ 1150.441648][ T9411] Node 0 active_anon:137016kB inactive_anon:896kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1150.491566][ T9411] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:320kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:200kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1150.538171][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1150.546648][ T9411] Node 0 DMA32 free:23456kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136744kB inactive_anon:896kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9232kB pagetables:4724kB bounce:0kB free_pcp:1564kB local_pcp:480kB free_cma:0kB [ 1150.588337][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1150.593745][ T9411] Node 0 DMA: 6*4kB (UME) 14*8kB (UM) 5*16kB (UM) 6*32kB (UM) 4*64kB (UM) 3*128kB (UME) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2840kB [ 1150.636799][ T9411] Node 0 DMA32: 897*4kB (UME) 493*8kB (UME) 222*16kB (UME) 90*32kB (UME) 33*64kB (UME) 29*128kB (UME) 15*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24140kB [ 1150.663701][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1150.679589][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1150.692313][ T9411] 13187 total pagecache pages [ 1150.701497][ T9411] 0 pages in swap cache [ 1150.708079][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1150.717827][ T9411] Free swap = 0kB 03:36:37 executing program 2: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) [ 1150.735308][ T9411] Total swap = 0kB [ 1150.740536][ T9411] 524155 pages RAM [ 1150.745998][ T9411] 0 pages HighMem/MovableOnly [ 1150.752089][ T9411] 141707 pages reserved [ 1150.757909][ T9411] 0 pages cma reserved [ 1150.763461][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=11291,uid=0 [ 1150.788157][ T9411] Out of memory: Killed process 11291 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:36:37 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:37 executing program 0: syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x0, 0x2) r0 = syz_open_dev$cec(0x0, 0x1, 0x2) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0xc05c6104, &(0x7f0000000300)) 03:36:38 executing program 1: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={[{@usrquota='usrquota'}]}) 03:36:38 executing program 1: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={[{@usrquota='usrquota'}]}) 03:36:38 executing program 2: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r0, &(0x7f0000000280)={0x1a, 0x0, 0x0, 0x2}, 0x10) sendmmsg(r0, &(0x7f00000001c0), 0x400000000000150, 0x0) 03:36:38 executing program 3: madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r0 = gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00002f5ff8)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x445}], 0x1, &(0x7f0000000040)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) 03:36:38 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0x9, 0x9, 0x400, 0xc, 0x0, 0x1}, 0x3a3) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f00000002c0)}, 0x1b) 03:36:38 executing program 1: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={[{@usrquota='usrquota'}]}) 03:36:38 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0x9, 0x9, 0x400, 0xc, 0x0, 0x1}, 0x3a3) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f00000002c0)}, 0x1b) 03:36:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180), 0x2) 03:36:38 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0x9, 0x9, 0x400, 0xc, 0x0, 0x1}, 0x3a3) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f00000002c0)}, 0x1b) 03:36:38 executing program 1: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)={[{@usrquota='usrquota'}]}) 03:36:38 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001b00)={0x9, 0x9, 0x400, 0xc, 0x0, 0x1}, 0x3a3) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f0000000000), &(0x7f00000002c0)}, 0x1b) 03:36:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180), 0x2) 03:36:38 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x50, 0x0, 0x0, 0xffff00000}, {0x80000006}]}, 0x10) 03:36:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x54}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:36:38 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@session={'session'}}]}) 03:36:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x54}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:36:38 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x50, 0x0, 0x0, 0xffff00000}, {0x80000006}]}, 0x10) 03:36:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180), 0x2) [ 1151.703053][T27130] hfsplus: invalid session number or type of track [ 1151.712855][T27130] hfsplus: unable to find HFS+ superblock 03:36:38 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000180), 0x2) 03:36:38 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x54}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1151.796338][T27130] hfsplus: invalid session number or type of track 03:36:38 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)={0x18, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000, 0x1000000}, [@nested={0x4, 0x18}]}, 0x18}, 0x1, 0xffffff7f0e000000}, 0x0) 03:36:38 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x50, 0x0, 0x0, 0xffff00000}, {0x80000006}]}, 0x10) [ 1151.834879][T27130] hfsplus: unable to find HFS+ superblock 03:36:39 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x54}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:36:39 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x50, 0x0, 0x0, 0xffff00000}, {0x80000006}]}, 0x10) 03:36:39 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@session={'session'}}]}) 03:36:39 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)={0x18, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000, 0x1000000}, [@nested={0x4, 0x18}]}, 0x18}, 0x1, 0xffffff7f0e000000}, 0x0) 03:36:39 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000), 0x10) 03:36:39 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000), 0x10) 03:36:39 executing program 0: r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) [ 1152.121807][T27156] hfsplus: invalid session number or type of track [ 1152.134546][T27156] hfsplus: unable to find HFS+ superblock 03:36:39 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)={0x18, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000, 0x1000000}, [@nested={0x4, 0x18}]}, 0x18}, 0x1, 0xffffff7f0e000000}, 0x0) 03:36:39 executing program 0: r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) 03:36:39 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000), 0x10) 03:36:39 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@session={'session'}}]}) 03:36:39 executing program 0: r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) 03:36:39 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0xca, &(0x7f0000000000), 0x10) [ 1152.317747][T27178] hfsplus: invalid session number or type of track 03:36:39 executing program 0: r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) [ 1152.330418][T27178] hfsplus: unable to find HFS+ superblock 03:36:39 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), &(0x7f0000000300)}, 0x20) 03:36:39 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000cc0)={0x18, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000, 0x1000000}, [@nested={0x4, 0x18}]}, 0x18}, 0x1, 0xffffff7f0e000000}, 0x0) 03:36:39 executing program 1: r0 = socket$kcm(0x2, 0x1000000000000805, 0x84) sendmsg(r0, &(0x7f0000000240)={&(0x7f00000002c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000200)='c', 0x1}], 0x1}, 0x0) close(r0) 03:36:39 executing program 3: syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={[{@session={'session'}}]}) 03:36:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0x14, 0x2, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @broadcast}, @tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x3}]]}}}]}, 0x44}}, 0x0) [ 1152.508979][T27249] hfsplus: invalid session number or type of track [ 1152.520053][T27249] hfsplus: unable to find HFS+ superblock [ 1152.526025][T27279] netlink: 'syz-executor.1': attribute type 15 has an invalid length. 03:36:39 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), &(0x7f0000000300)}, 0x20) 03:36:39 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0x14, 0x2, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @broadcast}, @tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x3}]]}}}]}, 0x44}}, 0x0) [ 1152.614771][T27302] netlink: 'syz-executor.1': attribute type 15 has an invalid length. 03:36:39 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r1, 0x0, 0x0) 03:36:39 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), &(0x7f0000000300)}, 0x20) 03:36:39 executing program 3: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 03:36:39 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x7, 0x5, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r0, &(0x7f0000000000), &(0x7f0000000080)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f0000000180), &(0x7f0000000300)}, 0x20) [ 1152.685845][T27308] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. 03:36:39 executing program 0: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000200)=']', &(0x7f0000001380)="81"}, 0x40) 03:36:39 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) r1 = socket$inet6(0xa, 0x803, 0x20) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={@remote, 0x1, r2}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) [ 1152.827298][T27308] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. 03:36:39 executing program 0: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000200)=']', &(0x7f0000001380)="81"}, 0x40) 03:36:40 executing program 0: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000200)=']', &(0x7f0000001380)="81"}, 0x40) 03:36:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0x14, 0x2, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @broadcast}, @tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x3}]]}}}]}, 0x44}}, 0x0) 03:36:40 executing program 0: bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000000200)=']', &(0x7f0000001380)="81"}, 0x40) [ 1153.017333][T27515] netlink: 'syz-executor.1': attribute type 15 has an invalid length. 03:36:40 executing program 3: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 03:36:40 executing program 0: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 1153.053942][T27592] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1153.054004][T27594] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. 03:36:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r1, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 03:36:40 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0x14, 0x2, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @broadcast}, @tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x3}]]}}}]}, 0x44}}, 0x0) 03:36:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r1, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) [ 1153.310888][T27592] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1153.334289][T27594] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. 03:36:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r1, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 03:36:40 executing program 3: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 1153.348332][T27932] netlink: 'syz-executor.1': attribute type 15 has an invalid length. 03:36:40 executing program 0: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 1153.377668][T27934] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. 03:36:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(0x0, r1, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) [ 1153.392792][T27938] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1153.519596][T27939] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1153.537296][T27939] CPU: 1 PID: 27939 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1153.537440][T27934] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1153.544699][T27939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1153.544699][T27939] Call Trace: 03:36:40 executing program 3: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 1153.544699][T27939] dump_stack+0x197/0x210 [ 1153.544699][T27939] dump_header+0x10b/0x82d [ 1153.544699][T27939] ? oom_kill_process+0x94/0x420 [ 1153.544699][T27939] oom_kill_process.cold+0x10/0x15 03:36:40 executing program 0: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000240)) semctl$IPC_RMID(0x0, 0x0, 0x10) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000140)=""/135) semctl$GETNCNT(0x0, 0x0, 0xe, &(0x7f00000004c0)=""/190) r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="4c0000001200ff09fffefd956fa283b7270fd917df226c24a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f", 0x4c}], 0x1}, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(r0, &(0x7f0000001380), 0x4000056, 0x0, &(0x7f0000000200)={0x77359400}) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x1, &(0x7f0000001640)=ANY=[@ANYRESDEC], 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) [ 1153.544699][T27939] out_of_memory+0x334/0x13c0 [ 1153.544699][T27939] ? oom_killer_disable+0x280/0x280 [ 1153.544699][T27939] ? mutex_trylock+0x264/0x2f0 [ 1153.544699][T27939] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1153.544699][T27939] __alloc_pages_slowpath+0x222b/0x2920 [ 1153.544699][T27939] ? warn_alloc+0x110/0x110 [ 1153.544699][T27939] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 03:36:40 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x4000000000000078, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 1153.544699][T27939] ? should_fail+0x1de/0x852 [ 1153.544699][T27939] ? __kasan_check_read+0x11/0x20 [ 1153.544699][T27939] __alloc_pages_nodemask+0x646/0x910 [ 1153.544699][T27939] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1153.544699][T27939] ? alloc_set_pte+0xc12/0x1800 03:36:40 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x4000000000000078, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 1153.544699][T27939] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1153.544699][T27939] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:36:40 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='[::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 1153.544699][T27939] alloc_pages_vma+0xdd/0x620 03:36:40 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x4000000000000078, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 1153.562794][T27938] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1153.557767][T27939] wp_page_copy+0x226/0x1560 [ 1153.557767][T27939] ? find_held_lock+0x35/0x130 [ 1153.557767][T27939] ? follow_pfn+0x2a0/0x2a0 [ 1153.557767][T27939] ? lock_downgrade+0x920/0x920 [ 1153.557767][T27939] ? swp_swapcount+0x540/0x540 [ 1153.557767][T27939] ? do_raw_spin_unlock+0x178/0x270 03:36:40 executing program 1: syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x4000000000000078, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 1153.557767][T27939] do_wp_page+0x543/0x1540 [ 1153.557767][T27939] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1153.557767][T27939] __handle_mm_fault+0x327b/0x3da0 [ 1153.557767][T27939] ? vm_iomap_memory+0x1a0/0x1a0 [ 1153.784861][T27939] ? handle_mm_fault+0x292/0xa50 [ 1153.784861][T27939] ? handle_mm_fault+0x7a0/0xa50 [ 1153.784861][T27939] ? __kasan_check_read+0x11/0x20 [ 1153.784861][T27939] handle_mm_fault+0x3b2/0xa50 [ 1153.784861][T27939] __do_page_fault+0x536/0xd80 [ 1153.784861][T27939] do_page_fault+0x38/0x590 [ 1153.784861][T27939] do_async_page_fault+0x30/0xa0 [ 1153.784861][T27939] async_page_fault+0x39/0x40 [ 1153.784861][T27939] RIP: 0023:0x8063b27 [ 1153.784861][T27939] Code: 83 c4 10 83 f8 ff 0f 85 0c fa ff ff e9 2c e6 ff ff 66 90 55 89 e5 57 56 53 81 ec ac 04 00 00 b8 e8 ff ff ff 8b 5d 08 65 8b 00 <89> 85 ac fb ff ff 8b 43 68 85 c0 0f 85 f8 00 00 00 c7 43 68 ff ff [ 1153.784861][T27939] RSP: 002b:00000000ffcb4d20 EFLAGS: 00010282 [ 1153.784861][T27939] RAX: 0000000000000006 RBX: 00000000ffcb51f0 RCX: 0000000000000000 [ 1153.784861][T27939] RDX: 00000000fbad8001 RSI: 00000000000003ff RDI: 00000000ffcb51f0 [ 1153.784861][T27939] RBP: 00000000ffcb51d8 R08: 0000000000000000 R09: 0000000000000000 [ 1153.784861][T27939] R10: 0000000000000000 R11: 0000000000000282 R12: 0000000000000000 [ 1153.784861][T27939] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1153.965743][T27939] Mem-Info: [ 1153.971353][T27939] active_anon:42729 inactive_anon:233 isolated_anon:0 [ 1153.971353][T27939] active_file:2868 inactive_file:17660 isolated_file:0 [ 1153.971353][T27939] unevictable:0 dirty:0 writeback:14 unstable:0 [ 1153.971353][T27939] slab_reclaimable:15653 slab_unreclaimable:61761 [ 1153.971353][T27939] mapped:39858 shmem:307 pagetables:3330 bounce:0 [ 1153.971353][T27939] free:143922 free_pcp:368 free_cma:0 [ 1154.025589][T27939] Node 0 active_anon:136972kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1154.039698][T31713] libceph: mon0 (1)[::]:6789 socket error on write [ 1154.060916][T27939] Node 0 DMA free:2788kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:224kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1154.073177][T31713] libceph: mon0 (1)[::]:6789 socket error on write [ 1154.122871][T27939] lowmem_reserve[]: 0 532 532 532 532 [ 1154.153856][T27939] Node 0 DMA32 free:24980kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136748kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9204kB pagetables:4776kB bounce:0kB free_pcp:1640kB local_pcp:604kB free_cma:0kB [ 1154.211666][T27939] lowmem_reserve[]: 0 0 0 0 0 [ 1154.228678][T27939] Node 0 DMA: 19*4kB (UME) 10*8kB (UME) 8*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2812kB [ 1154.259376][T27939] Node 0 DMA32: 1093*4kB (UME) 997*8kB (UME) 201*16kB (UME) 78*32kB (UME) 30*64kB (ME) 13*128kB (UME) 11*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24972kB [ 1154.299885][T27939] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1154.325849][T27939] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1154.339152][T27939] 13218 total pagecache pages [ 1154.344022][T27939] 0 pages in swap cache [ 1154.349097][T27939] Swap cache stats: add 0, delete 0, find 0/0 [ 1154.356610][T27939] Free swap = 0kB [ 1154.360939][T27939] Total swap = 0kB [ 1154.365119][T27939] 524155 pages RAM [ 1154.369197][T27939] 0 pages HighMem/MovableOnly [ 1154.374365][T27939] 141707 pages reserved [ 1154.379834][T27939] 0 pages cma reserved [ 1154.390993][T27939] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=14817,uid=0 [ 1154.429555][T27939] Out of memory: Killed process 14817 (syz-executor.1) total-vm:72348kB, anon-rss:144kB, file-rss:34920kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:36:41 executing program 1: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:41 executing program 0: r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0) ftruncate(r0, 0x8) r1 = open(&(0x7f0000000200)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00') sendfile(r1, r2, &(0x7f0000000000), 0x8) 03:36:41 executing program 2: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:36:41 executing program 2: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:36:41 executing program 1: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:42 executing program 1: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:42 executing program 2: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:36:42 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d8000000180081fde00f80ecdb4ab9040a1d65ef0b007c0be87c55a1bc000900b800069905000000400005000a00812fa8000b000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:36:42 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='[::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:36:42 executing program 2: epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:36:42 executing program 1: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:36:42 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d8000000180081fde00f80ecdb4ab9040a1d65ef0b007c0be87c55a1bc000900b800069905000000400005000a00812fa8000b000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:36:42 executing program 1: clock_gettime(0x4f64352feeaa6dbb, 0x0) 03:36:42 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 03:36:42 executing program 1: clock_gettime(0x4f64352feeaa6dbb, 0x0) 03:36:42 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d8000000180081fde00f80ecdb4ab9040a1d65ef0b007c0be87c55a1bc000900b800069905000000400005000a00812fa8000b000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) [ 1155.175575][T31713] libceph: mon0 (1)[::]:6789 socket error on write 03:36:43 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 03:36:43 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='[::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:36:43 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d8000000180081fde00f80ecdb4ab9040a1d65ef0b007c0be87c55a1bc000900b800069905000000400005000a00812fa8000b000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:36:43 executing program 1: clock_gettime(0x4f64352feeaa6dbb, 0x0) 03:36:43 executing program 1: clock_gettime(0x4f64352feeaa6dbb, 0x0) 03:36:43 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 03:36:43 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000100)="2400000058001f00ff07f4f9002304000a04f51107000100020100020800028001000000", 0x24) 03:36:43 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xc, 0x0, 0x0) [ 1156.036214][T28609] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 03:36:43 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000100)="2400000058001f00ff07f4f9002304000a04f51107000100020100020800028001000000", 0x24) [ 1156.115385][T28613] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 1156.152237][T28602] syz-executor.3 invoked oom-killer: gfp_mask=0x140cc0(GFP_USER|__GFP_COMP), order=1, oom_score_adj=0 [ 1156.218809][T28602] CPU: 0 PID: 28602 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1156.236730][T28602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1156.236730][T28602] Call Trace: [ 1156.236730][T28602] dump_stack+0x197/0x210 [ 1156.236730][T28602] dump_header+0x10b/0x82d [ 1156.236730][T28602] oom_kill_process.cold+0x10/0x15 [ 1156.236730][T28602] out_of_memory+0x334/0x13c0 [ 1156.236730][T28602] ? oom_killer_disable+0x280/0x280 [ 1156.236730][T28602] ? mutex_trylock+0x264/0x2f0 [ 1156.236730][T28602] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1156.236730][T28602] __alloc_pages_slowpath+0x222b/0x2920 [ 1156.236730][T28602] ? warn_alloc+0x110/0x110 [ 1156.236730][T28602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1156.236730][T28602] ? should_fail+0x1de/0x852 [ 1156.236730][T28602] ? __kasan_check_read+0x11/0x20 [ 1156.236730][T28602] __alloc_pages_nodemask+0x646/0x910 [ 1156.236730][T28602] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1156.236730][T28602] ? cache_grow_begin+0x36d/0xc60 [ 1156.236730][T28602] ? lockdep_hardirqs_on+0x421/0x5e0 [ 1156.236730][T28602] ? trace_hardirqs_on+0x67/0x240 [ 1156.236730][T28602] cache_grow_begin+0x90/0xc60 [ 1156.236730][T28602] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1156.236730][T28602] ? mempolicy_slab_node+0x139/0x390 [ 1156.236730][T28602] fallback_alloc+0x1f8/0x2d0 [ 1156.236730][T28602] ____cache_alloc_node+0x1bc/0x1d0 [ 1156.236730][T28602] ? trace_hardirqs_off+0x62/0x240 [ 1156.236730][T28602] kmem_cache_alloc_trace+0x21c/0x790 [ 1156.236730][T28602] ? ceph_free_fc+0xd0/0xd0 [ 1156.236730][T28602] alloc_super+0x55/0x910 [ 1156.236730][T28602] ? ceph_free_fc+0xd0/0xd0 [ 1156.236730][T28602] sget_fc+0x14e/0x810 [ 1156.236730][T28602] ? ceph_put_super+0x70/0x70 [ 1156.236730][T28602] ? ceph_free_fc+0xd0/0xd0 [ 1156.236730][T28602] ceph_get_tree+0x5f5/0x14f0 [ 1156.236730][T28602] vfs_get_tree+0x8e/0x300 [ 1156.236730][T28602] do_mount+0x135a/0x1b50 [ 1156.236730][T28602] ? copy_mount_string+0x40/0x40 [ 1156.236730][T28602] ? _copy_from_user+0x12c/0x1a0 [ 1156.236730][T28602] ? memdup_user+0x80/0xd0 [ 1156.236730][T28602] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1156.236730][T28602] ? copy_mount_options+0x2e8/0x3f0 [ 1156.236730][T28602] __ia32_compat_sys_mount+0x664/0x790 [ 1156.236730][T28602] ? trace_hardirqs_on+0x67/0x240 [ 1156.236730][T28602] do_fast_syscall_32+0x27b/0xe16 [ 1156.236730][T28602] entry_SYSENTER_compat+0x70/0x7f [ 1156.236730][T28602] RIP: 0023:0xf7f3ca39 [ 1156.236730][T28602] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1156.236730][T28602] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 1156.236730][T28602] RAX: ffffffffffffffda RBX: 00000000200002c0 RCX: 00000000200000c0 [ 1156.236730][T28602] RDX: 0000000020000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 1156.236730][T28602] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1156.236730][T28602] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1156.236730][T28602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1156.744986][T28602] Mem-Info: [ 1156.749732][T28602] active_anon:42698 inactive_anon:233 isolated_anon:0 [ 1156.749732][T28602] active_file:2874 inactive_file:17664 isolated_file:0 [ 1156.749732][T28602] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1156.749732][T28602] slab_reclaimable:15673 slab_unreclaimable:62206 [ 1156.749732][T28602] mapped:39871 shmem:307 pagetables:3286 bounce:0 [ 1156.749732][T28602] free:143055 free_pcp:487 free_cma:0 [ 1156.802050][T28602] Node 0 active_anon:137048kB inactive_anon:896kB active_file:0kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1156.841872][T28602] Node 0 DMA free:2848kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:224kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1156.890139][T28602] lowmem_reserve[]: 0 532 532 532 532 [ 1156.905389][T28602] Node 0 DMA32 free:23836kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136824kB inactive_anon:896kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9172kB pagetables:4788kB bounce:0kB free_pcp:1980kB local_pcp:488kB free_cma:0kB [ 1156.965274][T28602] lowmem_reserve[]: 0 0 0 0 0 [ 1156.975092][T28602] Node 0 DMA: 18*4kB (UME) 10*8kB (UME) 10*16kB (UME) 6*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2872kB [ 1157.002983][T28602] Node 0 DMA32: 981*4kB (UME) 946*8kB (UM) 272*16kB (UME) 72*32kB (UME) 29*64kB (ME) 13*128kB (ME) 6*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23716kB [ 1157.040631][T28602] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1157.054471][T28602] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1157.071044][T28602] 13222 total pagecache pages [ 1157.077538][T28602] 0 pages in swap cache [ 1157.083286][T28602] Swap cache stats: add 0, delete 0, find 0/0 [ 1157.096286][T28602] Free swap = 0kB [ 1157.102306][T28602] Total swap = 0kB [ 1157.108240][T28602] 524155 pages RAM [ 1157.113596][T28602] 0 pages HighMem/MovableOnly [ 1157.120913][T28602] 141707 pages reserved [ 1157.127403][T28602] 0 pages cma reserved [ 1157.132617][T28602] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=14799,uid=0 [ 1157.153480][T28602] Out of memory: Killed process 14799 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34924kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1157.181673][ T1129] oom_reaper: reaped process 14799 (syz-executor.1), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 1157.213748][ T9418] libceph: mon0 (1)[::]:6789 socket error on write 03:36:44 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(&(0x7f00000002c0)=ANY=[@ANYBLOB='[::]:'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:36:44 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000100)="2400000058001f00ff07f4f9002304000a04f51107000100020100020800028001000000", 0x24) 03:36:44 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xc, 0x0, 0x0) 03:36:44 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, 0x0, 0x2}, [@ldst={0x3, 0x0, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) [ 1157.336596][T28618] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 03:36:44 executing program 0: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000100)="2400000058001f00ff07f4f9002304000a04f51107000100020100020800028001000000", 0x24) 03:36:44 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xc, 0x0, 0x0) [ 1157.408725][T28627] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 03:36:44 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0x0, 0x29b, 0x0, @buffer={0x0, 0xffffffffffffff87, 0x0}, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0}) [ 1157.429360][T31713] libceph: mon0 (1)[::]:6789 socket error on write 03:36:44 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x3a, 0x20, 0x0, 0x0) 03:36:45 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x3a, 0x20, 0x0, 0x0) 03:36:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_getlink={0x28, 0x12, 0x5, 0x0, 0x0, {}, [@IFLA_IF_NETNSID={0x8, 0x2e, 0x81000000}]}, 0x28}}, 0x0) 03:36:45 executing program 1: r0 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r0, 0x107, 0xc, 0x0, 0x0) 03:36:45 executing program 3: futex(&(0x7f0000000280)=0x2, 0x8c, 0x1, 0x0, &(0x7f0000000300), 0x2) 03:36:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_getlink={0x28, 0x12, 0x5, 0x0, 0x0, {}, [@IFLA_IF_NETNSID={0x8, 0x2e, 0x81000000}]}, 0x28}}, 0x0) 03:36:45 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x3a, 0x20, 0x0, 0x0) 03:36:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_getlink={0x28, 0x12, 0x5, 0x0, 0x0, {}, [@IFLA_IF_NETNSID={0x8, 0x2e, 0x81000000}]}, 0x28}}, 0x0) 03:36:45 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:45 executing program 3: futex(&(0x7f0000000280)=0x2, 0x8c, 0x1, 0x0, &(0x7f0000000300), 0x2) 03:36:45 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x3a, 0x20, 0x0, 0x0) 03:36:45 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@bridge_getlink={0x28, 0x12, 0x5, 0x0, 0x0, {}, [@IFLA_IF_NETNSID={0x8, 0x2e, 0x81000000}]}, 0x28}}, 0x0) [ 1158.382146][ T39] kauditd_printk_skb: 13 callbacks suppressed 03:36:45 executing program 3: futex(&(0x7f0000000280)=0x2, 0x8c, 0x1, 0x0, &(0x7f0000000300), 0x2) 03:36:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x9, 0x0, &(0x7f0000000040)) [ 1158.382597][ T39] audit: type=1800 audit(2000000205.517:355): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16818 res=0 03:36:45 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x71, &(0x7f0000000240)={r2}, 0x8) 03:36:45 executing program 3: futex(&(0x7f0000000280)=0x2, 0x8c, 0x1, 0x0, &(0x7f0000000300), 0x2) [ 1158.443612][ T39] audit: type=1804 audit(2000000205.526:356): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file0" dev="sda1" ino=16818 res=1 [ 1158.494813][ T39] audit: type=1804 audit(2000000205.586:357): pid=28657 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="file0" dev="sda1" ino=16818 res=1 [ 1159.195972][ T39] audit: type=1804 audit(2000000206.340:358): pid=28764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file0" dev="sda1" ino=16818 res=1 [ 1159.233259][ T39] audit: type=1804 audit(2000000206.340:359): pid=28765 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="file0" dev="sda1" ino=16818 res=1 03:36:46 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x71, &(0x7f0000000240)={r2}, 0x8) 03:36:46 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCCONS(r1, 0x541d) dup3(r1, r0, 0x0) 03:36:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x9, 0x0, &(0x7f0000000040)) 03:36:46 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:46 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x71, &(0x7f0000000240)={r2}, 0x8) 03:36:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x9, 0x0, &(0x7f0000000040)) 03:36:46 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x71, &(0x7f0000000240)={r2}, 0x8) [ 1159.392095][ T39] audit: type=1800 audit(2000000206.528:360): pid=28891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16595 res=0 03:36:46 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:46 executing program 3: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) [ 1159.450476][ T39] audit: type=1804 audit(2000000206.548:361): pid=28891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="file0" dev="sda1" ino=16595 res=1 [ 1159.529622][ T39] audit: type=1804 audit(2000000206.637:362): pid=28980 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="file0" dev="sda1" ino=16595 res=1 03:36:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x9, 0x0, &(0x7f0000000040)) [ 1159.601860][ T39] audit: type=1800 audit(2000000206.667:363): pid=28995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16689 res=0 [ 1159.639002][ T39] audit: type=1804 audit(2000000206.697:364): pid=28995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="file0" dev="sda1" ino=16689 res=1 03:36:46 executing program 0: r0 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000580)={'bridge0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) write(r0, &(0x7f0000000040)="bd38832aa0da3ed709249f2c86dd", 0xe) 03:36:47 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:47 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:47 executing program 3: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:47 executing program 0: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:47 executing program 0: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:47 executing program 3: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:47 executing program 0: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:47 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x14, 0x0, 0x0) [ 1160.569629][T29292] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1160.595204][T29292] CPU: 0 PID: 29292 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1160.604703][T29292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1160.613855][T29292] Call Trace: [ 1160.613855][T29292] dump_stack+0x197/0x210 [ 1160.613855][T29292] dump_header+0x10b/0x82d [ 1160.613855][T29292] oom_kill_process.cold+0x10/0x15 [ 1160.613855][T29292] out_of_memory+0x334/0x13c0 [ 1160.613855][T29292] ? oom_killer_disable+0x280/0x280 [ 1160.613855][T29292] ? mutex_trylock+0x264/0x2f0 [ 1160.613855][T29292] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1160.613855][T29292] __alloc_pages_slowpath+0x222b/0x2920 [ 1160.613855][T29292] ? warn_alloc+0x110/0x110 [ 1160.613855][T29292] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1160.613855][T29292] ? should_fail+0x1de/0x852 [ 1160.613855][T29292] ? __kasan_check_read+0x11/0x20 [ 1160.613855][T29292] __alloc_pages_nodemask+0x646/0x910 [ 1160.613855][T29292] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1160.613855][T29292] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1160.613855][T29292] alloc_pages_current+0x107/0x210 [ 1160.613855][T29292] __page_cache_alloc+0x29d/0x490 [ 1160.613855][T29292] generic_file_read_iter+0x186e/0x2cf0 [ 1160.613855][T29292] ? rcu_read_lock_held+0x9c/0xb0 [ 1160.613855][T29292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1160.613855][T29292] ? aa_file_perm+0x825/0x15f0 [ 1160.613855][T29292] ? filemap_write_and_wait_range+0x1d0/0x1d0 [ 1160.613855][T29292] ? kfree+0x226/0x2c0 [ 1160.613855][T29292] ? iter_file_splice_write+0x623/0xc10 [ 1160.613855][T29292] ? kfree+0x226/0x2c0 [ 1160.613855][T29292] ? lockdep_hardirqs_on+0x421/0x5e0 [ 1160.613855][T29292] ? trace_hardirqs_on+0x67/0x240 [ 1160.613855][T29292] ? iter_file_splice_write+0x623/0xc10 [ 1160.875329][T29292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1160.875329][T29292] ? pipe_unlock+0x4e/0x80 [ 1160.875329][T29292] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1160.875329][T29292] ? iter_file_splice_write+0x661/0xc10 [ 1160.875329][T29292] ext4_file_read_iter+0x1db/0x640 [ 1160.875329][T29292] generic_file_splice_read+0x4af/0x800 [ 1160.875329][T29292] ? add_to_pipe+0x3b0/0x3b0 [ 1160.875329][T29292] ? rw_verify_area+0x126/0x360 [ 1160.875329][T29292] ? add_to_pipe+0x3b0/0x3b0 [ 1160.875329][T29292] do_splice_to+0x127/0x180 [ 1160.875329][T29292] splice_direct_to_actor+0x320/0xa30 [ 1160.875329][T29292] ? generic_pipe_buf_nosteal+0x10/0x10 [ 1160.875329][T29292] ? do_splice_to+0x180/0x180 [ 1160.875329][T29292] ? rw_verify_area+0x126/0x360 [ 1160.875329][T29292] do_splice_direct+0x1da/0x2a0 [ 1160.875329][T29292] ? splice_direct_to_actor+0xa30/0xa30 [ 1160.875329][T29292] ? rcu_read_lock_any_held+0xcd/0xf0 [ 1160.875329][T29292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1160.875329][T29292] ? __this_cpu_preempt_check+0x35/0x190 [ 1160.875329][T29292] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1160.875329][T29292] ? __sb_start_write+0x1e5/0x460 [ 1160.875329][T29292] do_sendfile+0x597/0xd00 [ 1160.875329][T29292] ? do_compat_pwritev64+0x1c0/0x1c0 [ 1160.875329][T29292] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1160.875329][T29292] ? put_old_timespec32+0x113/0x200 03:36:48 executing program 1: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:48 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x14, 0x0, 0x0) [ 1160.875329][T29292] __ia32_compat_sys_sendfile+0x1f1/0x230 [ 1160.875329][T29292] ? __ia32_sys_sendfile64+0x220/0x220 [ 1160.875329][T29292] ? do_fast_syscall_32+0xd1/0xe16 [ 1160.875329][T29292] ? lockdep_hardirqs_on+0x421/0x5e0 [ 1160.875329][T29292] ? trace_hardirqs_on+0x67/0x240 [ 1160.875329][T29292] do_fast_syscall_32+0x27b/0xe16 [ 1160.875329][T29292] entry_SYSENTER_compat+0x70/0x7f [ 1160.875329][T29292] RIP: 0023:0xf7f59a39 [ 1160.875329][T29292] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1160.875329][T29292] RSP: 002b:00000000f5d550cc EFLAGS: 00000296 ORIG_RAX: 00000000000000bb [ 1161.194930][T29292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000004 [ 1161.194930][T29292] RDX: 0000000000000000 RSI: 000000007fffffff RDI: 0000000000000000 [ 1161.194930][T29292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1161.194930][T29292] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1161.194930][T29292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1161.272710][T29292] Mem-Info: [ 1161.277858][T29292] active_anon:42698 inactive_anon:233 isolated_anon:0 [ 1161.277858][T29292] active_file:2852 inactive_file:17700 isolated_file:0 [ 1161.277858][T29292] unevictable:0 dirty:31 writeback:0 unstable:0 [ 1161.277858][T29292] slab_reclaimable:15624 slab_unreclaimable:60716 [ 1161.277858][T29292] mapped:39887 shmem:307 pagetables:3299 bounce:0 [ 1161.277858][T29292] free:144753 free_pcp:192 free_cma:0 [ 1161.363829][T29292] Node 0 active_anon:137132kB inactive_anon:896kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1161.404290][T29292] Node 0 DMA free:2824kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:276kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1161.448404][T29292] lowmem_reserve[]: 0 532 532 532 532 [ 1161.456769][T29292] Node 0 DMA32 free:24064kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136864kB inactive_anon:896kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9232kB pagetables:4784kB bounce:0kB free_pcp:272kB local_pcp:16kB free_cma:0kB [ 1161.513503][T29292] lowmem_reserve[]: 0 0 0 0 0 [ 1161.523272][T29292] Node 0 DMA: 3*4kB (UME) 20*8kB (UME) 6*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2796kB [ 1161.552013][T29292] Node 0 DMA32: 1152*4kB (UME) 466*8kB (UME) 302*16kB (UME) 142*32kB (UME) 42*64kB (UME) 20*128kB (UME) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23728kB [ 1161.601543][T29292] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1161.622598][T29292] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1161.637570][T29292] 13255 total pagecache pages [ 1161.643432][T29292] 0 pages in swap cache [ 1161.648759][T29292] Swap cache stats: add 0, delete 0, find 0/0 [ 1161.657909][T29292] Free swap = 0kB [ 1161.664470][T29292] Total swap = 0kB [ 1161.670781][T29292] 524155 pages RAM [ 1161.677013][T29292] 0 pages HighMem/MovableOnly [ 1161.684773][T29292] 141707 pages reserved [ 1161.691516][T29292] 0 pages cma reserved [ 1161.697001][T29292] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11315,uid=0 [ 1161.718646][T29292] Out of memory: Killed process 11315 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1161.819853][T29352] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1161.842001][T29352] CPU: 2 PID: 29352 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1161.851647][T29352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1161.851647][T29352] Call Trace: [ 1161.851647][T29352] dump_stack+0x197/0x210 [ 1161.851647][T29352] dump_header+0x10b/0x82d [ 1161.851647][T29352] ? oom_kill_process+0x94/0x420 [ 1161.851647][T29352] oom_kill_process.cold+0x10/0x15 [ 1161.851647][T29352] out_of_memory+0x334/0x13c0 [ 1161.851647][T29352] ? oom_killer_disable+0x280/0x280 [ 1161.851647][T29352] ? mutex_trylock+0x264/0x2f0 [ 1161.851647][T29352] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1161.851647][T29352] __alloc_pages_slowpath+0x222b/0x2920 [ 1161.851647][T29352] ? warn_alloc+0x110/0x110 [ 1161.851647][T29352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1161.851647][T29352] ? should_fail+0x1de/0x852 [ 1161.851647][T29352] ? __kasan_check_read+0x11/0x20 [ 1161.851647][T29352] __alloc_pages_nodemask+0x646/0x910 [ 1161.851647][T29352] ? __pte_alloc+0x1b5/0x310 [ 1161.851647][T29352] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1161.851647][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1161.851647][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1161.851647][T29352] alloc_pages_vma+0xdd/0x620 [ 1161.851647][T29352] __handle_mm_fault+0x1ed5/0x3da0 [ 1161.851647][T29352] ? vm_iomap_memory+0x1a0/0x1a0 [ 1161.851647][T29352] ? handle_mm_fault+0x292/0xa50 [ 1161.851647][T29352] ? handle_mm_fault+0x7a0/0xa50 [ 1161.851647][T29352] ? __kasan_check_read+0x11/0x20 [ 1161.851647][T29352] handle_mm_fault+0x3b2/0xa50 [ 1161.851647][T29352] __do_page_fault+0x536/0xd80 [ 1161.851647][T29352] do_page_fault+0x38/0x590 [ 1161.851647][T29352] do_async_page_fault+0x30/0xa0 [ 1161.851647][T29352] async_page_fault+0x39/0x40 [ 1161.851647][T29352] RIP: 0023:0x80486ca [ 1161.851647][T29352] Code: 24 28 0b 54 24 2c 09 c2 75 27 ff 74 24 0c ff 74 24 0c 6a 00 6a 04 8b 44 24 40 8b 54 24 44 e8 bd 53 00 00 83 c4 10 8b 7c 24 1c <89> 07 e9 ca 01 00 00 8b 44 24 1c 31 d2 8b 00 ff 74 24 0c ff 74 24 [ 1161.851647][T29352] RSP: 002b:00000000ffd5d860 EFLAGS: 00010286 [ 1161.851647][T29352] RAX: 0000000020000080 RBX: 000000000812b000 RCX: 0000000020000080 [ 1161.851647][T29352] RDX: 0000000000000000 RSI: 00000000ffd5d9f0 RDI: 0000000020000000 [ 1161.851647][T29352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1161.851647][T29352] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1161.851647][T29352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1162.244457][T29352] Mem-Info: [ 1162.249724][T29352] active_anon:42693 inactive_anon:233 isolated_anon:0 [ 1162.249724][T29352] active_file:2865 inactive_file:17693 isolated_file:0 [ 1162.249724][T29352] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1162.249724][T29352] slab_reclaimable:15620 slab_unreclaimable:60774 [ 1162.249724][T29352] mapped:39887 shmem:307 pagetables:3237 bounce:0 [ 1162.249724][T29352] free:144654 free_pcp:155 free_cma:0 [ 1162.310898][T29352] Node 0 active_anon:137144kB inactive_anon:896kB active_file:0kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:16kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1162.349677][T29352] Node 0 DMA free:2796kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:276kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1162.388602][T29352] lowmem_reserve[]: 0 532 532 532 532 [ 1162.394459][T29352] Node 0 DMA32 free:23772kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136868kB inactive_anon:896kB active_file:0kB inactive_file:56kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9232kB pagetables:4784kB bounce:0kB free_pcp:620kB local_pcp:120kB free_cma:0kB [ 1162.436059][T29352] lowmem_reserve[]: 0 0 0 0 0 [ 1162.441523][T29352] Node 0 DMA: 3*4kB (UME) 20*8kB (UME) 6*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2796kB [ 1162.460141][T29352] Node 0 DMA32: 1059*4kB (UME) 499*8kB (UME) 306*16kB (UME) 142*32kB (UME) 42*64kB (UME) 20*128kB (UME) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23684kB [ 1162.482426][T29352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1162.498098][T29352] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 03:36:49 executing program 2: r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r0, r1, 0x0, 0x7fffffff) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r0, 0x0, 0xffffffff) 03:36:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet6_opts(r1, 0x29, 0x49, 0x0, &(0x7f0000000200)) 03:36:49 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x14, 0x0, 0x0) [ 1162.514694][T29352] 13243 total pagecache pages [ 1162.521964][T29352] 0 pages in swap cache [ 1162.529362][T29352] Swap cache stats: add 0, delete 0, find 0/0 [ 1162.538269][T29352] Free swap = 0kB [ 1162.544049][T29352] Total swap = 0kB [ 1162.548998][T29352] 524155 pages RAM [ 1162.553788][T29352] 0 pages HighMem/MovableOnly [ 1162.560205][T29352] 141707 pages reserved [ 1162.566758][T29352] 0 pages cma reserved [ 1162.572093][T29352] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11302,uid=0 [ 1162.589847][T29352] Out of memory: Killed process 11302 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34928kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1162.647580][ T1129] oom_reaper: reaped process 11302 (syz-executor.0), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 1162.769546][T29352] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1162.798834][T29352] CPU: 0 PID: 29352 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1162.808807][T29352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1162.808807][T29352] Call Trace: [ 1162.808807][T29352] dump_stack+0x197/0x210 [ 1162.808807][T29352] dump_header+0x10b/0x82d [ 1162.808807][T29352] ? oom_kill_process+0x94/0x420 [ 1162.808807][T29352] oom_kill_process.cold+0x10/0x15 [ 1162.808807][T29352] out_of_memory+0x334/0x13c0 [ 1162.808807][T29352] ? oom_killer_disable+0x280/0x280 [ 1162.808807][T29352] ? mutex_trylock+0x264/0x2f0 [ 1162.874827][T29352] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1162.874827][T29352] __alloc_pages_slowpath+0x222b/0x2920 [ 1162.874827][T29352] ? warn_alloc+0x110/0x110 [ 1162.874827][T29352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1162.874827][T29352] ? should_fail+0x1de/0x852 [ 1162.874827][T29352] ? __kasan_check_read+0x11/0x20 [ 1162.874827][T29352] __alloc_pages_nodemask+0x646/0x910 [ 1162.874827][T29352] ? __pte_alloc+0x1b5/0x310 [ 1162.874827][T29352] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1162.874827][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1162.874827][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1162.874827][T29352] alloc_pages_vma+0xdd/0x620 [ 1162.874827][T29352] __handle_mm_fault+0x1ed5/0x3da0 [ 1162.874827][T29352] ? vm_iomap_memory+0x1a0/0x1a0 [ 1162.874827][T29352] ? handle_mm_fault+0x292/0xa50 [ 1162.874827][T29352] ? handle_mm_fault+0x7a0/0xa50 [ 1162.874827][T29352] ? __kasan_check_read+0x11/0x20 [ 1162.874827][T29352] handle_mm_fault+0x3b2/0xa50 [ 1162.874827][T29352] __do_page_fault+0x536/0xd80 [ 1162.874827][T29352] do_page_fault+0x38/0x590 [ 1162.874827][T29352] do_async_page_fault+0x30/0xa0 [ 1162.874827][T29352] async_page_fault+0x39/0x40 [ 1162.874827][T29352] RIP: 0023:0x80486ca [ 1162.874827][T29352] Code: 24 28 0b 54 24 2c 09 c2 75 27 ff 74 24 0c ff 74 24 0c 6a 00 6a 04 8b 44 24 40 8b 54 24 44 e8 bd 53 00 00 83 c4 10 8b 7c 24 1c <89> 07 e9 ca 01 00 00 8b 44 24 1c 31 d2 8b 00 ff 74 24 0c ff 74 24 [ 1162.874827][T29352] RSP: 002b:00000000ffd5d860 EFLAGS: 00010286 [ 1162.874827][T29352] RAX: 0000000020000080 RBX: 000000000812b000 RCX: 0000000020000080 [ 1163.084924][T29352] RDX: 0000000000000000 RSI: 00000000ffd5d9f0 RDI: 0000000020000000 [ 1163.084924][T29352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1163.114789][T29352] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1163.124728][T29352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1163.140738][T29352] Mem-Info: [ 1163.146461][T29352] active_anon:42611 inactive_anon:233 isolated_anon:0 [ 1163.146461][T29352] active_file:2873 inactive_file:17689 isolated_file:0 [ 1163.146461][T29352] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1163.146461][T29352] slab_reclaimable:15619 slab_unreclaimable:60517 [ 1163.146461][T29352] mapped:39887 shmem:307 pagetables:3209 bounce:0 [ 1163.146461][T29352] free:144896 free_pcp:246 free_cma:0 [ 1163.207776][T29352] Node 0 active_anon:137044kB inactive_anon:896kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:8kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1163.252023][T29352] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:252kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1163.295630][T29352] lowmem_reserve[]: 0 532 532 532 532 [ 1163.302273][T29352] Node 0 DMA32 free:23000kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136792kB inactive_anon:896kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9168kB pagetables:4696kB bounce:0kB free_pcp:984kB local_pcp:140kB free_cma:0kB [ 1163.343942][T29352] lowmem_reserve[]: 0 0 0 0 0 [ 1163.350601][T29352] Node 0 DMA: 7*4kB (UME) 21*8kB (UME) 6*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2820kB [ 1163.373979][T29352] Node 0 DMA32: 1028*4kB (UME) 401*8kB (UME) 322*16kB (UME) 143*32kB (UME) 42*64kB (UME) 20*128kB (UME) 5*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23576kB [ 1163.392388][T29352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1163.402748][T29352] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1163.413005][T29352] 13250 total pagecache pages [ 1163.418104][T29352] 0 pages in swap cache [ 1163.422683][T29352] Swap cache stats: add 0, delete 0, find 0/0 [ 1163.429300][T29352] Free swap = 0kB [ 1163.433507][T29352] Total swap = 0kB [ 1163.439355][T29352] 524155 pages RAM [ 1163.443412][T29352] 0 pages HighMem/MovableOnly [ 1163.448818][T29352] 141707 pages reserved [ 1163.454860][T29352] 0 pages cma reserved [ 1163.459661][T29352] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=14802,uid=0 [ 1163.478065][T29352] Out of memory: Killed process 14802 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34924kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1163.499261][ T1129] oom_reaper: reaped process 14802 (syz-executor.2), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 1163.585344][T29352] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1163.604275][T29352] CPU: 0 PID: 29352 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1163.610611][T29352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1163.610611][T29352] Call Trace: [ 1163.610611][T29352] dump_stack+0x197/0x210 [ 1163.610611][T29352] dump_header+0x10b/0x82d [ 1163.610611][T29352] ? oom_kill_process+0x94/0x420 [ 1163.610611][T29352] oom_kill_process.cold+0x10/0x15 [ 1163.610611][T29352] out_of_memory+0x334/0x13c0 [ 1163.610611][T29352] ? oom_killer_disable+0x280/0x280 [ 1163.610611][T29352] ? mutex_trylock+0x264/0x2f0 [ 1163.610611][T29352] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1163.610611][T29352] __alloc_pages_slowpath+0x222b/0x2920 [ 1163.610611][T29352] ? warn_alloc+0x110/0x110 [ 1163.610611][T29352] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1163.610611][T29352] ? should_fail+0x1de/0x852 [ 1163.610611][T29352] ? __kasan_check_read+0x11/0x20 [ 1163.610611][T29352] __alloc_pages_nodemask+0x646/0x910 [ 1163.610611][T29352] ? __pte_alloc+0x1b5/0x310 [ 1163.610611][T29352] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1163.610611][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1163.610611][T29352] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1163.610611][T29352] alloc_pages_vma+0xdd/0x620 [ 1163.610611][T29352] __handle_mm_fault+0x1ed5/0x3da0 [ 1163.610611][T29352] ? vm_iomap_memory+0x1a0/0x1a0 [ 1163.610611][T29352] ? handle_mm_fault+0x292/0xa50 [ 1163.610611][T29352] ? handle_mm_fault+0x7a0/0xa50 [ 1163.610611][T29352] ? __kasan_check_read+0x11/0x20 [ 1163.610611][T29352] handle_mm_fault+0x3b2/0xa50 [ 1163.610611][T29352] __do_page_fault+0x536/0xd80 [ 1163.610611][T29352] do_page_fault+0x38/0x590 [ 1163.610611][T29352] do_async_page_fault+0x30/0xa0 [ 1163.610611][T29352] async_page_fault+0x39/0x40 [ 1163.610611][T29352] RIP: 0023:0x80486ca [ 1163.610611][T29352] Code: 24 28 0b 54 24 2c 09 c2 75 27 ff 74 24 0c ff 74 24 0c 6a 00 6a 04 8b 44 24 40 8b 54 24 44 e8 bd 53 00 00 83 c4 10 8b 7c 24 1c <89> 07 e9 ca 01 00 00 8b 44 24 1c 31 d2 8b 00 ff 74 24 0c ff 74 24 [ 1163.610611][T29352] RSP: 002b:00000000ffd5d860 EFLAGS: 00010286 [ 1163.610611][T29352] RAX: 0000000020000080 RBX: 000000000812b000 RCX: 0000000020000080 [ 1163.610611][T29352] RDX: 0000000000000000 RSI: 00000000ffd5d9f0 RDI: 0000000020000000 [ 1163.610611][T29352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1163.610611][T29352] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1163.610611][T29352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1163.893474][T29352] Mem-Info: [ 1163.897570][T29352] active_anon:42600 inactive_anon:233 isolated_anon:0 [ 1163.897570][T29352] active_file:2885 inactive_file:17682 isolated_file:0 [ 1163.897570][T29352] unevictable:0 dirty:0 writeback:20 unstable:0 [ 1163.897570][T29352] slab_reclaimable:15578 slab_unreclaimable:60356 [ 1163.897570][T29352] mapped:39887 shmem:307 pagetables:3174 bounce:0 [ 1163.897570][T29352] free:144973 free_pcp:340 free_cma:0 [ 1163.941042][T29352] Node 0 active_anon:137052kB inactive_anon:896kB active_file:24kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1163.973452][T29352] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:260kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.006104][T29352] lowmem_reserve[]: 0 532 532 532 532 [ 1164.012959][T29352] Node 0 DMA32 free:23512kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136792kB inactive_anon:896kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4696kB bounce:0kB free_pcp:1360kB local_pcp:284kB free_cma:0kB [ 1164.049999][T29352] lowmem_reserve[]: 0 0 0 0 0 [ 1164.055584][T29352] Node 0 DMA: 2*4kB (UE) 20*8kB (UE) 8*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2824kB [ 1164.074145][T29352] Node 0 DMA32: 1028*4kB (UME) 361*8kB (UME) 322*16kB (UME) 143*32kB (UME) 42*64kB (UME) 20*128kB (UME) 5*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23256kB [ 1164.093395][T29352] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1164.104522][T29352] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1164.114715][T29352] 13256 total pagecache pages [ 1164.119823][T29352] 0 pages in swap cache [ 1164.124183][T29352] Swap cache stats: add 0, delete 0, find 0/0 [ 1164.130569][T29352] Free swap = 0kB [ 1164.134989][T29352] Total swap = 0kB [ 1164.138982][T29352] 524155 pages RAM [ 1164.143218][T29352] 0 pages HighMem/MovableOnly [ 1164.148161][T29352] 141707 pages reserved [ 1164.152569][T29352] 0 pages cma reserved [ 1164.157023][T29352] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=14790,uid=0 [ 1164.173942][T29352] Out of memory: Killed process 14790 (syz-executor.2) total-vm:72348kB, anon-rss:140kB, file-rss:34920kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1164.194202][ T1129] oom_reaper: reaped process 14790 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 1164.232677][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1164.245014][ T9407] CPU: 0 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1164.254960][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1164.264797][ T9407] Call Trace: [ 1164.264797][ T9407] dump_stack+0x197/0x210 [ 1164.277497][ T9407] dump_header+0x10b/0x82d [ 1164.277497][ T9407] ? oom_kill_process+0x94/0x420 [ 1164.284835][ T9407] oom_kill_process.cold+0x10/0x15 [ 1164.292055][ T9407] out_of_memory+0x334/0x13c0 [ 1164.295511][ T9407] ? oom_killer_disable+0x280/0x280 [ 1164.304772][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1164.304772][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1164.304772][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1164.324759][ T9407] ? warn_alloc+0x110/0x110 [ 1164.324759][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1164.344841][ T9407] ? should_fail+0x1de/0x852 [ 1164.344841][ T9407] ? __kasan_check_read+0x11/0x20 [ 1164.354918][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1164.364839][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1164.366939][ T39] kauditd_printk_skb: 8 callbacks suppressed [ 1164.366948][ T39] audit: type=1800 audit(2000000211.506:373): pid=29417 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16563 res=0 [ 1164.364839][ T9407] ? activate_task+0x212/0x490 [ 1164.364839][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1164.364839][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1164.364839][ T9407] alloc_pages_vma+0xdd/0x620 [ 1164.364839][ T9407] wp_page_copy+0x226/0x1560 [ 1164.364839][ T9407] ? find_held_lock+0x35/0x130 [ 1164.364839][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1164.445411][ T9407] ? lock_downgrade+0x920/0x920 [ 1164.454788][ T9407] ? swp_swapcount+0x540/0x540 [ 1164.454788][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1164.465351][ T9407] do_wp_page+0x543/0x1540 [ 1164.465351][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1164.474734][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1164.474734][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1164.487812][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1164.487812][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1164.494726][ T9407] ? __kasan_check_read+0x11/0x20 [ 1164.504902][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1164.505352][ T9407] __do_page_fault+0x536/0xd80 [ 1164.514814][ T9407] do_page_fault+0x38/0x590 [ 1164.514814][ T9407] do_async_page_fault+0x30/0xa0 [ 1164.524697][ T9407] async_page_fault+0x39/0x40 [ 1164.526151][ T9407] RIP: 0023:0x808fa5d [ 1164.534727][ T9407] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1164.554736][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1164.554736][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1164.566421][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007662 [ 1164.574746][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1164.585349][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1164.594791][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1164.606389][ T9407] Mem-Info: [ 1164.611171][ T9407] active_anon:42579 inactive_anon:233 isolated_anon:0 [ 1164.611171][ T9407] active_file:2876 inactive_file:17697 isolated_file:0 [ 1164.611171][ T9407] unevictable:0 dirty:13 writeback:0 unstable:0 [ 1164.611171][ T9407] slab_reclaimable:15574 slab_unreclaimable:60422 [ 1164.611171][ T9407] mapped:39887 shmem:307 pagetables:3183 bounce:0 [ 1164.611171][ T9407] free:144909 free_pcp:344 free_cma:0 [ 1164.656852][ T9407] Node 0 active_anon:137084kB inactive_anon:896kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1164.694114][ T9407] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:292kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1164.735837][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1164.741452][ T9407] Node 0 DMA32 free:23496kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136792kB inactive_anon:896kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4696kB bounce:0kB free_pcp:1376kB local_pcp:464kB free_cma:0kB [ 1164.776383][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1164.781403][ T9407] Node 0 DMA: 2*4kB (UE) 25*8kB (UE) 6*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2832kB [ 1164.808428][ T9407] Node 0 DMA32: 1028*4kB (UME) 417*8kB (UME) 289*16kB (UME) 143*32kB (UME) 42*64kB (UME) 20*128kB (UME) 5*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23176kB [ 1164.834729][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1164.845214][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1164.855540][ T9407] 13262 total pagecache pages [ 1164.860994][ T9407] 0 pages in swap cache [ 1164.866366][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1164.872661][ T9407] Free swap = 0kB [ 1164.876575][ T9407] Total swap = 0kB [ 1164.880552][ T9407] 524155 pages RAM [ 1164.885214][ T9407] 0 pages HighMem/MovableOnly [ 1164.890148][ T9407] 141707 pages reserved [ 1164.894537][ T9407] 0 pages cma reserved [ 1164.898956][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=13355,uid=0 [ 1164.915866][ T9407] Out of memory: Killed process 13355 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34920kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1164.934109][ T1129] oom_reaper: reaped process 13355 (syz-executor.1), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 1164.995260][ T1129] oom_reaper: reaped process 29352 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:36:52 executing program 3: r0 = socket(0x1e, 0x5, 0x0) sendmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000280)=""/145, 0x91}], 0x1}}], 0x400000000000368, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000003f40), 0x4924924924925ce, 0x0) 03:36:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet6_opts(r1, 0x29, 0x49, 0x0, &(0x7f0000000200)) 03:36:52 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x14, 0x0, 0x0) [ 1165.006250][ T39] audit: type=1804 audit(2000000212.151:374): pid=29417 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="file0" dev="sda1" ino=16563 res=1 03:36:52 executing program 0: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet6_opts(r1, 0x29, 0x49, 0x0, &(0x7f0000000200)) [ 1165.185695][T29421] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1165.200456][T29421] CPU: 1 PID: 29421 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1165.210355][T29421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1165.210355][T29421] Call Trace: [ 1165.210355][T29421] dump_stack+0x197/0x210 [ 1165.210355][T29421] dump_header+0x10b/0x82d [ 1165.210355][T29421] ? oom_kill_process+0x94/0x420 [ 1165.210355][T29421] oom_kill_process.cold+0x10/0x15 [ 1165.210355][T29421] out_of_memory+0x334/0x13c0 [ 1165.210355][T29421] ? oom_killer_disable+0x280/0x280 [ 1165.257127][T29421] ? mutex_trylock+0x264/0x2f0 [ 1165.265022][T29421] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1165.274919][T29421] __alloc_pages_slowpath+0x222b/0x2920 [ 1165.277557][T29421] ? warn_alloc+0x110/0x110 [ 1165.277557][T29421] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1165.277557][T29421] ? should_fail+0x1de/0x852 [ 1165.277557][T29421] ? __kasan_check_read+0x11/0x20 [ 1165.277557][T29421] __alloc_pages_nodemask+0x646/0x910 [ 1165.277557][T29421] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1165.277557][T29421] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1165.277557][T29421] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1165.277557][T29421] alloc_pages_vma+0xdd/0x620 [ 1165.277557][T29421] wp_page_copy+0x226/0x1560 [ 1165.277557][T29421] ? find_held_lock+0x35/0x130 [ 1165.277557][T29421] ? follow_pfn+0x2a0/0x2a0 [ 1165.277557][T29421] ? lock_downgrade+0x920/0x920 [ 1165.277557][T29421] ? swp_swapcount+0x540/0x540 [ 1165.277557][T29421] ? do_raw_spin_unlock+0x178/0x270 [ 1165.277557][T29421] do_wp_page+0x543/0x1540 [ 1165.277557][T29421] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1165.277557][T29421] __handle_mm_fault+0x327b/0x3da0 [ 1165.277557][T29421] ? vm_iomap_memory+0x1a0/0x1a0 [ 1165.277557][T29421] ? handle_mm_fault+0x292/0xa50 [ 1165.277557][T29421] ? handle_mm_fault+0x7a0/0xa50 [ 1165.277557][T29421] ? __kasan_check_read+0x11/0x20 [ 1165.277557][T29421] handle_mm_fault+0x3b2/0xa50 [ 1165.277557][T29421] __do_page_fault+0x536/0xd80 [ 1165.277557][T29421] do_page_fault+0x38/0x590 [ 1165.277557][T29421] do_async_page_fault+0x30/0xa0 [ 1165.434883][T29421] async_page_fault+0x39/0x40 [ 1165.434883][T29421] RIP: 0010:__put_user_4+0x1c/0x30 [ 1165.434883][T29421] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1165.434883][T29421] RSP: 0018:ffffc9000543ff30 EFLAGS: 00050293 [ 1165.434883][T29421] RAX: 000000000000301b RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1165.434883][T29421] RDX: dffffc0000000000 RSI: 1ffff11002eaca03 RDI: ffff888017564d30 [ 1165.434883][T29421] RBP: ffffc9000543ff48 R08: 0000000000000001 R09: ffff888017565010 [ 1165.434883][T29421] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1165.434883][T29421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1165.434883][T29421] ? schedule_tail+0xd8/0x130 [ 1165.434883][T29421] ret_from_fork+0x8/0x30 [ 1165.434883][T29421] RIP: 0023:0xf7f3ca39 [ 1165.434883][T29421] Code: Bad RIP value. [ 1165.434883][T29421] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1165.434883][T29421] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1165.434883][T29421] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1165.434883][T29421] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1165.434883][T29421] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1165.434883][T29421] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1165.604871][T29421] Mem-Info: [ 1165.608793][T29421] active_anon:43083 inactive_anon:233 isolated_anon:0 [ 1165.608793][T29421] active_file:2873 inactive_file:17704 isolated_file:0 [ 1165.608793][T29421] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1165.608793][T29421] slab_reclaimable:15574 slab_unreclaimable:60133 [ 1165.608793][T29421] mapped:39887 shmem:307 pagetables:3183 bounce:0 [ 1165.608793][T29421] free:144932 free_pcp:201 free_cma:0 [ 1165.663374][T29421] Node 0 active_anon:137072kB inactive_anon:896kB active_file:0kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1165.696682][T29421] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:328kB inactive_anon:0kB active_file:16kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1165.734914][T29421] lowmem_reserve[]: 0 532 532 532 532 [ 1165.742722][T29421] Node 0 DMA32 free:23848kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136744kB inactive_anon:896kB active_file:44kB inactive_file:0kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4688kB bounce:0kB free_pcp:916kB local_pcp:304kB free_cma:0kB [ 1165.791632][T29421] lowmem_reserve[]: 0 0 0 0 0 [ 1165.798413][T29421] Node 0 DMA: 1*4kB (U) 22*8kB (UME) 6*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2804kB [ 1165.827630][T29421] Node 0 DMA32: 1138*4kB (UME) 366*8kB (UME) 254*16kB (UME) 142*32kB (UME) 42*64kB (UME) 20*128kB (UME) 9*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23640kB [ 1165.849343][T29421] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.860437][T29421] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1165.872297][T29421] 13270 total pagecache pages [ 1165.877730][T29421] 0 pages in swap cache [ 1165.883328][T29421] Swap cache stats: add 0, delete 0, find 0/0 [ 1165.893064][T29421] Free swap = 0kB [ 1165.897843][T29421] Total swap = 0kB [ 1165.902560][T29421] 524155 pages RAM [ 1165.907846][T29421] 0 pages HighMem/MovableOnly [ 1165.914544][T29421] 141707 pages reserved [ 1165.920268][T29421] 0 pages cma reserved [ 1165.926588][T29421] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=13336,uid=0 [ 1165.946284][T29421] Out of memory: Killed process 13336 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34920kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1165.968808][ T1129] oom_reaper: reaped process 13336 (syz-executor.1), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 1165.998481][ T39] audit: type=1804 audit(2000000213.133:375): pid=29430 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16563 res=1 03:36:53 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$inet6_opts(r1, 0x29, 0x49, 0x0, &(0x7f0000000200)) 03:36:53 executing program 0: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:53 executing program 3: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:53 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 03:36:53 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0297ffffff000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x2cc, 0x10000}], 0x9, 0x0) [ 1166.242518][T29441] sctp: [Deprecated]: syz-executor.2 (pid 29441) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1166.242518][T29441] Use struct sctp_sack_info instead 03:36:53 executing program 0: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) [ 1166.298843][T29443] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 0 /dev/loop1 scanned by syz-executor.1 (29443) 03:36:53 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) [ 1166.339650][T29443] BTRFS error (device loop1): superblock checksum mismatch [ 1166.364402][T29450] sctp: [Deprecated]: syz-executor.2 (pid 29450) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1166.364402][T29450] Use struct sctp_sack_info instead 03:36:53 executing program 0: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:53 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) [ 1166.435370][T29443] BTRFS error (device loop1): open_ctree failed 03:36:53 executing program 0: r0 = socket(0x2, 0x1, 0x0) bind(r0, &(0x7f0000000040)=@in, 0xc) [ 1166.518820][T29443] BTRFS error (device loop1): superblock checksum mismatch [ 1166.595263][T29443] BTRFS error (device loop1): open_ctree failed [ 1166.715419][T29457] sctp: [Deprecated]: syz-executor.2 (pid 29457) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1166.715419][T29457] Use struct sctp_sack_info instead [ 1166.835218][T29435] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1166.850440][T29435] CPU: 0 PID: 29435 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1166.860243][T29435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1166.860243][T29435] Call Trace: [ 1166.860243][T29435] dump_stack+0x197/0x210 [ 1166.860243][T29435] dump_header+0x10b/0x82d [ 1166.860243][T29435] oom_kill_process.cold+0x10/0x15 [ 1166.860243][T29435] out_of_memory+0x334/0x13c0 [ 1166.860243][T29435] ? oom_killer_disable+0x280/0x280 [ 1166.860243][T29435] ? mutex_trylock+0x264/0x2f0 [ 1166.860243][T29435] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1166.860243][T29435] __alloc_pages_slowpath+0x222b/0x2920 [ 1166.860243][T29435] ? warn_alloc+0x110/0x110 [ 1166.860243][T29435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1166.860243][T29435] ? should_fail+0x1de/0x852 [ 1166.860243][T29435] ? __kasan_check_read+0x11/0x20 [ 1166.860243][T29435] __alloc_pages_nodemask+0x646/0x910 [ 1166.956194][T29435] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1166.956194][T29435] ? __kasan_check_read+0x11/0x20 [ 1166.956194][T29435] ? __lock_acquire+0x16f2/0x4a00 [ 1166.956194][T29435] ? pmd_val+0x85/0x100 [ 1166.956194][T29435] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1166.956194][T29435] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1166.956194][T29435] alloc_pages_vma+0xdd/0x620 [ 1166.956194][T29435] __handle_mm_fault+0x1ed5/0x3da0 [ 1166.956194][T29435] ? vm_iomap_memory+0x1a0/0x1a0 [ 1166.956194][T29435] ? handle_mm_fault+0x292/0xa50 [ 1166.956194][T29435] ? handle_mm_fault+0x7a0/0xa50 [ 1166.956194][T29435] ? __kasan_check_read+0x11/0x20 [ 1166.956194][T29435] handle_mm_fault+0x3b2/0xa50 [ 1166.956194][T29435] __get_user_pages+0x7b2/0x1ac0 [ 1166.956194][T29435] ? follow_page_mask+0x1dd0/0x1dd0 [ 1166.956194][T29435] ? process_vm_rw_core.isra.0+0x420/0xc60 [ 1166.956194][T29435] get_user_pages_remote+0x234/0x4b0 [ 1166.956194][T29435] process_vm_rw_core.isra.0+0x464/0xc60 [ 1166.956194][T29435] ? alloc_vmap_area.cold+0x24/0x24 [ 1166.956194][T29435] ? compat_rw_copy_check_uvector+0x180/0x4c0 [ 1166.956194][T29435] ? compat_rw_copy_check_uvector+0x189/0x4c0 [ 1166.956194][T29435] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1166.956194][T29435] ? compat_rw_copy_check_uvector+0x36b/0x4c0 [ 1166.956194][T29435] compat_process_vm_rw+0x21f/0x240 [ 1166.956194][T29435] ? find_held_lock+0x35/0x130 [ 1166.956194][T29435] ? process_vm_rw+0x240/0x240 [ 1166.956194][T29435] ? lock_downgrade+0x920/0x920 [ 1166.956194][T29435] ? __kasan_check_read+0x11/0x20 [ 1166.956194][T29435] ? _copy_to_user+0x118/0x160 [ 1166.956194][T29435] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1166.956194][T29435] ? put_old_timespec32+0x113/0x200 [ 1166.956194][T29435] ? get_old_timespec32+0x200/0x200 [ 1166.956194][T29435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1166.956194][T29435] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1166.956194][T29435] ? do_fast_syscall_32+0xd1/0xe16 [ 1166.956194][T29435] __ia32_compat_sys_process_vm_writev+0xe0/0x1a0 [ 1166.956194][T29435] do_fast_syscall_32+0x27b/0xe16 [ 1167.204701][T29435] entry_SYSENTER_compat+0x70/0x7f [ 1167.204701][T29435] RIP: 0023:0xf7f3ca39 [ 1167.204701][T29435] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1167.204701][T29435] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 1167.204701][T29435] RAX: ffffffffffffffda RBX: 000000000000301e RCX: 0000000020000000 [ 1167.204701][T29435] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 000000000000023a [ 1167.204701][T29435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1167.204701][T29435] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1167.204701][T29435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1167.295627][T29435] Mem-Info: [ 1167.299223][T29435] active_anon:43917 inactive_anon:232 isolated_anon:0 [ 1167.299223][T29435] active_file:2877 inactive_file:17724 isolated_file:0 [ 1167.299223][T29435] unevictable:0 dirty:21 writeback:0 unstable:0 [ 1167.299223][T29435] slab_reclaimable:15574 slab_unreclaimable:60225 [ 1167.299223][T29435] mapped:39903 shmem:305 pagetables:3177 bounce:0 [ 1167.299223][T29435] free:143994 free_pcp:81 free_cma:0 [ 1167.340185][T29435] Node 0 active_anon:138332kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:16kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1167.371677][T29435] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:520kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1167.403085][T29435] lowmem_reserve[]: 0 532 532 532 532 [ 1167.409452][T29435] Node 0 DMA32 free:24128kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:137612kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9140kB pagetables:4792kB bounce:0kB free_pcp:772kB local_pcp:0kB free_cma:0kB [ 1167.445794][T29435] lowmem_reserve[]: 0 0 0 0 0 [ 1167.451224][T29435] Node 0 DMA: 7*4kB (UME) 29*8kB (UM) 15*16kB (UME) 5*32kB (UME) 4*64kB (UE) 1*128kB (U) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2836kB [ 1167.468583][T29435] Node 0 DMA32: 944*4kB (UME) 417*8kB (UME) 275*16kB (UME) 137*32kB (UME) 43*64kB (UME) 21*128kB (UME) 11*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24152kB [ 1167.492050][T29435] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1167.502439][T29435] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1167.512911][T29435] 13280 total pagecache pages [ 1167.518955][T29435] 0 pages in swap cache [ 1167.525321][T29435] Swap cache stats: add 0, delete 0, find 0/0 [ 1167.532198][T29435] Free swap = 0kB [ 1167.536424][T29435] Total swap = 0kB [ 1167.540494][T29435] 524155 pages RAM [ 1167.544535][T29435] 0 pages HighMem/MovableOnly [ 1167.550027][T29435] 141707 pages reserved [ 1167.554852][T29435] 0 pages cma reserved [ 1167.559525][T29435] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=13326,uid=0 [ 1167.577248][T29435] Out of memory: Killed process 13326 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34916kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1167.689110][ T1129] oom_reaper: reaped process 29435 (syz-executor.3), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 03:36:54 executing program 3: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:54 executing program 0: r0 = socket(0x2, 0x1, 0x0) bind(r0, &(0x7f0000000040)=@in, 0xc) 03:36:54 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0297ffffff000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x2cc, 0x10000}], 0x9, 0x0) 03:36:54 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) [ 1167.727919][T29465] sctp: [Deprecated]: syz-executor.2 (pid 29465) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1167.727919][T29465] Use struct sctp_sack_info instead 03:36:54 executing program 0: r0 = socket(0x2, 0x1, 0x0) bind(r0, &(0x7f0000000040)=@in, 0xc) 03:36:54 executing program 2: unshare(0x20600) r0 = socket$inet(0x10, 0x2, 0x0) flistxattr(r0, 0x0, 0x0) [ 1167.793790][T29464] BTRFS error (device loop1): superblock checksum mismatch 03:36:54 executing program 0: r0 = socket(0x2, 0x1, 0x0) bind(r0, &(0x7f0000000040)=@in, 0xc) 03:36:54 executing program 2: unshare(0x20600) r0 = socket$inet(0x10, 0x2, 0x0) flistxattr(r0, 0x0, 0x0) [ 1167.864969][T29464] BTRFS error (device loop1): open_ctree failed [ 1168.128251][T29470] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1168.145548][T29470] CPU: 1 PID: 29470 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1168.155309][T29470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1168.155309][T29470] Call Trace: [ 1168.155309][T29470] dump_stack+0x197/0x210 [ 1168.155309][T29470] dump_header+0x10b/0x82d [ 1168.155309][T29470] oom_kill_process.cold+0x10/0x15 [ 1168.155309][T29470] out_of_memory+0x334/0x13c0 [ 1168.155309][T29470] ? oom_killer_disable+0x280/0x280 [ 1168.155309][T29470] ? mutex_trylock+0x264/0x2f0 [ 1168.155309][T29470] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1168.234878][T29470] __alloc_pages_slowpath+0x222b/0x2920 [ 1168.234878][T29470] ? warn_alloc+0x110/0x110 [ 1168.234878][T29470] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1168.234878][T29470] ? should_fail+0x1de/0x852 [ 1168.234878][T29470] ? __kasan_check_read+0x11/0x20 [ 1168.234878][T29470] __alloc_pages_nodemask+0x646/0x910 [ 1168.234878][T29470] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1168.234878][T29470] ? __kasan_check_read+0x11/0x20 [ 1168.234878][T29470] ? __lock_acquire+0x16f2/0x4a00 [ 1168.234878][T29470] ? pmd_val+0x85/0x100 [ 1168.234878][T29470] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1168.234878][T29470] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1168.234878][T29470] alloc_pages_vma+0xdd/0x620 [ 1168.234878][T29470] __handle_mm_fault+0x1ed5/0x3da0 [ 1168.234878][T29470] ? vm_iomap_memory+0x1a0/0x1a0 [ 1168.234878][T29470] ? handle_mm_fault+0x292/0xa50 [ 1168.234878][T29470] ? handle_mm_fault+0x7a0/0xa50 [ 1168.234878][T29470] ? __kasan_check_read+0x11/0x20 [ 1168.234878][T29470] handle_mm_fault+0x3b2/0xa50 [ 1168.234878][T29470] __get_user_pages+0x7b2/0x1ac0 [ 1168.234878][T29470] ? follow_page_mask+0x1dd0/0x1dd0 [ 1168.234878][T29470] ? process_vm_rw_core.isra.0+0x420/0xc60 [ 1168.234878][T29470] get_user_pages_remote+0x234/0x4b0 [ 1168.234878][T29470] process_vm_rw_core.isra.0+0x464/0xc60 [ 1168.234878][T29470] ? alloc_vmap_area.cold+0x24/0x24 [ 1168.234878][T29470] ? compat_rw_copy_check_uvector+0x180/0x4c0 [ 1168.234878][T29470] ? compat_rw_copy_check_uvector+0x189/0x4c0 [ 1168.234878][T29470] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1168.234878][T29470] ? compat_rw_copy_check_uvector+0x36b/0x4c0 [ 1168.234878][T29470] compat_process_vm_rw+0x21f/0x240 [ 1168.234878][T29470] ? find_held_lock+0x35/0x130 [ 1168.234878][T29470] ? process_vm_rw+0x240/0x240 [ 1168.234878][T29470] ? lock_downgrade+0x920/0x920 [ 1168.234878][T29470] ? __kasan_check_read+0x11/0x20 [ 1168.234878][T29470] ? _copy_to_user+0x118/0x160 [ 1168.234878][T29470] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1168.234878][T29470] ? put_old_timespec32+0x113/0x200 [ 1168.234878][T29470] ? get_old_timespec32+0x200/0x200 [ 1168.234878][T29470] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1168.234878][T29470] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1168.234878][T29470] ? do_fast_syscall_32+0xd1/0xe16 [ 1168.234878][T29470] __ia32_compat_sys_process_vm_writev+0xe0/0x1a0 [ 1168.234878][T29470] do_fast_syscall_32+0x27b/0xe16 [ 1168.234878][T29470] entry_SYSENTER_compat+0x70/0x7f [ 1168.234878][T29470] RIP: 0023:0xf7f3ca39 [ 1168.234878][T29470] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1168.234878][T29470] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 1168.234878][T29470] RAX: ffffffffffffffda RBX: 0000000000003021 RCX: 0000000020000000 [ 1168.234878][T29470] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 000000000000023a [ 1168.234878][T29470] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1168.234878][T29470] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1168.234878][T29470] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1168.690158][T29470] Mem-Info: [ 1168.693557][T29470] active_anon:44449 inactive_anon:233 isolated_anon:0 [ 1168.693557][T29470] active_file:2875 inactive_file:17725 isolated_file:0 [ 1168.693557][T29470] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1168.693557][T29470] slab_reclaimable:15475 slab_unreclaimable:59305 [ 1168.693557][T29470] mapped:39903 shmem:307 pagetables:3136 bounce:0 [ 1168.693557][T29470] free:144582 free_pcp:254 free_cma:0 [ 1168.734990][T29470] Node 0 active_anon:140592kB inactive_anon:896kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1168.765160][T29470] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:624kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1168.799739][T29470] lowmem_reserve[]: 0 532 532 532 532 [ 1168.807124][T29470] Node 0 DMA32 free:22972kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:139968kB inactive_anon:896kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9168kB pagetables:4796kB bounce:0kB free_pcp:1004kB local_pcp:292kB free_cma:0kB [ 1168.843037][T29470] lowmem_reserve[]: 0 0 0 0 0 [ 1168.848242][T29470] Node 0 DMA: 7*4kB (UME) 30*8kB (U) 22*16kB (UME) 3*32kB (UE) 5*64kB (UME) 2*128kB (UM) 2*256kB (ME) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2828kB [ 1168.864789][T29470] Node 0 DMA32: 887*4kB (UME) 64*8kB (ME) 346*16kB (UME) 143*32kB (UME) 48*64kB (UME) 22*128kB (UME) 11*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22876kB [ 1168.882275][T29470] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1168.893251][T29470] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1168.903712][T29470] 13289 total pagecache pages [ 1168.909478][T29470] 0 pages in swap cache [ 1168.914145][T29470] Swap cache stats: add 0, delete 0, find 0/0 [ 1168.921051][T29470] Free swap = 0kB [ 1168.925396][T29470] Total swap = 0kB [ 1168.929460][T29470] 524155 pages RAM [ 1168.933221][T29470] 0 pages HighMem/MovableOnly [ 1168.938111][T29470] 141707 pages reserved [ 1168.943047][T29470] 0 pages cma reserved [ 1168.947658][T29470] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=13308,uid=0 [ 1168.965986][T29470] Out of memory: Killed process 13308 (syz-executor.0) total-vm:72348kB, anon-rss:140kB, file-rss:34912kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1169.064332][ T1129] oom_reaper: reaped process 29470 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 03:36:56 executing program 2: unshare(0x20600) r0 = socket$inet(0x10, 0x2, 0x0) flistxattr(r0, 0x0, 0x0) 03:36:56 executing program 3: r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:36:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x1a, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0xfffffffffffffeb7}, 0x48) 03:36:56 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0297ffffff000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x2cc, 0x10000}], 0x9, 0x0) 03:36:56 executing program 2: unshare(0x20600) r0 = socket$inet(0x10, 0x2, 0x0) flistxattr(r0, 0x0, 0x0) [ 1169.129155][T29486] BTRFS error (device loop1): superblock checksum mismatch 03:36:56 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x1a, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0xfffffffffffffeb7}, 0x48) 03:36:56 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) close(r0) socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000040), &(0x7f0000000080)=0xc) [ 1169.195334][T29486] BTRFS error (device loop1): open_ctree failed 03:36:56 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) [ 1169.635045][T29501] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1169.677148][T29501] CPU: 3 PID: 29501 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1169.685034][T29501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1169.685034][T29501] Call Trace: [ 1169.685034][T29501] dump_stack+0x197/0x210 [ 1169.685034][T29501] dump_header+0x10b/0x82d [ 1169.685034][T29501] ? oom_kill_process+0x94/0x420 [ 1169.685034][T29501] oom_kill_process.cold+0x10/0x15 [ 1169.685034][T29501] out_of_memory+0x334/0x13c0 [ 1169.685034][T29501] ? oom_killer_disable+0x280/0x280 [ 1169.685034][T29501] ? mutex_trylock+0x264/0x2f0 [ 1169.685034][T29501] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1169.685034][T29501] __alloc_pages_slowpath+0x222b/0x2920 [ 1169.685034][T29501] ? warn_alloc+0x110/0x110 [ 1169.685034][T29501] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1169.685034][T29501] ? should_fail+0x1de/0x852 [ 1169.685034][T29501] ? __kasan_check_read+0x11/0x20 [ 1169.685034][T29501] __alloc_pages_nodemask+0x646/0x910 [ 1169.685034][T29501] ? __kasan_check_read+0x11/0x20 [ 1169.685034][T29501] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1169.685034][T29501] ? pmd_val+0x85/0x100 [ 1169.685034][T29501] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1169.685034][T29501] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1169.685034][T29501] alloc_pages_vma+0xdd/0x620 [ 1169.685034][T29501] __handle_mm_fault+0x1ed5/0x3da0 [ 1169.685034][T29501] ? vm_iomap_memory+0x1a0/0x1a0 [ 1169.685034][T29501] ? handle_mm_fault+0x292/0xa50 [ 1169.685034][T29501] ? handle_mm_fault+0x7a0/0xa50 [ 1169.685034][T29501] ? __kasan_check_read+0x11/0x20 [ 1169.685034][T29501] handle_mm_fault+0x3b2/0xa50 [ 1169.685034][T29501] __do_page_fault+0x536/0xd80 [ 1169.685034][T29501] do_page_fault+0x38/0x590 [ 1169.685034][T29501] do_async_page_fault+0x30/0xa0 [ 1169.685034][T29501] async_page_fault+0x39/0x40 [ 1169.685034][T29501] RIP: 0023:0x80485f5 [ 1169.685034][T29501] Code: 24 28 0b 54 24 2c 09 c2 75 28 ff 74 24 0c ff 74 24 0c 6a 00 6a 02 8b 44 24 40 8b 54 24 44 e8 92 54 00 00 83 c4 10 8b 7c 24 1c <66> 89 07 e9 9e 02 00 00 8b 44 24 1c 31 d2 0f b7 00 ff 74 24 0c ff [ 1169.685034][T29501] RSP: 002b:00000000ffcb54e0 EFLAGS: 00010282 [ 1169.685034][T29501] RAX: 000000000000000a RBX: 000000000812b000 RCX: 000000000000000a [ 1169.685034][T29501] RDX: 0000000000000000 RSI: 00000000ffcb5670 RDI: 0000000020000080 [ 1169.685034][T29501] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1169.685034][T29501] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1169.685034][T29501] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1170.161746][T29501] Mem-Info: [ 1170.167780][T29501] active_anon:44047 inactive_anon:233 isolated_anon:0 [ 1170.167780][T29501] active_file:2878 inactive_file:17729 isolated_file:0 [ 1170.167780][T29501] unevictable:0 dirty:13 writeback:0 unstable:0 [ 1170.167780][T29501] slab_reclaimable:15467 slab_unreclaimable:59367 [ 1170.167780][T29501] mapped:39903 shmem:307 pagetables:3133 bounce:0 [ 1170.167780][T29501] free:144314 free_pcp:395 free_cma:0 [ 1170.212100][T29501] Node 0 active_anon:139088kB inactive_anon:896kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1170.245173][T29501] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:396kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1170.278411][T29501] lowmem_reserve[]: 0 532 532 532 532 [ 1170.284618][T29501] Node 0 DMA32 free:22640kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:138772kB inactive_anon:896kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9200kB pagetables:4808kB bounce:0kB free_pcp:1580kB local_pcp:724kB free_cma:0kB [ 1170.322514][T29501] lowmem_reserve[]: 0 0 0 0 0 [ 1170.330246][T29501] Node 0 DMA: 15*4kB (UE) 16*8kB (UM) 14*16kB (UME) 4*32kB (UME) 4*64kB (UE) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2844kB [ 1170.353520][T29501] Node 0 DMA32: 864*4kB (UE) 158*8kB (UME) 281*16kB (UME) 143*32kB (UME) 48*64kB (UME) 22*128kB (UME) 11*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22496kB [ 1170.371977][T29501] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1170.382497][T29501] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1170.392724][T29501] 13297 total pagecache pages [ 1170.398167][T29501] 0 pages in swap cache [ 1170.403301][T29501] Swap cache stats: add 0, delete 0, find 0/0 03:36:57 executing program 3: syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x401}, {&(0x7f0000000100)='ER', 0x2}]) [ 1170.410132][T29501] Free swap = 0kB 03:36:57 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0297ffffff000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x2cc, 0x10000}], 0x9, 0x0) 03:36:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x1a, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0xfffffffffffffeb7}, 0x48) [ 1170.419344][T29501] Total swap = 0kB [ 1170.424308][T29501] 524155 pages RAM [ 1170.429554][T29501] 0 pages HighMem/MovableOnly [ 1170.436185][T29501] 141707 pages reserved [ 1170.441315][T29501] 0 pages cma reserved 03:36:57 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x15, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x1a, 0x54}}, &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0xfffffffffffffeb7}, 0x48) [ 1170.456588][T29501] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=13288,uid=0 [ 1170.458168][T29507] BTRFS error (device loop1): superblock checksum mismatch [ 1170.476067][T29501] Out of memory: Killed process 13288 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34916kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1170.513053][ T1129] oom_reaper: reaped process 13288 (syz-executor.0), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 03:36:57 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2000000000f, &(0x7f0000f10000)=0xfffffffffffff830, 0x4) bind$inet6(r0, &(0x7f0000f13000)={0xa, 0x4e22}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x2000000000f, &(0x7f0000f10000)=0xfffffffffffff830, 0x4) bind$inet6(r1, &(0x7f0000f13000)={0xa, 0x4e22}, 0x1c) [ 1170.544933][T29507] BTRFS error (device loop1): open_ctree failed [ 1170.589271][T29515] Dev loop3: unable to read RDB block 4 [ 1170.603954][T29515] loop3: unable to read partition table 03:36:57 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_keyring_id(0x0, r0, 0x0) [ 1170.615707][T29515] loop3: partition table beyond EOD, truncated [ 1170.623645][T29515] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 03:36:57 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_keyring_id(0x0, r0, 0x0) [ 1170.762293][T29515] Dev loop3: unable to read RDB block 4 [ 1170.769897][T29515] loop3: unable to read partition table [ 1170.777552][T29515] loop3: partition table beyond EOD, truncated [ 1170.785061][T29515] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 03:36:57 executing program 1: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000000040)=@ipx, 0x80, 0x0}, 0x0) r0 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000c00), 0x4000497, 0x0) 03:36:57 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_keyring_id(0x0, r0, 0x0) 03:36:57 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:57 executing program 3: syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x401}, {&(0x7f0000000100)='ER', 0x2}]) 03:36:58 executing program 0: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$get_keyring_id(0x0, r0, 0x0) 03:36:58 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:58 executing program 1: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000000040)=@ipx, 0x80, 0x0}, 0x0) r0 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000c00), 0x4000497, 0x0) [ 1170.962615][T29538] Dev loop3: unable to read RDB block 4 [ 1170.970940][T29538] loop3: unable to read partition table [ 1170.979542][T29538] loop3: partition table beyond EOD, truncated [ 1170.989525][T29538] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 03:36:58 executing program 1: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000000040)=@ipx, 0x80, 0x0}, 0x0) r0 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000c00), 0x4000497, 0x0) 03:36:58 executing program 3: syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x401}, {&(0x7f0000000100)='ER', 0x2}]) 03:36:58 executing program 1: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000012c0)={&(0x7f0000000040)=@ipx, 0x80, 0x0}, 0x0) r0 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r0, &(0x7f0000000c00), 0x4000497, 0x0) 03:36:58 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:58 executing program 1: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmmsg(0xffffffffffffffff, &(0x7f00000083c0), 0x0, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'.\x00'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) 03:36:58 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:58 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000001c0)={{0x1}}) [ 1171.322481][T29554] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 03:36:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002021900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 1171.342008][T29554] CPU: 0 PID: 29554 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1171.350283][T29554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1171.372168][T29554] Call Trace: [ 1171.372168][T29554] dump_stack+0x197/0x210 [ 1171.372168][T29554] dump_header+0x10b/0x82d 03:36:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002021900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 1171.372168][T29554] ? oom_kill_process+0x94/0x420 [ 1171.372168][T29554] oom_kill_process.cold+0x10/0x15 [ 1171.372168][T29554] out_of_memory+0x334/0x13c0 [ 1171.372168][T29554] ? oom_killer_disable+0x280/0x280 [ 1171.372168][T29554] ? mutex_trylock+0x264/0x2f0 [ 1171.372168][T29554] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1171.372168][T29554] __alloc_pages_slowpath+0x222b/0x2920 [ 1171.372168][T29554] ? warn_alloc+0x110/0x110 [ 1171.372168][T29554] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1171.372168][T29554] ? should_fail+0x1de/0x852 [ 1171.372168][T29554] ? __kasan_check_read+0x11/0x20 [ 1171.372168][T29554] __alloc_pages_nodemask+0x646/0x910 [ 1171.372168][T29554] ? __pte_alloc+0x1b5/0x310 [ 1171.387529][T29554] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1171.387529][T29554] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1171.387529][T29554] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1171.387529][T29554] alloc_pages_vma+0xdd/0x620 [ 1171.387529][T29554] __handle_mm_fault+0x1ed5/0x3da0 [ 1171.387529][T29554] ? vm_iomap_memory+0x1a0/0x1a0 [ 1171.387529][T29554] ? handle_mm_fault+0x292/0xa50 [ 1171.387529][T29554] ? handle_mm_fault+0x7a0/0xa50 [ 1171.387529][T29554] ? __kasan_check_read+0x11/0x20 [ 1171.387529][T29554] handle_mm_fault+0x3b2/0xa50 [ 1171.387529][T29554] __do_page_fault+0x536/0xd80 [ 1171.387529][T29554] do_page_fault+0x38/0x590 [ 1171.387529][T29554] do_async_page_fault+0x30/0xa0 [ 1171.387529][T29554] async_page_fault+0x39/0x40 [ 1171.387529][T29554] RIP: 0023:0x805374e [ 1171.387529][T29554] Code: 00 89 4c 82 2c 83 c0 01 83 f8 09 75 ed 0f b6 84 24 b2 00 00 00 8b 5c 24 0c 6b ed 70 88 84 2b cc ff 02 00 89 f8 e8 a2 85 ff ff <83> 83 04 50 23 00 01 80 7c 24 0b 00 74 0b f6 44 24 18 01 0f 84 0c [ 1171.387529][T29554] RSP: 002b:00000000ffd5d8f0 EFLAGS: 00010286 [ 1171.387529][T29554] RAX: 0000000000000000 RBX: 000000000812b000 RCX: 0000000000000081 [ 1171.387529][T29554] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 000000000815af68 [ 1171.387529][T29554] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1171.387529][T29554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1171.387529][T29554] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1171.659578][T29554] Mem-Info: [ 1171.664241][T29554] active_anon:43518 inactive_anon:233 isolated_anon:0 [ 1171.664241][T29554] active_file:2875 inactive_file:17749 isolated_file:0 [ 1171.664241][T29554] unevictable:0 dirty:7 writeback:20 unstable:0 [ 1171.664241][T29554] slab_reclaimable:15442 slab_unreclaimable:59396 [ 1171.664241][T29554] mapped:39903 shmem:307 pagetables:3078 bounce:0 [ 1171.664241][T29554] free:144800 free_pcp:286 free_cma:0 [ 1171.711343][T29554] Node 0 active_anon:137040kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:40kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1171.748122][T29554] Node 0 DMA free:2832kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:240kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:180kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1171.787962][T29554] lowmem_reserve[]: 0 532 532 532 532 [ 1171.795883][T29554] Node 0 DMA32 free:24468kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136800kB inactive_anon:896kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:32kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9196kB pagetables:4700kB bounce:0kB free_pcp:1252kB local_pcp:188kB free_cma:0kB [ 1171.839724][T29554] lowmem_reserve[]: 0 0 0 0 0 [ 1171.847123][T29554] Node 0 DMA: 4*4kB (UME) 14*8kB (UM) 16*16kB (UME) 4*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2880kB [ 1171.847698][T29555] Dev loop3: unable to read RDB block 4 [ 1171.869413][T29554] Node 0 DMA32: 353*4kB (UME) 469*8kB (UME) 362*16kB (UME) 142*32kB (UME) 49*64kB (UME) 23*128kB (UME) 12*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24652kB [ 1171.875911][T29555] loop3: unable to read partition table [ 1171.893849][T29554] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1171.900611][T29555] loop3: partition table beyond EOD, truncated [ 1171.911264][T29554] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1171.918909][T29555] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) [ 1171.930291][T29554] 13304 total pagecache pages [ 1171.950214][T29554] 0 pages in swap cache [ 1171.956003][T29554] Swap cache stats: add 0, delete 0, find 0/0 [ 1171.967443][T29554] Free swap = 0kB [ 1171.974146][T29554] Total swap = 0kB [ 1171.979887][T29554] 524155 pages RAM [ 1171.985819][T29554] 0 pages HighMem/MovableOnly [ 1171.992096][T29554] 141707 pages reserved [ 1171.999183][T29554] 0 pages cma reserved [ 1172.016280][T29554] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=13261,uid=0 [ 1172.048661][T29554] Out of memory: Killed process 13261 (syz-executor.0) total-vm:72480kB, anon-rss:144kB, file-rss:34896kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1172.078280][ T1129] oom_reaper: reaped process 13261 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 03:36:59 executing program 3: syz_read_part_table(0x0, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x401}, {&(0x7f0000000100)='ER', 0x2}]) 03:36:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002021900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) 03:36:59 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:59 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f00000003c0)=0x100, 0x4) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:36:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002021900000007000000068100023b0509000100010100ff3ffe58", 0x1f}], 0x1) [ 1172.216729][T29582] Dev loop3: unable to read RDB block 4 03:36:59 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snapshot\x00', 0x180942, 0x0) [ 1172.235067][T29582] loop3: unable to read partition table 03:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000001c0)) [ 1172.262801][T29582] loop3: partition table beyond EOD, truncated [ 1172.299242][T29582] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 03:36:59 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000001c0)) [ 1172.494322][T29587] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1172.512069][T29587] CPU: 3 PID: 29587 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1172.521959][T29587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1172.521959][T29587] Call Trace: [ 1172.521959][T29587] dump_stack+0x197/0x210 [ 1172.521959][T29587] dump_header+0x10b/0x82d [ 1172.521959][T29587] oom_kill_process.cold+0x10/0x15 [ 1172.521959][T29587] out_of_memory+0x334/0x13c0 [ 1172.521959][T29587] ? oom_killer_disable+0x280/0x280 [ 1172.521959][T29587] ? mutex_trylock+0x264/0x2f0 [ 1172.521959][T29587] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1172.521959][T29587] __alloc_pages_slowpath+0x222b/0x2920 [ 1172.521959][T29587] ? warn_alloc+0x110/0x110 [ 1172.521959][T29587] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1172.521959][T29587] ? should_fail+0x1de/0x852 [ 1172.521959][T29587] ? __kasan_check_read+0x11/0x20 [ 1172.521959][T29587] __alloc_pages_nodemask+0x646/0x910 [ 1172.521959][T29587] ? __local_bh_enable_ip+0x15a/0x270 [ 1172.521959][T29587] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1172.521959][T29587] ? dst_release+0x62/0xe0 [ 1172.521959][T29587] ? lock_downgrade+0x5c9/0x920 [ 1172.521959][T29587] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1172.521959][T29587] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1172.521959][T29587] alloc_pages_vma+0xdd/0x620 [ 1172.521959][T29587] wp_page_copy+0xb6e/0x1560 [ 1172.521959][T29587] ? find_held_lock+0x35/0x130 [ 1172.521959][T29587] ? follow_pfn+0x2a0/0x2a0 [ 1172.521959][T29587] ? lock_downgrade+0x920/0x920 [ 1172.794818][T29587] ? vm_normal_page+0x15d/0x3c0 [ 1172.794818][T29587] ? __pte_alloc_kernel+0x210/0x210 [ 1172.794818][T29587] ? do_raw_spin_unlock+0x178/0x270 [ 1172.794818][T29587] do_wp_page+0x543/0x1540 [ 1172.794818][T29587] ? do_raw_spin_lock+0x12a/0x2e0 [ 1172.794818][T29587] ? lock_acquire+0x190/0x410 [ 1172.794818][T29587] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1172.794818][T29587] ? fault_around_bytes_set+0xa0/0xa0 [ 1172.794818][T29587] __handle_mm_fault+0x327b/0x3da0 [ 1172.794818][T29587] ? vm_iomap_memory+0x1a0/0x1a0 [ 1172.794818][T29587] ? handle_mm_fault+0x292/0xa50 [ 1172.794818][T29587] ? handle_mm_fault+0x7a0/0xa50 [ 1172.794818][T29587] ? __kasan_check_read+0x11/0x20 [ 1172.794818][T29587] handle_mm_fault+0x3b2/0xa50 [ 1172.794818][T29587] __do_page_fault+0x536/0xd80 [ 1172.794818][T29587] do_page_fault+0x38/0x590 [ 1172.794818][T29587] do_async_page_fault+0x30/0xa0 [ 1172.794818][T29587] async_page_fault+0x39/0x40 [ 1172.794818][T29587] RIP: 0010:__sys_sendmmsg+0x303/0x4d0 [ 1172.794818][T29587] Code: ff ff 31 ff 89 c3 89 c6 89 85 58 fe ff ff e8 74 11 65 fb 85 db 0f 88 16 01 00 00 e8 e7 0f 65 fb 0f 01 cb 48 8b 85 10 fe ff ff <89> 58 1c e8 d5 0f 65 fb 31 db e8 ce 0f 65 fb 0f 01 ca 48 83 85 10 [ 1172.794818][T29587] RSP: 0018:ffffc90008b97cb0 EFLAGS: 00050246 [ 1172.794818][T29587] RAX: 0000000020011000 RBX: 0000000000000000 RCX: ffffc9002180d000 [ 1172.794818][T29587] RDX: 0000000000040000 RSI: ffffffff86101ba9 RDI: 0000000000000005 [ 1172.794818][T29587] RBP: ffffc90008b97ed0 R08: ffff888014174d00 R09: ffffed1005a4703d [ 1172.794818][T29587] R10: ffffed1005a4703c R11: ffff88802d2381e3 R12: 00000000000003ea [ 1172.794818][T29587] R13: 0000000080040000 R14: 00000000200092c0 R15: 00000000000003ff [ 1172.794818][T29587] ? __sys_sendmmsg+0x2f9/0x4d0 [ 1172.794818][T29587] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 1172.794818][T29587] ? _copy_to_user+0x118/0x160 [ 1172.794818][T29587] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1172.794818][T29587] ? put_old_timespec32+0x113/0x200 [ 1172.794818][T29587] ? get_old_timespec32+0x200/0x200 [ 1172.794818][T29587] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1172.794818][T29587] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1172.794818][T29587] ? do_fast_syscall_32+0xd1/0xe16 [ 1172.794818][T29587] ? entry_SYSENTER_compat+0x70/0x7f [ 1172.794818][T29587] ? do_fast_syscall_32+0xd1/0xe16 [ 1172.794818][T29587] __ia32_compat_sys_sendmmsg+0x9f/0x100 [ 1172.794818][T29587] do_fast_syscall_32+0x27b/0xe16 [ 1172.794818][T29587] entry_SYSENTER_compat+0x70/0x7f [ 1172.794818][T29587] RIP: 0023:0xf7f59a39 [ 1172.794818][T29587] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1172.794818][T29587] RSP: 002b:00000000f5d340cc EFLAGS: 00000296 ORIG_RAX: 0000000000000159 [ 1172.794818][T29587] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200092c0 [ 1172.794818][T29587] RDX: 00000000000004ff RSI: 0000000000000000 RDI: 0000000000000000 [ 1172.794818][T29587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1172.794818][T29587] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1172.794818][T29587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1173.353693][T29587] Mem-Info: [ 1173.359306][T29587] active_anon:43522 inactive_anon:233 isolated_anon:0 [ 1173.359306][T29587] active_file:2875 inactive_file:17755 isolated_file:0 [ 1173.359306][T29587] unevictable:0 dirty:16 writeback:0 unstable:0 [ 1173.359306][T29587] slab_reclaimable:15442 slab_unreclaimable:59316 [ 1173.359306][T29587] mapped:39903 shmem:307 pagetables:3084 bounce:0 [ 1173.359306][T29587] free:145381 free_pcp:107 free_cma:0 [ 1173.407040][T29587] Node 0 active_anon:137188kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1173.438736][T29587] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1173.471658][T29587] lowmem_reserve[]: 0 532 532 532 532 [ 1173.477883][T29587] Node 0 DMA32 free:23528kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136944kB inactive_anon:896kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4888kB bounce:0kB free_pcp:428kB local_pcp:84kB free_cma:0kB [ 1173.515153][T29587] lowmem_reserve[]: 0 0 0 0 0 [ 1173.520774][T29587] Node 0 DMA: 3*4kB (ME) 8*8kB (UM) 13*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2812kB [ 1173.544256][T29587] Node 0 DMA32: 466*4kB (UME) 487*8kB (UME) 243*16kB (UME) 146*32kB (UME) 49*64kB (UME) 23*128kB (UME) 12*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23472kB [ 1173.570406][T29587] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1173.581450][T29587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1173.591972][T29587] 13315 total pagecache pages [ 1173.597384][T29587] 0 pages in swap cache [ 1173.602075][T29587] Swap cache stats: add 0, delete 0, find 0/0 [ 1173.609209][T29587] Free swap = 0kB [ 1173.613455][T29587] Total swap = 0kB [ 1173.617542][T29587] 524155 pages RAM [ 1173.622357][T29587] 0 pages HighMem/MovableOnly [ 1173.628505][T29587] 141707 pages reserved [ 1173.633105][T29587] 0 pages cma reserved [ 1173.642464][T29587] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=13832,uid=0 [ 1173.668755][T29587] Out of memory: Killed process 13832 (syz-executor.1) total-vm:72348kB, anon-rss:144kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1173.698686][T29581] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1173.716129][T29581] CPU: 2 PID: 29581 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1173.725869][T29581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1173.725869][T29581] Call Trace: [ 1173.725869][T29581] dump_stack+0x197/0x210 [ 1173.725869][T29581] dump_header+0x10b/0x82d [ 1173.725869][T29581] ? oom_kill_process+0x94/0x420 [ 1173.725869][T29581] oom_kill_process.cold+0x10/0x15 [ 1173.725869][T29581] out_of_memory+0x334/0x13c0 [ 1173.725869][T29581] ? oom_killer_disable+0x280/0x280 [ 1173.725869][T29581] ? mutex_trylock+0x264/0x2f0 [ 1173.725869][T29581] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1173.725869][T29581] __alloc_pages_slowpath+0x222b/0x2920 [ 1173.725869][T29581] ? warn_alloc+0x110/0x110 [ 1173.725869][T29581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1173.725869][T29581] ? should_fail+0x1de/0x852 [ 1173.725869][T29581] ? __kasan_check_read+0x11/0x20 [ 1173.725869][T29581] __alloc_pages_nodemask+0x646/0x910 [ 1173.725869][T29581] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1173.725869][T29581] ? find_held_lock+0x35/0x130 [ 1173.725869][T29581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1173.725869][T29581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1173.725869][T29581] alloc_pages_vma+0xdd/0x620 [ 1173.725869][T29581] wp_page_copy+0xb6e/0x1560 [ 1173.725869][T29581] ? find_held_lock+0x35/0x130 [ 1173.725869][T29581] ? follow_pfn+0x2a0/0x2a0 [ 1173.725869][T29581] ? lock_downgrade+0x920/0x920 [ 1173.725869][T29581] ? vm_normal_page+0x15d/0x3c0 [ 1173.725869][T29581] ? __pte_alloc_kernel+0x210/0x210 [ 1173.725869][T29581] ? do_raw_spin_unlock+0x178/0x270 [ 1173.725869][T29581] do_wp_page+0x543/0x1540 [ 1173.725869][T29581] ? do_raw_spin_lock+0x12a/0x2e0 [ 1173.725869][T29581] ? lock_acquire+0x190/0x410 [ 1173.725869][T29581] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1173.725869][T29581] ? fault_around_bytes_set+0xa0/0xa0 [ 1173.725869][T29581] __handle_mm_fault+0x327b/0x3da0 [ 1173.725869][T29581] ? vm_iomap_memory+0x1a0/0x1a0 [ 1173.725869][T29581] ? handle_mm_fault+0x292/0xa50 [ 1173.725869][T29581] ? handle_mm_fault+0x7a0/0xa50 [ 1173.725869][T29581] ? __kasan_check_read+0x11/0x20 [ 1173.725869][T29581] handle_mm_fault+0x3b2/0xa50 [ 1173.725869][T29581] __do_page_fault+0x536/0xd80 [ 1173.725869][T29581] do_page_fault+0x38/0x590 [ 1173.725869][T29581] do_async_page_fault+0x30/0xa0 [ 1173.725869][T29581] async_page_fault+0x39/0x40 [ 1173.725869][T29581] RIP: 0023:0x8055390 [ 1173.725869][T29581] Code: 5c f8 0c 89 c8 89 da 05 00 00 00 80 83 d2 00 83 fa 00 0f 87 d2 fe ff ff 3d ff ff ff 7e 0f 86 5d ff ff ff e9 c2 fe ff ff 66 90 <89> 04 9e eb ae 8b 74 24 1c c1 e3 03 89 f0 01 d8 39 c6 89 c7 89 44 [ 1173.725869][T29581] RSP: 002b:00000000ffd5d830 EFLAGS: 00010246 [ 1173.725869][T29581] RAX: 00000000817ac479 RBX: 0000000000000479 RCX: 0000000000000000 [ 1173.725869][T29581] RDX: 00000000817ac479 RSI: 0000000008150000 RDI: 0000000000000000 [ 1173.725869][T29581] RBP: 00000000817ac47d R08: 0000000000000000 R09: 0000000000000000 [ 1173.725869][T29581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1173.725869][T29581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1174.102982][T29581] Mem-Info: [ 1174.106807][T29581] active_anon:43497 inactive_anon:233 isolated_anon:0 [ 1174.106807][T29581] active_file:2875 inactive_file:17764 isolated_file:0 [ 1174.106807][T29581] unevictable:0 dirty:19 writeback:7 unstable:0 [ 1174.106807][T29581] slab_reclaimable:15440 slab_unreclaimable:59190 [ 1174.106807][T29581] mapped:39903 shmem:307 pagetables:3047 bounce:0 [ 1174.106807][T29581] free:145418 free_pcp:107 free_cma:0 [ 1174.158308][T29581] Node 0 active_anon:137188kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1174.191576][T29581] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1174.224234][T29581] lowmem_reserve[]: 0 532 532 532 532 [ 1174.230184][T29581] Node 0 DMA32 free:23216kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136944kB inactive_anon:896kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4888kB bounce:0kB free_pcp:424kB local_pcp:120kB free_cma:0kB [ 1174.269313][T29581] lowmem_reserve[]: 0 0 0 0 0 [ 1174.277699][T29581] Node 0 DMA: 3*4kB (ME) 9*8kB (UM) 13*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2820kB [ 1174.299969][T29581] Node 0 DMA32: 466*4kB (UME) 448*8kB (UME) 247*16kB (UME) 146*32kB (UME) 49*64kB (UME) 23*128kB (UME) 12*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23224kB [ 1174.319482][T29581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1174.330317][T29581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1174.341497][T29581] 13319 total pagecache pages [ 1174.346588][T29581] 0 pages in swap cache [ 1174.351750][T29581] Swap cache stats: add 0, delete 0, find 0/0 [ 1174.360345][T29581] Free swap = 0kB [ 1174.364668][T29581] Total swap = 0kB [ 1174.369323][T29581] 524155 pages RAM [ 1174.373599][T29581] 0 pages HighMem/MovableOnly [ 1174.378690][T29581] 141707 pages reserved [ 1174.383046][T29581] 0 pages cma reserved [ 1174.387395][T29581] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11009,uid=0 [ 1174.405320][T29581] Out of memory: Killed process 11009 (syz-executor.0) total-vm:72480kB, anon-rss:140kB, file-rss:34892kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1174.426818][ T1129] oom_reaper: reaped process 11009 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1174.503451][ T1129] oom_reaper: reaped process 29587 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 1174.508642][T29581] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1174.545015][T29581] CPU: 2 PID: 29581 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1174.554733][T29581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1174.564944][T29581] Call Trace: [ 1174.564944][T29581] dump_stack+0x197/0x210 [ 1174.575320][T29581] dump_header+0x10b/0x82d [ 1174.584818][T29581] ? oom_kill_process+0x94/0x420 [ 1174.584818][T29581] oom_kill_process.cold+0x10/0x15 [ 1174.594853][T29581] out_of_memory+0x334/0x13c0 [ 1174.594853][T29581] ? oom_killer_disable+0x280/0x280 [ 1174.606124][T29581] ? mutex_trylock+0x264/0x2f0 [ 1174.614800][T29581] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1174.614800][T29581] __alloc_pages_slowpath+0x222b/0x2920 [ 1174.625361][T29581] ? warn_alloc+0x110/0x110 [ 1174.625361][T29581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1174.634850][T29581] ? should_fail+0x1de/0x852 [ 1174.645890][T29581] ? __kasan_check_read+0x11/0x20 [ 1174.645890][T29581] __alloc_pages_nodemask+0x646/0x910 [ 1174.655010][T29581] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1174.665969][T29581] ? find_held_lock+0x35/0x130 [ 1174.665969][T29581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1174.674838][T29581] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1174.684765][T29581] alloc_pages_vma+0xdd/0x620 [ 1174.684765][T29581] wp_page_copy+0xb6e/0x1560 [ 1174.695346][T29581] ? find_held_lock+0x35/0x130 [ 1174.705054][T29581] ? follow_pfn+0x2a0/0x2a0 [ 1174.715602][T29581] ? lock_downgrade+0x920/0x920 [ 1174.724999][T29581] ? vm_normal_page+0x15d/0x3c0 [ 1174.724999][T29581] ? __pte_alloc_kernel+0x210/0x210 [ 1174.735529][T29581] ? do_raw_spin_unlock+0x178/0x270 [ 1174.744743][T29581] do_wp_page+0x543/0x1540 [ 1174.744743][T29581] ? do_raw_spin_lock+0x12a/0x2e0 [ 1174.756117][T29581] ? lock_acquire+0x190/0x410 [ 1174.756117][T29581] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1174.764797][T29581] ? fault_around_bytes_set+0xa0/0xa0 [ 1174.776511][T29581] __handle_mm_fault+0x327b/0x3da0 [ 1174.776511][T29581] ? vm_iomap_memory+0x1a0/0x1a0 [ 1174.785548][T29581] ? handle_mm_fault+0x292/0xa50 [ 1174.795517][T29581] ? handle_mm_fault+0x7a0/0xa50 [ 1174.795517][T29581] ? __kasan_check_read+0x11/0x20 [ 1174.808839][T29581] handle_mm_fault+0x3b2/0xa50 [ 1174.815327][T29581] __do_page_fault+0x536/0xd80 [ 1174.815327][T29581] do_page_fault+0x38/0x590 [ 1174.824788][T29581] do_async_page_fault+0x30/0xa0 [ 1174.824788][T29581] async_page_fault+0x39/0x40 [ 1174.835354][T29581] RIP: 0023:0x8055390 [ 1174.835354][T29581] Code: 5c f8 0c 89 c8 89 da 05 00 00 00 80 83 d2 00 83 fa 00 0f 87 d2 fe ff ff 3d ff ff ff 7e 0f 86 5d ff ff ff e9 c2 fe ff ff 66 90 <89> 04 9e eb ae 8b 74 24 1c c1 e3 03 89 f0 01 d8 39 c6 89 c7 89 44 [ 1174.855290][T29581] RSP: 002b:00000000ffd5d830 EFLAGS: 00010246 [ 1174.864845][T29581] RAX: 00000000817ac479 RBX: 0000000000000479 RCX: 0000000000000000 [ 1174.875772][T29581] RDX: 00000000817ac479 RSI: 0000000008150000 RDI: 0000000000000000 [ 1174.885440][T29581] RBP: 00000000817ac47d R08: 0000000000000000 R09: 0000000000000000 [ 1174.885440][T29581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1174.896234][T29581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1174.912083][T29581] Mem-Info: [ 1174.918044][T29581] active_anon:43466 inactive_anon:233 isolated_anon:0 [ 1174.918044][T29581] active_file:2868 inactive_file:17774 isolated_file:0 [ 1174.918044][T29581] unevictable:0 dirty:16 writeback:0 unstable:0 [ 1174.918044][T29581] slab_reclaimable:15441 slab_unreclaimable:59376 [ 1174.918044][T29581] mapped:39903 shmem:307 pagetables:2985 bounce:0 [ 1174.918044][T29581] free:145117 free_pcp:180 free_cma:0 [ 1174.981329][T29581] Node 0 active_anon:137088kB inactive_anon:896kB active_file:0kB inactive_file:52kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1175.020706][T29581] Node 0 DMA free:2824kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:244kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1175.061089][T29581] lowmem_reserve[]: 0 532 532 532 532 [ 1175.068171][T29581] Node 0 DMA32 free:23324kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136844kB inactive_anon:896kB active_file:0kB inactive_file:48kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4740kB bounce:0kB free_pcp:836kB local_pcp:152kB free_cma:0kB [ 1175.110537][T29581] lowmem_reserve[]: 0 0 0 0 0 [ 1175.117434][T29581] Node 0 DMA: 6*4kB (UME) 11*8kB (UM) 13*16kB (UME) 5*32kB (UME) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2848kB [ 1175.138004][T29581] Node 0 DMA32: 435*4kB (UME) 490*8kB (UME) 231*16kB (UME) 146*32kB (UME) 49*64kB (UME) 23*128kB (UME) 12*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 23180kB [ 1175.158926][T29581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1175.176001][T29581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1175.187725][T29581] 13324 total pagecache pages [ 1175.192904][T29581] 0 pages in swap cache [ 1175.199287][T29581] Swap cache stats: add 0, delete 0, find 0/0 [ 1175.212645][T29581] Free swap = 0kB [ 1175.219474][T29581] Total swap = 0kB [ 1175.224306][T29581] 524155 pages RAM [ 1175.228585][T29581] 0 pages HighMem/MovableOnly [ 1175.233687][T29581] 141707 pages reserved [ 1175.238206][T29581] 0 pages cma reserved [ 1175.244376][T29581] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=10978,uid=0 [ 1175.268240][T29581] Out of memory: Killed process 10978 (syz-executor.0) total-vm:72480kB, anon-rss:140kB, file-rss:34892kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1175.292561][ T1129] oom_reaper: reaped process 10978 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 03:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000001c0)) 03:37:02 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, &(0x7f0000000000)=0xfffffffffffffea2) 03:37:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0xb) clone(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 03:37:02 executing program 3: syz_emit_ethernet(0x0, 0x0, 0xfffffffffffffffe) 03:37:02 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000001c0)) 03:37:02 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, &(0x7f0000000000)=0xfffffffffffffea2) 03:37:02 executing program 1: r0 = socket(0x1, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000040)={'bond0\x00\x00\x00\x00\x06\x00\x00\x01\x00', @ifru_settings={0x1, 0x8, @fr_pvc=0x0}}) 03:37:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0xb) clone(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 03:37:02 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, &(0x7f0000000000)=0xfffffffffffffea2) 03:37:02 executing program 1: r0 = socket(0x1, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000040)={'bond0\x00\x00\x00\x00\x06\x00\x00\x01\x00', @ifru_settings={0x1, 0x8, @fr_pvc=0x0}}) 03:37:02 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) getsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, 0x0, &(0x7f0000000000)=0xfffffffffffffea2) 03:37:02 executing program 3: syz_emit_ethernet(0x0, 0x0, 0xfffffffffffffffe) 03:37:02 executing program 0: clock_gettime(0xb, &(0x7f00000001c0)) 03:37:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0xb) clone(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 03:37:02 executing program 3: syz_emit_ethernet(0x0, 0x0, 0xfffffffffffffffe) 03:37:02 executing program 1: r0 = socket(0x1, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000040)={'bond0\x00\x00\x00\x00\x06\x00\x00\x01\x00', @ifru_settings={0x1, 0x8, @fr_pvc=0x0}}) 03:37:02 executing program 0: clock_gettime(0xb, &(0x7f00000001c0)) 03:37:02 executing program 1: r0 = socket(0x1, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8924, &(0x7f0000000040)={'bond0\x00\x00\x00\x00\x06\x00\x00\x01\x00', @ifru_settings={0x1, 0x8, @fr_pvc=0x0}}) 03:37:02 executing program 0: clock_gettime(0xb, &(0x7f00000001c0)) 03:37:02 executing program 0: clock_gettime(0xb, &(0x7f00000001c0)) 03:37:02 executing program 3: syz_emit_ethernet(0x0, 0x0, 0xfffffffffffffffe) 03:37:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0xb) clone(0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 03:37:03 executing program 1: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77) clone(0x1000109, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2083405, 0x0) ftruncate(r0, 0x0) 03:37:03 executing program 0: ioprio_set$uid(0x0, 0x0, 0xd) 03:37:03 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) 03:37:03 executing program 0: ioprio_set$uid(0x0, 0x0, 0xd) 03:37:03 executing program 0: ioprio_set$uid(0x0, 0x0, 0xd) 03:37:03 executing program 2: openat$hpet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/hpet\x00', 0x1, 0x0) 03:37:03 executing program 0: ioprio_set$uid(0x0, 0x0, 0xd) 03:37:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 03:37:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 03:37:03 executing program 2: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:03 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) 03:37:03 executing program 1: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77) clone(0x1000109, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2083405, 0x0) ftruncate(r0, 0x0) 03:37:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) 03:37:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, 0x0, 0x0) [ 1176.664951][T29766] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1176.691568][T29766] CPU: 0 PID: 29766 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1176.694856][T29766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 03:37:03 executing program 0: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000000)={0x9, 0x20000000001, "db"}, 0x381002) [ 1176.706498][T29766] Call Trace: [ 1176.706498][T29766] dump_stack+0x197/0x210 [ 1176.706498][T29766] dump_header+0x10b/0x82d [ 1176.706498][T29766] ? oom_kill_process+0x94/0x420 [ 1176.706498][T29766] oom_kill_process.cold+0x10/0x15 [ 1176.747172][T29766] out_of_memory+0x334/0x13c0 [ 1176.747172][T29766] ? oom_killer_disable+0x280/0x280 03:37:03 executing program 0: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000000)={0x9, 0x20000000001, "db"}, 0x381002) [ 1176.754726][T29766] ? mutex_trylock+0x264/0x2f0 [ 1176.766668][T29766] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1176.780599][T29766] __alloc_pages_slowpath+0x222b/0x2920 [ 1176.795130][T29766] ? warn_alloc+0x110/0x110 03:37:03 executing program 0: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000000)={0x9, 0x20000000001, "db"}, 0x381002) [ 1176.795130][T29766] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1176.795130][T29766] ? should_fail+0x1de/0x852 [ 1176.795130][T29766] ? __kasan_check_read+0x11/0x20 [ 1176.834752][T29766] __alloc_pages_nodemask+0x646/0x910 [ 1176.834752][T29766] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1176.834752][T29766] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1176.834752][T29766] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1176.834752][T29766] alloc_pages_vma+0xdd/0x620 [ 1176.834752][T29766] wp_page_copy+0x226/0x1560 [ 1176.904860][T29766] ? find_held_lock+0x35/0x130 [ 1176.904860][T29766] ? follow_pfn+0x2a0/0x2a0 [ 1176.935045][T29766] ? lock_downgrade+0x920/0x920 [ 1176.944728][T29766] ? swp_swapcount+0x540/0x540 [ 1176.944728][T29766] ? do_raw_spin_unlock+0x178/0x270 [ 1176.957340][T29766] do_wp_page+0x543/0x1540 [ 1176.964676][T29766] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1176.972827][T29766] __handle_mm_fault+0x327b/0x3da0 [ 1176.982117][T29766] ? vm_iomap_memory+0x1a0/0x1a0 [ 1176.989201][T29766] ? handle_mm_fault+0x292/0xa50 [ 1176.997436][T29766] ? handle_mm_fault+0x7a0/0xa50 [ 1177.004749][T29766] ? __kasan_check_read+0x11/0x20 [ 1177.011856][T29766] handle_mm_fault+0x3b2/0xa50 [ 1177.022294][T29766] __do_page_fault+0x536/0xd80 [ 1177.028353][T29766] do_page_fault+0x38/0x590 [ 1177.041840][T29766] do_async_page_fault+0x30/0xa0 [ 1177.045258][T29766] async_page_fault+0x39/0x40 [ 1177.055612][T29766] RIP: 0010:__put_user_4+0x1c/0x30 [ 1177.061437][T29766] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1177.085166][T29766] RSP: 0018:ffffc9000b92ff30 EFLAGS: 00050293 [ 1177.094929][T29766] RAX: 000000000000309c RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1177.104753][T29766] RDX: dffffc0000000000 RSI: 1ffff1100d9cfc6b RDI: ffff88806ce7e070 [ 1177.115028][T29766] RBP: ffffc9000b92ff48 R08: 0000000000000001 R09: ffff88806ce7e350 [ 1177.123680][T29766] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1177.133214][T29766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1177.142537][T29766] ? schedule_tail+0xd8/0x130 [ 1177.148709][T29766] ret_from_fork+0x8/0x30 [ 1177.153322][T29766] RIP: 0023:0xf7f3ca39 [ 1177.158036][T29766] Code: Bad RIP value. [ 1177.162659][T29766] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1177.171928][T29766] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1177.181629][T29766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1177.190986][T29766] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1177.201699][T29766] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1177.217063][T29766] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1177.229485][T29766] Mem-Info: [ 1177.236469][T29766] active_anon:43481 inactive_anon:233 isolated_anon:0 [ 1177.236469][T29766] active_file:2875 inactive_file:17755 isolated_file:0 [ 1177.236469][T29766] unevictable:0 dirty:43 writeback:0 unstable:0 [ 1177.236469][T29766] slab_reclaimable:15655 slab_unreclaimable:59303 [ 1177.236469][T29766] mapped:39890 shmem:307 pagetables:3076 bounce:0 [ 1177.236469][T29766] free:144185 free_pcp:219 free_cma:0 [ 1177.309632][T29766] Node 0 active_anon:137168kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:12kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 03:37:04 executing program 2: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) [ 1177.355990][T29766] Node 0 DMA free:2840kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:272kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1177.412414][T29766] lowmem_reserve[]: 0 532 532 532 532 [ 1177.419183][T29766] Node 0 DMA32 free:24444kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136928kB inactive_anon:896kB active_file:40kB inactive_file:0kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9172kB pagetables:4884kB bounce:0kB free_pcp:1084kB local_pcp:176kB free_cma:0kB [ 1177.470749][T29766] lowmem_reserve[]: 0 0 0 0 0 [ 1177.481181][T29766] Node 0 DMA: 19*4kB (UM) 4*8kB (UME) 13*16kB (UM) 4*32kB (UM) 5*64kB (UME) 2*128kB (UM) 1*256kB (E) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2812kB [ 1177.519015][T29766] Node 0 DMA32: 818*4kB (UME) 433*8kB (UME) 204*16kB (UME) 150*32kB (UME) 49*64kB (UME) 23*128kB (UME) 11*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24208kB [ 1177.548440][T29766] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1177.561650][T29766] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1177.574204][T29766] 13336 total pagecache pages [ 1177.587883][T29766] 0 pages in swap cache [ 1177.595939][T29766] Swap cache stats: add 0, delete 0, find 0/0 [ 1177.607127][T29766] Free swap = 0kB [ 1177.612943][T29766] Total swap = 0kB [ 1177.618332][T29766] 524155 pages RAM [ 1177.623073][T29766] 0 pages HighMem/MovableOnly [ 1177.631142][T29766] 141707 pages reserved [ 1177.638064][T29766] 0 pages cma reserved [ 1177.646442][T29766] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=11408,uid=0 [ 1177.684163][T29766] Out of memory: Killed process 11408 (syz-executor.1) total-vm:72348kB, anon-rss:140kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1177.713547][ T1129] oom_reaper: reaped process 11408 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:37:04 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) 03:37:04 executing program 0: open_by_handle_at(0xffffffffffffff9c, &(0x7f0000000000)={0x9, 0x20000000001, "db"}, 0x381002) 03:37:04 executing program 1: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77) clone(0x1000109, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2083405, 0x0) ftruncate(r0, 0x0) 03:37:04 executing program 2: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:04 executing program 0: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:04 executing program 0: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:05 executing program 0: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:05 executing program 3: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0x0, r3) 03:37:05 executing program 2: pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$nl_generic(r2, &(0x7f00001cb000)={0x0, 0x0, &(0x7f0000f4a000)={&(0x7f000019bf9b)={0x14, 0x2a, 0x311}, 0x14}}, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="1c0000004a005f0214f9f424000904000a", 0x11) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 03:37:05 executing program 3: shmctl$IPC_SET(0x0, 0x1, 0x0) 03:37:05 executing program 1: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xffffff77) clone(0x1000109, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2083405, 0x0) ftruncate(r0, 0x0) 03:37:05 executing program 3: shmctl$IPC_SET(0x0, 0x1, 0x0) 03:37:05 executing program 2: r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000003800)=[{&(0x7f00000001c0)="f4001100032b2c25e994efd147980200000000000000f5ffff759c726f39d3c184295f3a21dfa462", 0x28}], 0x1}, 0x0) 03:37:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x3, &(0x7f0000000240), 0x10) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:37:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x3, &(0x7f0000000240), 0x10) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:37:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x3, &(0x7f0000000240), 0x10) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:37:05 executing program 3: shmctl$IPC_SET(0x0, 0x1, 0x0) 03:37:05 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x3, &(0x7f0000000240), 0x10) dup2(0xffffffffffffffff, 0xffffffffffffffff) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 03:37:05 executing program 3: shmctl$IPC_SET(0x0, 0x1, 0x0) 03:37:05 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000440), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x7, 0x0, 0x0, {0x0, 0x7530}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce03acaf3c2d2416"}}, 0x48}}, 0x0) 03:37:05 executing program 2: r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000003800)=[{&(0x7f00000001c0)="f4001100032b2c25e994efd147980200000000000000f5ffff759c726f39d3c184295f3a21dfa462", 0x28}], 0x1}, 0x0) 03:37:05 executing program 1: setitimer(0x0, &(0x7f0000000240)={{0xfffffffffffffffe}}, 0x0) 03:37:05 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000440), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x7, 0x0, 0x0, {0x0, 0x7530}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce03acaf3c2d2416"}}, 0x48}}, 0x0) 03:37:05 executing program 3: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) 03:37:05 executing program 2: r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000003800)=[{&(0x7f00000001c0)="f4001100032b2c25e994efd147980200000000000000f5ffff759c726f39d3c184295f3a21dfa462", 0x28}], 0x1}, 0x0) [ 1178.631886][T30041] __nla_validate_parse: 76 callbacks suppressed 03:37:05 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000440), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x7, 0x0, 0x0, {0x0, 0x7530}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce03acaf3c2d2416"}}, 0x48}}, 0x0) 03:37:05 executing program 1: setitimer(0x0, &(0x7f0000000240)={{0xfffffffffffffffe}}, 0x0) [ 1178.631916][T30041] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1178.684451][T30041] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. 03:37:05 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000440), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)={0x7, 0x0, 0x0, {0x0, 0x7530}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ce03acaf3c2d2416"}}, 0x48}}, 0x0) 03:37:05 executing program 2: r0 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec, 0x80, &(0x7f0000003800)=[{&(0x7f00000001c0)="f4001100032b2c25e994efd147980200000000000000f5ffff759c726f39d3c184295f3a21dfa462", 0x28}], 0x1}, 0x0) 03:37:05 executing program 1: setitimer(0x0, &(0x7f0000000240)={{0xfffffffffffffffe}}, 0x0) 03:37:05 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) ioctl$VIDIOC_QUERYBUF(r0, 0xc0445609, 0x0) 03:37:05 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r0, 0x0) read$FUSE(r1, &(0x7f00000014c0), 0x450) 03:37:05 executing program 3: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) 03:37:05 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=""/18) 03:37:05 executing program 1: setitimer(0x0, &(0x7f0000000240)={{0xfffffffffffffffe}}, 0x0) [ 1178.815808][T30162] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. 03:37:05 executing program 1: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) 03:37:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010007081000418e00000004fcff", 0xfed1}], 0x1) 03:37:06 executing program 3: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) [ 1178.855576][T30165] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:06 executing program 1: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) [ 1178.868312][T30173] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1178.891974][T30207] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:06 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x5) 03:37:06 executing program 3: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) 03:37:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010007081000418e00000004fcff", 0xfed1}], 0x1) 03:37:06 executing program 1: r0 = socket(0x1000000010, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000200)="1f0000000104fffff13b54c007110009f30501000b00024000002023020060", 0x1f) [ 1178.960682][T30275] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.3'. 03:37:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010007081000418e00000004fcff", 0xfed1}], 0x1) [ 1178.973761][T30277] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:06 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:06 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x5) 03:37:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010007081000418e00000004fcff", 0xfed1}], 0x1) 03:37:06 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='L']}) 03:37:06 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x5) 03:37:06 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='L']}) 03:37:06 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) 03:37:06 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='L']}) [ 1179.940145][T30282] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1179.960953][T30282] CPU: 2 PID: 30282 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1179.970681][T30282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1179.970681][T30282] Call Trace: [ 1179.970681][T30282] dump_stack+0x197/0x210 [ 1179.970681][T30282] dump_header+0x10b/0x82d [ 1179.970681][T30282] ? oom_kill_process+0x94/0x420 [ 1179.970681][T30282] oom_kill_process.cold+0x10/0x15 [ 1179.970681][T30282] out_of_memory+0x334/0x13c0 [ 1179.970681][T30282] ? oom_killer_disable+0x280/0x280 [ 1179.970681][T30282] ? mutex_trylock+0x264/0x2f0 [ 1179.970681][T30282] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1179.970681][T30282] __alloc_pages_slowpath+0x222b/0x2920 [ 1179.970681][T30282] ? warn_alloc+0x110/0x110 [ 1179.970681][T30282] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1179.970681][T30282] ? should_fail+0x1de/0x852 [ 1179.970681][T30282] ? __kasan_check_read+0x11/0x20 [ 1179.970681][T30282] __alloc_pages_nodemask+0x646/0x910 [ 1179.970681][T30282] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1179.970681][T30282] ? find_held_lock+0x35/0x130 [ 1179.970681][T30282] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1179.970681][T30282] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1179.970681][T30282] alloc_pages_vma+0xdd/0x620 [ 1179.970681][T30282] wp_page_copy+0x226/0x1560 [ 1179.970681][T30282] ? find_held_lock+0x35/0x130 [ 1179.970681][T30282] ? follow_pfn+0x2a0/0x2a0 [ 1179.970681][T30282] ? lock_downgrade+0x920/0x920 [ 1179.970681][T30282] ? swp_swapcount+0x540/0x540 [ 1179.970681][T30282] ? do_raw_spin_unlock+0x178/0x270 [ 1179.970681][T30282] do_wp_page+0x543/0x1540 [ 1179.970681][T30282] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1179.970681][T30282] __handle_mm_fault+0x327b/0x3da0 [ 1179.970681][T30282] ? vm_iomap_memory+0x1a0/0x1a0 [ 1179.970681][T30282] ? handle_mm_fault+0x292/0xa50 [ 1179.970681][T30282] ? handle_mm_fault+0x7a0/0xa50 [ 1179.970681][T30282] ? __kasan_check_read+0x11/0x20 [ 1179.970681][T30282] handle_mm_fault+0x3b2/0xa50 [ 1179.970681][T30282] __do_page_fault+0x536/0xd80 [ 1179.970681][T30282] do_page_fault+0x38/0x590 [ 1180.276626][T30282] do_async_page_fault+0x30/0xa0 [ 1180.276626][T30282] async_page_fault+0x39/0x40 [ 1180.276626][T30282] RIP: 0023:0x8065ffc [ 1180.276626][T30282] Code: 56 ff ff 8d 74 26 00 8d bc 27 00 00 00 00 55 57 56 53 81 ec dc 20 00 00 8b 58 68 85 db 0f 85 13 01 00 00 c7 40 68 ff ff ff ff <89> 84 24 c0 00 00 00 89 c3 8d 84 24 d0 00 00 00 c7 84 24 90 00 00 [ 1180.276626][T30282] RSP: 002b:00000000ffd5b310 EFLAGS: 00010246 [ 1180.276626][T30282] RAX: 0000000008130ea0 RBX: 00000000ffffffff RCX: 00000000ffd5d8e4 [ 1180.276626][T30282] RDX: 00000000080d75e7 RSI: 00000000fbad2086 RDI: 00000000ffffffff [ 1180.276626][T30282] RBP: 00000000ffd5d8b8 R08: 0000000000000000 R09: 0000000000000000 [ 1180.276626][T30282] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1180.276626][T30282] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1180.417273][T30282] Mem-Info: [ 1180.424749][T30282] active_anon:43452 inactive_anon:233 isolated_anon:0 [ 1180.424749][T30282] active_file:2875 inactive_file:17786 isolated_file:0 [ 1180.424749][T30282] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1180.424749][T30282] slab_reclaimable:16196 slab_unreclaimable:59678 [ 1180.424749][T30282] mapped:39903 shmem:307 pagetables:3039 bounce:0 [ 1180.424749][T30282] free:143211 free_pcp:240 free_cma:0 [ 1180.487744][T30282] Node 0 active_anon:137256kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1180.527144][T30282] Node 0 DMA free:2892kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:272kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1180.580370][T30282] lowmem_reserve[]: 0 532 532 532 532 [ 1180.590136][T30282] Node 0 DMA32 free:23752kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136984kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9200kB pagetables:4980kB bounce:0kB free_pcp:976kB local_pcp:332kB free_cma:0kB [ 1180.640851][T30282] lowmem_reserve[]: 0 0 0 0 0 [ 1180.648513][T30282] Node 0 DMA: 13*4kB (UME) 47*8kB (UME) 10*16kB (UM) 6*32kB (UME) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2892kB [ 1180.672161][T30282] Node 0 DMA32: 870*4kB (UM) 477*8kB (UME) 207*16kB (UME) 118*32kB (UME) 49*64kB (UME) 23*128kB (UME) 10*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23536kB [ 1180.692539][T30282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1180.705383][T30282] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1180.719222][T30282] 13345 total pagecache pages [ 1180.728431][T30282] 0 pages in swap cache [ 1180.736662][T30282] Swap cache stats: add 0, delete 0, find 0/0 [ 1180.745186][T30282] Free swap = 0kB [ 1180.749326][T30282] Total swap = 0kB [ 1180.754022][T30282] 524155 pages RAM [ 1180.759270][T30282] 0 pages HighMem/MovableOnly [ 1180.765541][T30282] 141707 pages reserved [ 1180.770429][T30282] 0 pages cma reserved [ 1180.775016][T30282] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11041,uid=0 [ 1180.794380][T30282] Out of memory: Killed process 11041 (syz-executor.0) total-vm:72480kB, anon-rss:140kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:07 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:07 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) 03:37:07 executing program 2: r0 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/random\x00', 0x0, 0x0) poll(&(0x7f0000000040)=[{r0}], 0x1, 0x5) 03:37:07 executing program 1: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000000c0)={'lo\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='L']}) [ 1180.817890][ T1129] oom_reaper: reaped process 11041 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:37:08 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:08 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) 03:37:08 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4) 03:37:08 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:08 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:08 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:08 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:09 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:09 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) [ 1182.634774][ C2] net_ratelimit: 2 callbacks suppressed [ 1182.635064][ C2] protocol 88fb is buggy, dev hsr_slave_0 03:37:10 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 3: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:37:10 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000440), 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x31, 0x4) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x15}}, 0x10) connect$inet(r1, &(0x7f0000000400)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 03:37:10 executing program 1: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 3: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:11 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:11 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x9, 0x3, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x2c}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:11 executing program 1: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) getsockopt$inet6_mreq(r0, 0x29, 0x1, 0x0, &(0x7f00000006c0)) 03:37:11 executing program 3: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) getsockopt$inet6_mreq(r0, 0x29, 0x1, 0x0, &(0x7f00000006c0)) 03:37:11 executing program 1: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 2: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:11 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) getsockopt$inet6_mreq(r0, 0x29, 0x1, 0x0, &(0x7f00000006c0)) 03:37:11 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) getsockopt$inet6_mreq(r0, 0x29, 0x1, 0x0, &(0x7f00000006c0)) 03:37:11 executing program 0: r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$inet_int(r0, 0x6, 0x3, &(0x7f0000000140), 0x4) 03:37:11 executing program 0: r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$inet_int(r0, 0x6, 0x3, &(0x7f0000000140), 0x4) 03:37:12 executing program 3: ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x44ff}) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x1f, &(0x7f0000000300)=""/150, &(0x7f00000002c0)=0x192) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x80000, 0x0) preadv(r0, &(0x7f0000002700)=[{0x0}, {&(0x7f0000002600)=""/204, 0xcc}], 0x2, 0x0) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x3) creat(&(0x7f00000003c0)='./bus\x00', 0xc1) write$FUSE_INTERRUPT(r1, &(0x7f0000000200)={0x297, 0xfffffffffffffffe, 0x4}, 0x10) r2 = socket$inet6(0xa, 0x400000000001, 0x0) r3 = dup(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000001c0)) ioctl(r4, 0x1000008910, &(0x7f0000000100)="c0dca5055e0bcfec7be070") keyctl$join(0x1, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000140)={0x78c, 0x21, 0x80000001, 0x401, 0x11, 0x7f, 0x0, 0xaa, 0xfbb, 0xff}) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000000c0)='\xd1?\xf3\xd7v', 0x0) setxattr$security_selinux(&(0x7f0000000540)='./bus\x00', 0x0, 0x0, 0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) dup(r5) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x12, &(0x7f0000000280)=0x80, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000440)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2008000) sendfile(r3, r6, 0x0, 0x8000fffffffe) 03:37:12 executing program 1: flistxattr(0xffffffffffffffff, 0x0, 0x0) 03:37:12 executing program 0: r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$inet_int(r0, 0x6, 0x3, &(0x7f0000000140), 0x4) 03:37:12 executing program 0: r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$inet_int(r0, 0x6, 0x3, &(0x7f0000000140), 0x4) 03:37:12 executing program 1: unshare(0x24020400) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 03:37:12 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000200)={0x0, 0x0, 0x0, {0x0, 0x989680}}) 03:37:12 executing program 1: unshare(0x24020400) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 03:37:12 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 0: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)='g', 0x1}], 0x1}, 0x0) sendmsg$sock(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="d7", 0x1}], 0x1}, 0x0) 03:37:12 executing program 1: unshare(0x24020400) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 03:37:12 executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 1: unshare(0x24020400) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) 03:37:12 executing program 0: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)='g', 0x1}], 0x1}, 0x0) sendmsg$sock(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="d7", 0x1}], 0x1}, 0x0) 03:37:12 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000500)='map_files\x00') fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='maps\x00') preadv(r1, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/169, 0x11}], 0x1, 0x0) quotactl(0x2080000201, &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f00000002c0)) 03:37:12 executing program 1: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 03:37:12 executing program 0: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)='g', 0x1}], 0x1}, 0x0) sendmsg$sock(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="d7", 0x1}], 0x1}, 0x0) 03:37:12 executing program 3: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x20000000000037}, 0x3c) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8946, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') 03:37:12 executing program 0: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000280)='g', 0x1}], 0x1}, 0x0) sendmsg$sock(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000140)="d7", 0x1}], 0x1}, 0x0) 03:37:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0503000100010100ff3ffe58", 0x1f}], 0x1) 03:37:12 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001480)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') 03:37:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x0) [ 1185.467400][T30951] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1185.469124][T30957] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'. 03:37:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x0) [ 1185.481489][T30951] CPU: 0 PID: 30951 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 03:37:12 executing program 1: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 1185.481496][T30951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1185.481500][T30951] Call Trace: 03:37:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x0) 03:37:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0503000100010100ff3ffe58", 0x1f}], 0x1) [ 1185.481516][T30951] dump_stack+0x197/0x210 [ 1185.481529][T30951] dump_header+0x10b/0x82d [ 1185.481537][T30951] ? oom_kill_process+0x94/0x420 [ 1185.481547][T30951] oom_kill_process.cold+0x10/0x15 [ 1185.481556][T30951] out_of_memory+0x334/0x13c0 [ 1185.481568][T30951] ? oom_killer_disable+0x280/0x280 [ 1185.481579][T30951] ? mutex_trylock+0x264/0x2f0 [ 1185.481586][T30951] ? __alloc_pages_slowpath+0xca3/0x2920 03:37:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}, @IFLA_NET_NS_FD={0x8}]}, 0x3c}}, 0x0) [ 1185.481596][T30951] __alloc_pages_slowpath+0x222b/0x2920 03:37:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0503000100010100ff3ffe58", 0x1f}], 0x1) [ 1185.481613][T30951] ? warn_alloc+0x110/0x110 [ 1185.481627][T30951] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1185.481639][T30951] ? should_fail+0x1de/0x852 [ 1185.481653][T30951] ? __kasan_check_read+0x11/0x20 [ 1185.481663][T30951] __alloc_pages_nodemask+0x646/0x910 [ 1185.481673][T30951] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1185.481687][T30951] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1185.481695][T30951] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1185.481706][T30951] alloc_pages_vma+0xdd/0x620 [ 1185.481719][T30951] wp_page_copy+0x226/0x1560 [ 1185.481728][T30951] ? find_held_lock+0x35/0x130 [ 1185.481738][T30951] ? follow_pfn+0x2a0/0x2a0 [ 1185.481747][T30951] ? lock_downgrade+0x920/0x920 [ 1185.481756][T30951] ? swp_swapcount+0x540/0x540 [ 1185.481767][T30951] ? do_raw_spin_unlock+0x178/0x270 [ 1185.481776][T30951] do_wp_page+0x543/0x1540 [ 1185.481787][T30951] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1185.481800][T30951] __handle_mm_fault+0x327b/0x3da0 [ 1185.481811][T30951] ? vm_iomap_memory+0x1a0/0x1a0 [ 1185.481819][T30951] ? handle_mm_fault+0x292/0xa50 [ 1185.481833][T30951] ? handle_mm_fault+0x7a0/0xa50 [ 1185.481841][T30951] ? __kasan_check_read+0x11/0x20 [ 1185.481852][T30951] handle_mm_fault+0x3b2/0xa50 [ 1185.481866][T30951] __do_page_fault+0x536/0xd80 [ 1185.481879][T30951] do_page_fault+0x38/0x590 [ 1185.481891][T30951] do_async_page_fault+0x30/0xa0 [ 1185.481901][T30951] async_page_fault+0x39/0x40 [ 1185.481910][T30951] RIP: 0010:__put_user_4+0x1c/0x30 [ 1185.481919][T30951] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1185.481924][T30951] RSP: 0018:ffffc90003507f30 EFLAGS: 00050293 [ 1185.481931][T30951] RAX: 000000000000318e RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1185.481936][T30951] RDX: dffffc0000000000 RSI: 1ffff110032d04b3 RDI: ffff8880196822b0 [ 1185.481941][T30951] RBP: ffffc90003507f48 R08: 0000000000000001 R09: ffff888019682590 [ 1185.481945][T30951] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1185.481950][T30951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1185.481966][T30951] ? schedule_tail+0xd8/0x130 [ 1185.481975][T30951] ret_from_fork+0x8/0x30 [ 1185.481981][T30951] RIP: 0023:0xf7f3ca39 [ 1185.481990][T30951] Code: Bad RIP value. [ 1185.481995][T30951] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1185.482002][T30951] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1185.482006][T30951] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1185.482011][T30951] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1185.482015][T30951] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1185.482020][T30951] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1185.482031][T30951] Mem-Info: [ 1185.482064][T30951] active_anon:43469 inactive_anon:231 isolated_anon:0 [ 1185.482064][T30951] active_file:2873 inactive_file:17796 isolated_file:0 [ 1185.482064][T30951] unevictable:0 dirty:0 writeback:32 unstable:0 [ 1185.482064][T30951] slab_reclaimable:15507 slab_unreclaimable:59844 [ 1185.482064][T30951] mapped:39900 shmem:307 pagetables:3096 bounce:0 [ 1185.482064][T30951] free:145108 free_pcp:605 free_cma:0 [ 1185.482081][T30951] Node 0 active_anon:137192kB inactive_anon:896kB active_file:0kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:20kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1185.482095][T30951] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:4kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1185.482155][T30951] lowmem_reserve[]: 0 532 532 532 532 [ 1185.482168][T30951] Node 0 DMA32 free:24348kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136924kB inactive_anon:896kB active_file:4kB inactive_file:20kB unevictable:0kB writepending:12kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9140kB pagetables:4968kB bounce:0kB free_pcp:2420kB local_pcp:740kB free_cma:0kB [ 1185.482188][T30951] lowmem_reserve[]: 0 0 0 0 0 [ 1185.482200][T30951] Node 0 DMA: 11*4kB (UME) 24*8kB (UME) 17*16kB (UM) 7*32kB (UME) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2844kB [ 1185.482244][T30951] Node 0 DMA32: 229*4kB (UME) 426*8kB (UME) 398*16kB (UME) 135*32kB (UME) 52*64kB (UME) 23*128kB (UME) 10*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24356kB [ 1185.561073][T30951] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1185.581477][T30951] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1185.602906][T30968] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1185.609732][T30951] 13347 total pagecache pages [ 1186.229647][T30951] 0 pages in swap cache [ 1186.236023][T30951] Swap cache stats: add 0, delete 0, find 0/0 [ 1186.245069][T30951] Free swap = 0kB [ 1186.250748][T30951] Total swap = 0kB [ 1186.255548][T30951] 524155 pages RAM [ 1186.263074][T30951] 0 pages HighMem/MovableOnly [ 1186.266064][T30973] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1186.271382][T30951] 141707 pages reserved [ 1186.271387][T30951] 0 pages cma reserved [ 1186.271395][T30951] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11394,uid=0 [ 1186.271597][T30951] Out of memory: Killed process 11394 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1186.273736][ T1129] oom_reaper: reaped process 11394 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:37:13 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001480)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') [ 1186.283749][T30974] fuse: Bad value for 'fd' 03:37:13 executing program 1: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) 03:37:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000fb5ff0)=[{&(0x7f0000fb4000)="1f00000002031900000007000000068100023b0503000100010100ff3ffe58", 0x1f}], 0x1) 03:37:13 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 1: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}]}) [ 1186.452881][T31083] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1186.503054][T31088] fuse: Bad value for 'fd' 03:37:13 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001480)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') 03:37:13 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000080)='ceph\x00', 0x0, &(0x7f0000000100)="cd", 0x1, r0) [ 1186.611053][T31099] fuse: Bad value for 'fd' 03:37:13 executing program 3: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001480)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='./file0/file0\x00') 03:37:13 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000080)='ceph\x00', 0x0, &(0x7f0000000100)="cd", 0x1, r0) [ 1186.678284][T31106] fuse: Bad value for 'fd' 03:37:13 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000080)='ceph\x00', 0x0, &(0x7f0000000100)="cd", 0x1, r0) 03:37:13 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="240000001a005f3814f9f407000903018000200000000000000000000700020040000000", 0x24) 03:37:13 executing program 0: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) [ 1186.741024][T31113] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 03:37:13 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000080)='ceph\x00', 0x0, &(0x7f0000000100)="cd", 0x1, r0) 03:37:13 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="240000001a005f3814f9f407000903018000200000000000000000000700020040000000", 0x24) 03:37:13 executing program 2: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000075c0)={'team0\x00'}) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 03:37:13 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:13 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) [ 1186.804279][T31124] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 03:37:14 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="240000001a005f3814f9f407000903018000200000000000000000000700020040000000", 0x24) [ 1186.903772][T31134] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 03:37:14 executing program 2: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="240000001a005f3814f9f407000903018000200000000000000000000700020040000000", 0x24) [ 1186.959917][T31142] netlink: 'syz-executor.3': attribute type 2 has an invalid length. 03:37:14 executing program 3: perf_event_open(&(0x7f0000000300)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:37:14 executing program 2: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:14 executing program 2: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 3: perf_event_open(&(0x7f0000000300)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:37:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:14 executing program 2: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 3: perf_event_open(&(0x7f0000000300)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:37:14 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:14 executing program 3: perf_event_open(&(0x7f0000000300)={0x2, 0x70, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:37:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 3: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 3: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 3: r0 = socket$inet(0x2b, 0x801, 0x0) listen(r0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:37:14 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x812, r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000000a000/0x1000)=nil) 03:37:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x812, r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000000a000/0x1000)=nil) 03:37:14 executing program 3: syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) r0 = syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000140)=""/245) 03:37:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x812, r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000000a000/0x1000)=nil) 03:37:15 executing program 2: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) utimes(&(0x7f0000000080)='./bus\x00', &(0x7f0000000100)) 03:37:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x812, r0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0) mremap(&(0x7f000000a000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000005000/0x2000)=nil) mremap(&(0x7f0000005000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f000000a000/0x1000)=nil) 03:37:15 executing program 3: syz_emit_ethernet(0x11, &(0x7f0000000000)=ANY=[@ANYBLOB="c5aa85004f00aaaaaaaaaaaa88a862c3db0f0bdcb6092da7fd8879a43147000063"], 0x0) 03:37:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000001b00)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_G_CTRL(r0, 0xc02c5625, &(0x7f0000001b40)) 03:37:15 executing program 1: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 0: io_setup(0xd8705c7, &(0x7f0000000080)) 03:37:15 executing program 3: r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f00000000c0)="24000000210099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) 03:37:15 executing program 0: io_setup(0xd8705c7, &(0x7f0000000080)) [ 1188.038817][T31533] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 1188.070604][T31533] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop1 03:37:15 executing program 0: io_setup(0xd8705c7, &(0x7f0000000080)) 03:37:15 executing program 3: r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f00000000c0)="24000000210099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) 03:37:15 executing program 2: creat(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000080)=@sg0='ubi!_0x0\xff', &(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0) 03:37:15 executing program 1: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 0: io_setup(0xd8705c7, &(0x7f0000000080)) 03:37:15 executing program 3: r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f00000000c0)="24000000210099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) 03:37:15 executing program 2: creat(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000080)=@sg0='ubi!_0x0\xff', &(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0) [ 1188.175055][T31549] UBIFS error (pid: 31549): cannot open "ubi!_0x0ÿ", error -19 03:37:15 executing program 0: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 3: r0 = socket(0x400000000000010, 0x802, 0x0) write(r0, &(0x7f00000000c0)="24000000210099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) [ 1188.243433][T31553] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 1188.257700][T31553] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop1 [ 1188.258006][T31559] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 1188.289029][T31559] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop0 03:37:15 executing program 3: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000340)="a8", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000005c0)='blacklist\x00\xdc\x92\xa6`\xf6OG_Y&\xe2\xe9x@y\xa9\x01#7\r\xb1\xf6\xb7(\x0f\xa8|\xad\x9e\x19\xc2O3\x83>\xed\xcfU\\\x06T\n\x05\v,/V\x87j[?\x92\xdby&\x89\x7f\xee\xc4\b\xd1g\xd7\r\xa8w\xbd\rK\x95&z\xd7\xdcK\xcf\xbbX\xb9\x05v\x98\x8fQy\x9dP\x1c/\x01\x04\x00\x00\x00\x00\x00\x00\x98Q\x17\xa7\xcat\xc1\xc2\xe7?\xff\xbb4\x80+2i jRRC\x1fb\xa0\v\xe1Pt!\xdb\xc7$\x91\x01\x13', &(0x7f0000000380)=@chain={'key_or_keyring:', 0x0, ':chain\x00'}) 03:37:15 executing program 2: creat(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000080)=@sg0='ubi!_0x0\xff', &(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0) 03:37:15 executing program 1: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 0: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 3: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000340)="a8", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000005c0)='blacklist\x00\xdc\x92\xa6`\xf6OG_Y&\xe2\xe9x@y\xa9\x01#7\r\xb1\xf6\xb7(\x0f\xa8|\xad\x9e\x19\xc2O3\x83>\xed\xcfU\\\x06T\n\x05\v,/V\x87j[?\x92\xdby&\x89\x7f\xee\xc4\b\xd1g\xd7\r\xa8w\xbd\rK\x95&z\xd7\xdcK\xcf\xbbX\xb9\x05v\x98\x8fQy\x9dP\x1c/\x01\x04\x00\x00\x00\x00\x00\x00\x98Q\x17\xa7\xcat\xc1\xc2\xe7?\xff\xbb4\x80+2i jRRC\x1fb\xa0\v\xe1Pt!\xdb\xc7$\x91\x01\x13', &(0x7f0000000380)=@chain={'key_or_keyring:', 0x0, ':chain\x00'}) [ 1188.356976][T31564] UBIFS error (pid: 31564): cannot open "ubi!_0x0ÿ", error -19 [ 1188.473715][T31574] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing 03:37:15 executing program 3: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000340)="a8", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000005c0)='blacklist\x00\xdc\x92\xa6`\xf6OG_Y&\xe2\xe9x@y\xa9\x01#7\r\xb1\xf6\xb7(\x0f\xa8|\xad\x9e\x19\xc2O3\x83>\xed\xcfU\\\x06T\n\x05\v,/V\x87j[?\x92\xdby&\x89\x7f\xee\xc4\b\xd1g\xd7\r\xa8w\xbd\rK\x95&z\xd7\xdcK\xcf\xbbX\xb9\x05v\x98\x8fQy\x9dP\x1c/\x01\x04\x00\x00\x00\x00\x00\x00\x98Q\x17\xa7\xcat\xc1\xc2\xe7?\xff\xbb4\x80+2i jRRC\x1fb\xa0\v\xe1Pt!\xdb\xc7$\x91\x01\x13', &(0x7f0000000380)=@chain={'key_or_keyring:', 0x0, ':chain\x00'}) [ 1188.473718][T31577] UBIFS error (pid: 31577): cannot open "ubi!_0x0ÿ", error -19 03:37:15 executing program 2: creat(&(0x7f0000000180)='./bus\x00', 0x0) mount(&(0x7f0000000080)=@sg0='ubi!_0x0\xff', &(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='ubifs\x00', 0x0, 0x0) [ 1188.483706][T31574] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop0 03:37:15 executing program 0: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) [ 1188.575669][T31575] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing 03:37:15 executing program 3: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000340)="a8", 0x1, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000005c0)='blacklist\x00\xdc\x92\xa6`\xf6OG_Y&\xe2\xe9x@y\xa9\x01#7\r\xb1\xf6\xb7(\x0f\xa8|\xad\x9e\x19\xc2O3\x83>\xed\xcfU\\\x06T\n\x05\v,/V\x87j[?\x92\xdby&\x89\x7f\xee\xc4\b\xd1g\xd7\r\xa8w\xbd\rK\x95&z\xd7\xdcK\xcf\xbbX\xb9\x05v\x98\x8fQy\x9dP\x1c/\x01\x04\x00\x00\x00\x00\x00\x00\x98Q\x17\xa7\xcat\xc1\xc2\xe7?\xff\xbb4\x80+2i jRRC\x1fb\xa0\v\xe1Pt!\xdb\xc7$\x91\x01\x13', &(0x7f0000000380)=@chain={'key_or_keyring:', 0x0, ':chain\x00'}) [ 1188.581251][T31584] UBIFS error (pid: 31584): cannot open "ubi!_0x0ÿ", error -19 [ 1188.598151][T31575] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop1 03:37:15 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) [ 1188.729982][T31588] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing [ 1188.746142][T31588] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop0 03:37:15 executing program 1: lstat(&(0x7f0000000540)='./file0\x00', 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000180)="cefaad1bb83c000040dc", 0xff0f}], 0x2, 0x0) 03:37:15 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) [ 1188.819083][T31624] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 1188.836924][T31624] BFS-fs: bfs_fill_super(): Inode 0x00000009 corrupted on loop1 03:37:16 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/softnet_stat\x00') sendfile(r0, r1, 0x0, 0x80000001) 03:37:16 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:16 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:16 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:16 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 1: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:16 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='environ\x00') 03:37:17 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:17 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:17 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:17 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:17 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev}}}, 0x108) 03:37:17 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:17 executing program 1: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:17 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socketpair(0x1, 0x2000000003, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8922, &(0x7f0000000000)='ip6gre0\x00') 03:37:17 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000080)={&(0x7f0000000b40), 0x18, &(0x7f0000000b80)={&(0x7f0000000100)="01", 0xdf2}}, 0x0) 03:37:17 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socketpair(0x1, 0x2000000003, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8922, &(0x7f0000000000)='ip6gre0\x00') 03:37:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev}}}, 0x108) 03:37:17 executing program 3: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) request_key(0x0, &(0x7f0000000040)={'sFz'}, 0x0, 0xfffffffffffffffd) socket$inet(0x2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x389}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x3a8, 0x4000) write$P9_RVERSION(r1, &(0x7f00000001c0)={0x15, 0x65, 0xffff, 0x89, 0x8, '9P2000.L'}, 0x15) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) openat$zero(0xffffffffffffff9c, &(0x7f0000000240)='/dev/zero\x00', 0x0, 0x0) keyctl$chown(0x4, r2, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x111) write$FUSE_POLL(r3, &(0x7f00000000c0)={0x18}, 0x18) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x14, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000080)=[@mss, @sack_perm], 0x2) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x1420000a77, 0x0) 03:37:17 executing program 0: keyctl$dh_compute(0x7, &(0x7f0000000000), 0x0, 0x0, 0x0) 03:37:17 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socketpair(0x1, 0x2000000003, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8922, &(0x7f0000000000)='ip6gre0\x00') 03:37:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev}}}, 0x108) 03:37:17 executing program 3: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) 03:37:17 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) socketpair(0x1, 0x2000000003, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8922, &(0x7f0000000000)='ip6gre0\x00') 03:37:17 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000280)={0x40000000000002, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000400)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @initdev}}}, 0x108) 03:37:17 executing program 0: keyctl$dh_compute(0x7, &(0x7f0000000000), 0x0, 0x0, 0x0) 03:37:17 executing program 0: keyctl$dh_compute(0x7, &(0x7f0000000000), 0x0, 0x0, 0x0) 03:37:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d1c6238975d43a4505f80fc889f3c530cf08e467b592f868ee3b0a434df0a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2b346a36f5662403e1b2be45ca0bb1c865295576b72dd97cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e763f63223b7b80197aa743f7555193161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740675298b79dc194e533583412dff048fc21f28bdd3e26a5ab2728a04c178facc43bb6cfb851ce5a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a347c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404986dfa2c6e94bd0339454c1"], &(0x7f0000000340)='GPL\x00'}, 0x1e) 03:37:17 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040), 0x8) 03:37:17 executing program 0: keyctl$dh_compute(0x7, &(0x7f0000000000), 0x0, 0x0, 0x0) 03:37:17 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040), 0x8) 03:37:17 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x28}}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e26, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xedc0) 03:37:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d1c6238975d43a4505f80fc889f3c530cf08e467b592f868ee3b0a434df0a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2b346a36f5662403e1b2be45ca0bb1c865295576b72dd97cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e763f63223b7b80197aa743f7555193161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740675298b79dc194e533583412dff048fc21f28bdd3e26a5ab2728a04c178facc43bb6cfb851ce5a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a347c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404986dfa2c6e94bd0339454c1"], &(0x7f0000000340)='GPL\x00'}, 0x1e) 03:37:17 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b1a, &(0x7f0000000100)='wlan0\x00\xcf\"\xe5*\x17H\x00\x00\x00\x80\x00\x00\x00\x00\xb8\xe7\xd9K8\x02\xe5\xf1\xa7\xd2Q\x82\x9fO>QX\xebKt\xcdl\xd9\xe7\xb7XR\x0f\xe4\xde^D\xca\xa3\xdf\xdcC\xd4\x9d\xd3R\xae\xea\xbe!\xd8]\xf3i\xe7k\xf2\xb7\xbe\x0e\x9d\xfd\xbb\xa7h\xdc\r\x85\x15\x8f\n\xf0~\x7fB\f(1\x98\x8c\xde\xa2,\xfd7P\xe8wY\xf2l\xea\xe1\x81~\x7fC(\x04-\x8e\xec\"\xb7m#\xb4\xfc\xae\x05\x12\x83\x88\xb6Y+?tr\x7f\xa9=0\x80<\xbd\xc9\x98\x8ew\xd0+4`\n\x17\xb8\rE\xac1\xe8\xbf\x0eF4m') 03:37:17 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040), 0x8) 03:37:17 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b1a, &(0x7f0000000100)='wlan0\x00\xcf\"\xe5*\x17H\x00\x00\x00\x80\x00\x00\x00\x00\xb8\xe7\xd9K8\x02\xe5\xf1\xa7\xd2Q\x82\x9fO>QX\xebKt\xcdl\xd9\xe7\xb7XR\x0f\xe4\xde^D\xca\xa3\xdf\xdcC\xd4\x9d\xd3R\xae\xea\xbe!\xd8]\xf3i\xe7k\xf2\xb7\xbe\x0e\x9d\xfd\xbb\xa7h\xdc\r\x85\x15\x8f\n\xf0~\x7fB\f(1\x98\x8c\xde\xa2,\xfd7P\xe8wY\xf2l\xea\xe1\x81~\x7fC(\x04-\x8e\xec\"\xb7m#\xb4\xfc\xae\x05\x12\x83\x88\xb6Y+?tr\x7f\xa9=0\x80<\xbd\xc9\x98\x8ew\xd0+4`\n\x17\xb8\rE\xac1\xe8\xbf\x0eF4m') 03:37:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d1c6238975d43a4505f80fc889f3c530cf08e467b592f868ee3b0a434df0a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2b346a36f5662403e1b2be45ca0bb1c865295576b72dd97cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e763f63223b7b80197aa743f7555193161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740675298b79dc194e533583412dff048fc21f28bdd3e26a5ab2728a04c178facc43bb6cfb851ce5a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a347c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404986dfa2c6e94bd0339454c1"], &(0x7f0000000340)='GPL\x00'}, 0x1e) 03:37:17 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000040), 0x8) 03:37:17 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x28}}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e26, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xedc0) 03:37:17 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b1a, &(0x7f0000000100)='wlan0\x00\xcf\"\xe5*\x17H\x00\x00\x00\x80\x00\x00\x00\x00\xb8\xe7\xd9K8\x02\xe5\xf1\xa7\xd2Q\x82\x9fO>QX\xebKt\xcdl\xd9\xe7\xb7XR\x0f\xe4\xde^D\xca\xa3\xdf\xdcC\xd4\x9d\xd3R\xae\xea\xbe!\xd8]\xf3i\xe7k\xf2\xb7\xbe\x0e\x9d\xfd\xbb\xa7h\xdc\r\x85\x15\x8f\n\xf0~\x7fB\f(1\x98\x8c\xde\xa2,\xfd7P\xe8wY\xf2l\xea\xe1\x81~\x7fC(\x04-\x8e\xec\"\xb7m#\xb4\xfc\xae\x05\x12\x83\x88\xb6Y+?tr\x7f\xa9=0\x80<\xbd\xc9\x98\x8ew\xd0+4`\n\x17\xb8\rE\xac1\xe8\xbf\x0eF4m') 03:37:17 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000040000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d1c6238975d43a4505f80fc889f3c530cf08e467b592f868ee3b0a434df0a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2b346a36f5662403e1b2be45ca0bb1c865295576b72dd97cc7c2683908a0d411a9872971c7c56f0979bd10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e763f63223b7b80197aa743f7555193161f45346b100000000000000000089e399f6609876b5887437a172ebc02a740675298b79dc194e533583412dff048fc21f28bdd3e26a5ab2728a04c178facc43bb6cfb851ce5a9ff19ffcafe3e64be033c9d2f972cc93c1c13caec04a347c24a9fb6a6991ddb737d527d6acb15426415b6e8b14f822e86067a5e991c3b404986dfa2c6e94bd0339454c1"], &(0x7f0000000340)='GPL\x00'}, 0x1e) 03:37:17 executing program 1: bpf$PROG_LOAD(0xd, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 03:37:17 executing program 1: bpf$PROG_LOAD(0xd, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 03:37:18 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b1a, &(0x7f0000000100)='wlan0\x00\xcf\"\xe5*\x17H\x00\x00\x00\x80\x00\x00\x00\x00\xb8\xe7\xd9K8\x02\xe5\xf1\xa7\xd2Q\x82\x9fO>QX\xebKt\xcdl\xd9\xe7\xb7XR\x0f\xe4\xde^D\xca\xa3\xdf\xdcC\xd4\x9d\xd3R\xae\xea\xbe!\xd8]\xf3i\xe7k\xf2\xb7\xbe\x0e\x9d\xfd\xbb\xa7h\xdc\r\x85\x15\x8f\n\xf0~\x7fB\f(1\x98\x8c\xde\xa2,\xfd7P\xe8wY\xf2l\xea\xe1\x81~\x7fC(\x04-\x8e\xec\"\xb7m#\xb4\xfc\xae\x05\x12\x83\x88\xb6Y+?tr\x7f\xa9=0\x80<\xbd\xc9\x98\x8ew\xd0+4`\n\x17\xb8\rE\xac1\xe8\xbf\x0eF4m') 03:37:18 executing program 1: bpf$PROG_LOAD(0xd, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 03:37:18 executing program 1: bpf$PROG_LOAD(0xd, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 03:37:18 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x28}}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e26, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xedc0) 03:37:18 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 0: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r0, 0x540b, 0x0) 03:37:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r0, 0x540b, 0x0) 03:37:18 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x28}}}, 0x1c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e26, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') sendfile(r0, r1, 0x0, 0xedc0) 03:37:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r0, 0x540b, 0x0) 03:37:18 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 0: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000600)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCFLSH(r0, 0x540b, 0x0) 03:37:18 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 0: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 0: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xfffffffffffffffe) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet6(r1, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="a6", 0x1}], 0x1}}, {{&(0x7f0000001780)={0xa, 0x0, 0x0, @loopback}, 0x1c, &(0x7f0000002c40)=[{&(0x7f00000017c0)='d', 0x1}], 0x1}}], 0x2, 0x0) 03:37:18 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 0: msgctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/4096) 03:37:18 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:18 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x380000, @empty}, 0x1c) 03:37:18 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020662a, 0x20000001) 03:37:18 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x380000, @empty}, 0x1c) 03:37:18 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020662a, 0x20000001) 03:37:18 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020662a, 0x20000001) 03:37:18 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x380000, @empty}, 0x1c) [ 1191.628205][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1191.657395][ T9407] CPU: 1 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1191.664622][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1191.664622][ T9407] Call Trace: [ 1191.664622][ T9407] dump_stack+0x197/0x210 [ 1191.664622][ T9407] dump_header+0x10b/0x82d [ 1191.664622][ T9407] ? oom_kill_process+0x94/0x420 [ 1191.664622][ T9407] oom_kill_process.cold+0x10/0x15 [ 1191.664622][ T9407] out_of_memory+0x334/0x13c0 [ 1191.664622][ T9407] ? oom_killer_disable+0x280/0x280 [ 1191.664622][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1191.664622][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1191.664622][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1191.664622][ T9407] ? warn_alloc+0x110/0x110 [ 1191.664622][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1191.664622][ T9407] ? should_fail+0x1de/0x852 [ 1191.664622][ T9407] ? __kasan_check_read+0x11/0x20 [ 1191.664622][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1191.664622][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1191.664622][ T9407] ? lock_downgrade+0x920/0x920 [ 1191.664622][ T9407] ? set_pte_at+0xcc/0x130 [ 1191.664622][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1191.664622][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1191.664622][ T9407] alloc_pages_vma+0xdd/0x620 [ 1191.664622][ T9407] wp_page_copy+0x226/0x1560 [ 1191.664622][ T9407] ? find_held_lock+0x35/0x130 [ 1191.664622][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1191.664622][ T9407] ? lock_downgrade+0x920/0x920 [ 1191.664622][ T9407] ? swp_swapcount+0x540/0x540 [ 1191.664622][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1191.664622][ T9407] do_wp_page+0x543/0x1540 [ 1191.664622][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1191.664622][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1191.664622][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1191.664622][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1191.664622][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1191.664622][ T9407] ? __kasan_check_read+0x11/0x20 [ 1191.664622][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1191.664622][ T9407] __do_page_fault+0x536/0xd80 [ 1191.664622][ T9407] do_page_fault+0x38/0x590 [ 1191.664622][ T9407] do_async_page_fault+0x30/0xa0 [ 1191.664622][ T9407] async_page_fault+0x39/0x40 [ 1191.664622][ T9407] RIP: 0023:0x808fa48 [ 1191.664622][ T9407] Code: 85 d2 75 2b eb da 8d 74 26 00 83 f8 ea 74 13 83 f8 f2 0f 85 08 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 <89> 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e f0 [ 1191.664622][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1191.664622][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1191.664622][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007bbe [ 1191.664622][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1191.664622][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.664622][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1192.156666][ T9407] Mem-Info: [ 1192.168981][ T9407] active_anon:43515 inactive_anon:233 isolated_anon:0 [ 1192.168981][ T9407] active_file:2878 inactive_file:17807 isolated_file:0 [ 1192.168981][ T9407] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1192.168981][ T9407] slab_reclaimable:15592 slab_unreclaimable:60195 [ 1192.168981][ T9407] mapped:39890 shmem:307 pagetables:3085 bounce:0 [ 1192.168981][ T9407] free:145043 free_pcp:365 free_cma:0 [ 1192.233833][ T9407] Node 0 active_anon:137268kB inactive_anon:896kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1192.291301][ T9407] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:276kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1192.375887][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1192.386451][ T9407] Node 0 DMA32 free:24240kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136928kB inactive_anon:896kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9140kB pagetables:4976kB bounce:0kB free_pcp:932kB local_pcp:228kB free_cma:0kB [ 1192.435585][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1192.441331][ T9407] Node 0 DMA: 36*4kB (UME) 14*8kB (UME) 11*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2832kB [ 1192.460566][ T9407] Node 0 DMA32: 504*4kB (UME) 517*8kB (UME) 253*16kB (UME) 108*32kB (UME) 43*64kB (UME) 24*128kB (UME) 12*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23064kB [ 1192.491301][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1192.511998][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1192.527540][ T9407] 13370 total pagecache pages [ 1192.534239][ T9407] 0 pages in swap cache [ 1192.540491][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1192.548263][ T9407] Free swap = 0kB [ 1192.554110][ T9407] Total swap = 0kB [ 1192.559317][ T9407] 524155 pages RAM [ 1192.565304][ T9407] 0 pages HighMem/MovableOnly [ 1192.572230][ T9407] 141707 pages reserved [ 1192.578100][ T9407] 0 pages cma reserved [ 1192.583126][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11384,uid=0 [ 1192.610782][ T9407] Out of memory: Killed process 11384 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34888kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1192.731687][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1192.747354][ T9407] CPU: 2 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1192.757032][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1192.757032][ T9407] Call Trace: [ 1192.757032][ T9407] dump_stack+0x197/0x210 [ 1192.757032][ T9407] dump_header+0x10b/0x82d [ 1192.757032][ T9407] ? oom_kill_process+0x94/0x420 [ 1192.757032][ T9407] oom_kill_process.cold+0x10/0x15 [ 1192.757032][ T9407] out_of_memory+0x334/0x13c0 [ 1192.757032][ T9407] ? oom_killer_disable+0x280/0x280 [ 1192.757032][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1192.757032][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1192.757032][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1192.757032][ T9407] ? warn_alloc+0x110/0x110 [ 1192.757032][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1192.757032][ T9407] ? should_fail+0x1de/0x852 [ 1192.757032][ T9407] ? __kasan_check_read+0x11/0x20 [ 1192.757032][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1192.757032][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1192.757032][ T9407] ? lock_downgrade+0x920/0x920 [ 1192.757032][ T9407] ? set_pte_at+0xcc/0x130 [ 1192.757032][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1192.757032][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1192.757032][ T9407] alloc_pages_vma+0xdd/0x620 [ 1192.757032][ T9407] wp_page_copy+0x226/0x1560 [ 1192.757032][ T9407] ? find_held_lock+0x35/0x130 [ 1192.757032][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1192.757032][ T9407] ? lock_downgrade+0x920/0x920 [ 1192.757032][ T9407] ? swp_swapcount+0x540/0x540 [ 1192.757032][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1192.757032][ T9407] do_wp_page+0x543/0x1540 [ 1192.757032][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1192.757032][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1192.757032][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1192.757032][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1192.757032][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1192.757032][ T9407] ? __kasan_check_read+0x11/0x20 [ 1192.757032][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1192.757032][ T9407] __do_page_fault+0x536/0xd80 [ 1192.757032][ T9407] do_page_fault+0x38/0x590 [ 1192.757032][ T9407] do_async_page_fault+0x30/0xa0 [ 1192.757032][ T9407] async_page_fault+0x39/0x40 [ 1192.757032][ T9407] RIP: 0023:0x808fa48 [ 1192.757032][ T9407] Code: 85 d2 75 2b eb da 8d 74 26 00 83 f8 ea 74 13 83 f8 f2 0f 85 08 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 <89> 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e f0 [ 1192.757032][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1192.757032][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1193.126863][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007bbe [ 1193.126863][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1193.126863][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1193.126863][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1193.222723][ T9407] Mem-Info: [ 1193.232379][ T9407] active_anon:43435 inactive_anon:233 isolated_anon:0 [ 1193.232379][ T9407] active_file:2878 inactive_file:17812 isolated_file:0 [ 1193.232379][ T9407] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1193.232379][ T9407] slab_reclaimable:15593 slab_unreclaimable:60618 [ 1193.232379][ T9407] mapped:39901 shmem:307 pagetables:2992 bounce:0 [ 1193.232379][ T9407] free:145154 free_pcp:283 free_cma:0 [ 1193.295021][ T9407] Node 0 active_anon:137196kB inactive_anon:896kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1193.335773][ T9407] Node 0 DMA free:2888kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:276kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1193.381295][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1193.395163][ T9407] Node 0 DMA32 free:22712kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136920kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4880kB bounce:0kB free_pcp:1552kB local_pcp:260kB free_cma:0kB [ 1193.435883][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1193.441152][ T9407] Node 0 DMA: 35*4kB (UME) 18*8kB (UME) 13*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2892kB [ 1193.461252][ T9407] Node 0 DMA32: 597*4kB (UME) 448*8kB (UME) 243*16kB (UME) 108*32kB (UME) 43*64kB (UME) 24*128kB (UME) 12*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 22724kB [ 1193.499920][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1193.515967][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1193.535239][ T9407] 13376 total pagecache pages [ 1193.542217][ T9407] 0 pages in swap cache [ 1193.548794][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1193.558873][ T9407] Free swap = 0kB [ 1193.563739][ T9407] Total swap = 0kB [ 1193.569269][ T9407] 524155 pages RAM [ 1193.573990][ T9407] 0 pages HighMem/MovableOnly [ 1193.579833][ T9407] 141707 pages reserved [ 1193.584568][ T9407] 0 pages cma reserved [ 1193.589879][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=11401,uid=0 [ 1193.608557][ T9407] Out of memory: Killed process 11401 (syz-executor.0) total-vm:72348kB, anon-rss:136kB, file-rss:34884kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:20 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x380000, @empty}, 0x1c) 03:37:20 executing program 3: r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) connect$inet(r0, &(0x7f0000000040), 0x10) 03:37:20 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000001ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020662a, 0x20000001) 03:37:20 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:20 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000006480)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000280)=""/47, 0x2f}], 0x1}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000000f2, 0x0) 03:37:20 executing program 0: munmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000) madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4) 03:37:20 executing program 0: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:20 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) [ 1193.889667][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:37:21 executing program 0: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) [ 1194.004975][ T9407] CPU: 2 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1194.045125][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1194.074927][ T9407] Call Trace: [ 1194.074927][ T9407] dump_stack+0x197/0x210 [ 1194.074927][ T9407] dump_header+0x10b/0x82d [ 1194.074927][ T9407] ? oom_kill_process+0x94/0x420 03:37:21 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) [ 1194.144910][ T9407] oom_kill_process.cold+0x10/0x15 [ 1194.154978][ T9407] out_of_memory+0x334/0x13c0 [ 1194.154978][ T9407] ? oom_killer_disable+0x280/0x280 [ 1194.175068][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1194.175068][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1194.175068][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1194.175068][ T9407] ? warn_alloc+0x110/0x110 [ 1194.175068][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1194.175068][ T9407] ? should_fail+0x1de/0x852 [ 1194.175068][ T9407] ? __kasan_check_read+0x11/0x20 [ 1194.175068][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1194.175068][ T9407] ? cpuacct_charge+0x1db/0x360 [ 1194.175068][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1194.175068][ T9407] ? update_curr+0x3e0/0x8d0 [ 1194.175068][ T9407] ? update_curr+0x3e0/0x8d0 [ 1194.175068][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1194.175068][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1194.294773][ T9407] alloc_pages_vma+0xdd/0x620 [ 1194.294773][ T9407] wp_page_copy+0x226/0x1560 [ 1194.305327][ T9407] ? find_held_lock+0x35/0x130 [ 1194.315654][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1194.315654][ T9407] ? lock_downgrade+0x920/0x920 [ 1194.315654][ T9407] ? swp_swapcount+0x540/0x540 [ 1194.335010][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1194.344762][ T9407] do_wp_page+0x543/0x1540 [ 1194.344762][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1194.344762][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1194.344762][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1194.374704][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1194.374704][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1194.374704][ T9407] ? __kasan_check_read+0x11/0x20 [ 1194.374704][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1194.374704][ T9407] __do_page_fault+0x536/0xd80 [ 1194.374704][ T9407] do_page_fault+0x38/0x590 [ 1194.434811][ T9407] do_async_page_fault+0x30/0xa0 [ 1194.444721][ T9407] async_page_fault+0x39/0x40 [ 1194.450139][ T9407] RIP: 0023:0x808fa5d [ 1194.454811][ T9407] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1194.474802][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1194.485289][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1194.494730][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007bc0 [ 1194.505451][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1194.505451][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1194.554205][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1194.585611][ T9407] Mem-Info: [ 1194.596628][ T9407] active_anon:43389 inactive_anon:233 isolated_anon:0 [ 1194.596628][ T9407] active_file:2878 inactive_file:17819 isolated_file:0 [ 1194.596628][ T9407] unevictable:0 dirty:0 writeback:8 unstable:0 [ 1194.596628][ T9407] slab_reclaimable:15592 slab_unreclaimable:60312 [ 1194.596628][ T9407] mapped:39890 shmem:307 pagetables:3008 bounce:0 [ 1194.596628][ T9407] free:145223 free_pcp:322 free_cma:0 [ 1194.697285][ T9407] Node 0 active_anon:137196kB inactive_anon:896kB active_file:8kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:4kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1194.745979][ T9407] Node 0 DMA free:2792kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:280kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:160kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1194.791969][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1194.802897][ T9407] Node 0 DMA32 free:23204kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136916kB inactive_anon:896kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4880kB bounce:0kB free_pcp:1288kB local_pcp:508kB free_cma:0kB [ 1194.935407][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1194.941285][ T9407] Node 0 DMA: 21*4kB (UME) 21*8kB (UME) 12*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2844kB [ 1194.965079][ T9407] Node 0 DMA32: 1073*4kB (UME) 385*8kB (UME) 179*16kB (UME) 108*32kB (UME) 43*64kB (UME) 24*128kB (UME) 12*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23100kB [ 1194.986112][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1195.006431][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1195.023492][ T9407] 13380 total pagecache pages [ 1195.033000][ T9407] 0 pages in swap cache [ 1195.042163][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1195.051292][ T9407] Free swap = 0kB [ 1195.064941][ T9407] Total swap = 0kB [ 1195.074406][ T9407] 524155 pages RAM [ 1195.088231][ T9407] 0 pages HighMem/MovableOnly [ 1195.101246][ T9407] 141707 pages reserved [ 1195.118940][ T9407] 0 pages cma reserved [ 1195.131630][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=13286,uid=0 [ 1195.187414][ T9407] Out of memory: Killed process 13286 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34860kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1195.257515][ T1129] oom_reaper: reaped process 13286 (syz-executor.2), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 03:37:22 executing program 0: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:22 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) 03:37:22 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) 03:37:22 executing program 0: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:22 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:22 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:22 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) 03:37:22 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) 03:37:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000000c0)=ANY=[@ANYBLOB="00040013000004000001000502000000000000000000000900000002efff"], 0x28) sendmmsg(r0, &(0x7f00000092c0), 0x400000000000064, 0x0) 03:37:23 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7}, 0x48) 03:37:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x32a) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@mss, @timestamp, @window, @sack_perm], 0x20000000000003af) sendmmsg(r0, &(0x7f0000004b40)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000002240)='Y', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB], 0x1}}, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x618) close(r0) 03:37:23 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@ipv4}, 0x20) 03:37:23 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000480)) 03:37:23 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@ipv4}, 0x20) 03:37:23 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000001400)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0xf7) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$UI_DEV_DESTROY(r0, 0x5502) 03:37:23 executing program 3: r0 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000140)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$search(0xa, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x2}, r0) 03:37:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000170600000fff07005606080002ffffffb40200000ee60000bf050000000000003d630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad320100000000009500000000000000050000000000000095000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe53, 0x10, &(0x7f0000000000), 0xfffffeea}, 0x48) 03:37:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@ipv4}, 0x20) 03:37:24 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7}, 0x48) 03:37:24 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:24 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@ipv4}, 0x20) 03:37:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000170600000fff07005606080002ffffffb40200000ee60000bf050000000000003d630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad320100000000009500000000000000050000000000000095000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe53, 0x10, &(0x7f0000000000), 0xfffffeea}, 0x48) 03:37:24 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'veth0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x7, 0x0, 0x0, {0x0, @udp_ip6_spec={@rand_addr="b11b215c33c8ad8e6af24e50d7c4f326", @mcast1}, {0x0, @link_local}, @sctp_ip4_spec={@broadcast, @remote}, {0x0, @dev}}}}) 03:37:24 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7}, 0x48) 03:37:24 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x3, 0x0, 0x3, 0x1c10a1, 0x0, 0x2c}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xf7}, 0x48) 03:37:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000170600000fff07005606080002ffffffb40200000ee60000bf050000000000003d630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad320100000000009500000000000000050000000000000095000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe53, 0x10, &(0x7f0000000000), 0xfffffeea}, 0x48) 03:37:24 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'veth0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x7, 0x0, 0x0, {0x0, @udp_ip6_spec={@rand_addr="b11b215c33c8ad8e6af24e50d7c4f326", @mcast1}, {0x0, @link_local}, @sctp_ip4_spec={@broadcast, @remote}, {0x0, @dev}}}}) 03:37:24 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'veth0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x7, 0x0, 0x0, {0x0, @udp_ip6_spec={@rand_addr="b11b215c33c8ad8e6af24e50d7c4f326", @mcast1}, {0x0, @link_local}, @sctp_ip4_spec={@broadcast, @remote}, {0x0, @dev}}}}) 03:37:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61128c000000000061134c0000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000170600000fff07005606080002ffffffb40200000ee60000bf050000000000003d630000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad320100000000009500000000000000050000000000000095000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe53, 0x10, &(0x7f0000000000), 0xfffffeea}, 0x48) 03:37:24 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:24 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'veth0\x00', &(0x7f0000000280)=@ethtool_rxnfc={0x7, 0x0, 0x0, {0x0, @udp_ip6_spec={@rand_addr="b11b215c33c8ad8e6af24e50d7c4f326", @mcast1}, {0x0, @link_local}, @sctp_ip4_spec={@broadcast, @remote}, {0x0, @dev}}}}) 03:37:24 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:24 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:24 executing program 0: unshare(0x400) r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 03:37:24 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='.\x06\x00\x00\x00\x00\x00\x00\x00syz1\x00', 0x1ff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/11, 0x2}], 0x10000000000000dc) 03:37:24 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:24 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='.\x06\x00\x00\x00\x00\x00\x00\x00syz1\x00', 0x1ff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/11, 0x2}], 0x10000000000000dc) [ 1197.591968][T32721] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1197.647671][T32721] CPU: 3 PID: 32721 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 03:37:24 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='.\x06\x00\x00\x00\x00\x00\x00\x00syz1\x00', 0x1ff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/11, 0x2}], 0x10000000000000dc) [ 1197.656649][T32721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1197.735464][T32721] Call Trace: [ 1197.735464][T32721] dump_stack+0x197/0x210 [ 1197.735464][T32721] dump_header+0x10b/0x82d [ 1197.825098][T32721] ? oom_kill_process+0x94/0x420 [ 1197.838024][T32721] oom_kill_process.cold+0x10/0x15 [ 1197.854745][T32721] out_of_memory+0x334/0x13c0 [ 1197.870758][T32721] ? oom_killer_disable+0x280/0x280 [ 1197.874948][T32721] ? mutex_trylock+0x264/0x2f0 [ 1197.892471][T32721] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1197.901958][T32721] __alloc_pages_slowpath+0x222b/0x2920 [ 1197.914267][T32721] ? warn_alloc+0x110/0x110 [ 1197.915007][T32721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1197.924749][T32721] ? should_fail+0x1de/0x852 [ 1197.934755][T32721] ? __kasan_check_read+0x11/0x20 [ 1197.945018][T32721] __alloc_pages_nodemask+0x646/0x910 [ 1197.954767][T32721] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1197.964928][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1197.975424][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1198.004875][T32721] alloc_pages_vma+0xdd/0x620 [ 1198.015011][T32721] wp_page_copy+0x226/0x1560 [ 1198.034826][T32721] ? find_held_lock+0x35/0x130 [ 1198.054754][T32721] ? follow_pfn+0x2a0/0x2a0 [ 1198.064852][T32721] ? lock_downgrade+0x920/0x920 [ 1198.087826][T32721] ? swp_swapcount+0x540/0x540 [ 1198.104975][T32721] ? do_raw_spin_unlock+0x178/0x270 [ 1198.114830][T32721] do_wp_page+0x543/0x1540 [ 1198.124725][T32721] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1198.145143][T32721] __handle_mm_fault+0x327b/0x3da0 [ 1198.154778][T32721] ? vm_iomap_memory+0x1a0/0x1a0 [ 1198.154778][T32721] ? handle_mm_fault+0x292/0xa50 [ 1198.164801][T32721] ? handle_mm_fault+0x7a0/0xa50 [ 1198.174741][T32721] ? __kasan_check_read+0x11/0x20 [ 1198.184739][T32721] handle_mm_fault+0x3b2/0xa50 [ 1198.194842][T32721] __do_page_fault+0x536/0xd80 [ 1198.204782][T32721] do_page_fault+0x38/0x590 [ 1198.214761][T32721] do_async_page_fault+0x30/0xa0 [ 1198.225460][T32721] async_page_fault+0x39/0x40 [ 1198.235094][T32721] RIP: 0010:__put_user_4+0x1c/0x30 [ 1198.258397][T32721] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1198.357486][T32721] RSP: 0018:ffffc90002897f30 EFLAGS: 00050293 [ 1198.385003][T32721] RAX: 0000000000003445 RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1198.424840][T32721] RDX: dffffc0000000000 RSI: 1ffff1100282f953 RDI: ffff88801417c7b0 [ 1198.444710][T32721] RBP: ffffc90002897f48 R08: 0000000000000001 R09: ffff88801417ca90 [ 1198.474775][T32721] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1198.495144][T32721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1198.534985][T32721] ? schedule_tail+0xd8/0x130 [ 1198.544883][T32721] ret_from_fork+0x8/0x30 [ 1198.554843][T32721] RIP: 0023:0xf7f3ca39 [ 1198.564809][T32721] Code: Bad RIP value. [ 1198.576370][T32721] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1198.584758][T32721] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1198.614963][T32721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1198.635210][T32721] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1198.644757][T32721] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1198.664723][T32721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 03:37:24 executing program 2: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 1198.685658][T32721] Mem-Info: [ 1198.697972][T32721] active_anon:43370 inactive_anon:233 isolated_anon:0 [ 1198.697972][T32721] active_file:2876 inactive_file:17830 isolated_file:0 [ 1198.697972][T32721] unevictable:0 dirty:26 writeback:0 unstable:0 [ 1198.697972][T32721] slab_reclaimable:15530 slab_unreclaimable:59665 [ 1198.697972][T32721] mapped:39890 shmem:307 pagetables:2961 bounce:0 [ 1198.697972][T32721] free:146118 free_pcp:318 free_cma:0 [ 1198.796105][T32721] Node 0 active_anon:137204kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1198.873891][T32721] Node 0 DMA free:2844kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1198.922027][T32721] lowmem_reserve[]: 0 532 532 532 532 [ 1198.930884][T32721] Node 0 DMA32 free:23444kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136936kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4880kB bounce:0kB free_pcp:1404kB local_pcp:616kB free_cma:0kB [ 1198.983762][T32721] lowmem_reserve[]: 0 0 0 0 0 [ 1198.990004][T32721] Node 0 DMA: 21*4kB (UM) 14*8kB (UME) 18*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2884kB [ 1199.008108][T32721] Node 0 DMA32: 1143*4kB (UME) 495*8kB (UME) 189*16kB (UME) 87*32kB (UME) 43*64kB (UME) 24*128kB (UME) 13*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24004kB [ 1199.028032][T32721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.041118][T32721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.053413][T32721] 13390 total pagecache pages [ 1199.059081][T32721] 0 pages in swap cache [ 1199.063729][T32721] Swap cache stats: add 0, delete 0, find 0/0 [ 1199.070871][T32721] Free swap = 0kB [ 1199.075345][T32721] Total swap = 0kB [ 1199.079414][T32721] 524155 pages RAM [ 1199.083708][T32721] 0 pages HighMem/MovableOnly [ 1199.089422][T32721] 141707 pages reserved [ 1199.095381][T32721] 0 pages cma reserved [ 1199.100466][T32721] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=13314,uid=0 [ 1199.119932][T32721] Out of memory: Killed process 13314 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34856kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1199.243026][T32721] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1199.259180][T32721] CPU: 0 PID: 32721 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1199.268978][T32721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1199.268978][T32721] Call Trace: [ 1199.268978][T32721] dump_stack+0x197/0x210 [ 1199.268978][T32721] dump_header+0x10b/0x82d [ 1199.268978][T32721] ? oom_kill_process+0x94/0x420 [ 1199.268978][T32721] oom_kill_process.cold+0x10/0x15 [ 1199.268978][T32721] out_of_memory+0x334/0x13c0 [ 1199.268978][T32721] ? oom_killer_disable+0x280/0x280 [ 1199.268978][T32721] ? mutex_trylock+0x264/0x2f0 [ 1199.268978][T32721] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1199.268978][T32721] __alloc_pages_slowpath+0x222b/0x2920 [ 1199.268978][T32721] ? warn_alloc+0x110/0x110 [ 1199.268978][T32721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1199.268978][T32721] ? should_fail+0x1de/0x852 [ 1199.268978][T32721] ? __kasan_check_read+0x11/0x20 [ 1199.268978][T32721] __alloc_pages_nodemask+0x646/0x910 [ 1199.268978][T32721] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1199.268978][T32721] ? lock_downgrade+0x920/0x920 [ 1199.268978][T32721] ? __kasan_check_write+0x14/0x20 [ 1199.268978][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1199.268978][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1199.268978][T32721] alloc_pages_vma+0xdd/0x620 [ 1199.268978][T32721] __handle_mm_fault+0x1ed5/0x3da0 [ 1199.268978][T32721] ? vm_iomap_memory+0x1a0/0x1a0 [ 1199.268978][T32721] ? handle_mm_fault+0x292/0xa50 [ 1199.268978][T32721] ? handle_mm_fault+0x7a0/0xa50 [ 1199.268978][T32721] ? __kasan_check_read+0x11/0x20 [ 1199.268978][T32721] handle_mm_fault+0x3b2/0xa50 [ 1199.268978][T32721] __do_page_fault+0x536/0xd80 [ 1199.268978][T32721] do_page_fault+0x38/0x590 [ 1199.268978][T32721] do_async_page_fault+0x30/0xa0 [ 1199.268978][T32721] async_page_fault+0x39/0x40 [ 1199.268978][T32721] RIP: 0023:0x80577c6 [ 1199.268978][T32721] Code: 9d 03 00 83 c4 20 83 f8 ff 89 45 ac 0f 84 f9 02 00 00 8b 45 ac 85 c0 0f 84 bc 02 00 00 8b 5d ac 8b 75 a0 8d 84 33 40 fb ff ff <89> 98 70 02 00 00 89 b0 74 02 00 00 89 c3 89 45 b4 05 8c 00 00 00 [ 1199.268978][T32721] RSP: 002b:00000000ffd5d860 EFLAGS: 00010286 [ 1199.268978][T32721] RAX: 00000000f5d38b40 RBX: 00000000f5d18000 RCX: 0000000000021000 [ 1199.268978][T32721] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000021000 [ 1199.268978][T32721] RBP: 00000000ffd5d8d8 R08: 0000000000000000 R09: 0000000000000000 [ 1199.268978][T32721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1199.268978][T32721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1199.702317][T32721] Mem-Info: [ 1199.716701][T32721] active_anon:43346 inactive_anon:233 isolated_anon:0 [ 1199.716701][T32721] active_file:2876 inactive_file:17831 isolated_file:0 [ 1199.716701][T32721] unevictable:0 dirty:9 writeback:0 unstable:0 [ 1199.716701][T32721] slab_reclaimable:15529 slab_unreclaimable:59682 [ 1199.716701][T32721] mapped:39903 shmem:307 pagetables:2937 bounce:0 [ 1199.716701][T32721] free:146092 free_pcp:382 free_cma:0 [ 1199.768178][T32721] Node 0 active_anon:137228kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1199.810158][T32721] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:292kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.859896][T32721] lowmem_reserve[]: 0 532 532 532 532 [ 1199.869431][T32721] Node 0 DMA32 free:23684kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136936kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4880kB bounce:0kB free_pcp:1680kB local_pcp:148kB free_cma:0kB [ 1199.910820][T32721] lowmem_reserve[]: 0 0 0 0 0 [ 1199.918045][T32721] Node 0 DMA: 20*4kB (U) 10*8kB (UME) 18*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2848kB [ 1199.936301][T32721] Node 0 DMA32: 1143*4kB (UME) 403*8kB (UME) 195*16kB (UME) 87*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23620kB [ 1199.954755][T32721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.965994][T32721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1199.982539][T32721] 13396 total pagecache pages [ 1199.989795][T32721] 0 pages in swap cache [ 1199.996754][T32721] Swap cache stats: add 0, delete 0, find 0/0 [ 1200.009494][T32721] Free swap = 0kB [ 1200.018379][T32721] Total swap = 0kB [ 1200.025603][T32721] 524155 pages RAM [ 1200.033742][T32721] 0 pages HighMem/MovableOnly [ 1200.047127][T32721] 141707 pages reserved [ 1200.054849][T32721] 0 pages cma reserved [ 1200.061160][T32721] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=11020,uid=0 [ 1200.123567][T32721] Out of memory: Killed process 11020 (syz-executor.2) total-vm:72480kB, anon-rss:140kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1200.260662][ T1129] oom_reaper: reaped process 11020 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1200.380877][T32721] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1200.448843][T32721] CPU: 2 PID: 32721 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1200.458351][T32721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1200.458351][T32721] Call Trace: [ 1200.458351][T32721] dump_stack+0x197/0x210 [ 1200.458351][T32721] dump_header+0x10b/0x82d [ 1200.458351][T32721] ? oom_kill_process+0x94/0x420 [ 1200.458351][T32721] oom_kill_process.cold+0x10/0x15 [ 1200.666128][T32721] out_of_memory+0x334/0x13c0 [ 1200.685198][T32721] ? oom_killer_disable+0x280/0x280 [ 1200.717503][T32721] ? mutex_trylock+0x264/0x2f0 [ 1200.730040][T32721] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1200.746019][T32721] __alloc_pages_slowpath+0x222b/0x2920 [ 1200.774960][T32721] ? warn_alloc+0x110/0x110 [ 1200.795122][T32721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1200.825818][T32721] ? should_fail+0x1de/0x852 [ 1200.845423][T32721] ? __kasan_check_read+0x11/0x20 [ 1200.865416][T32721] __alloc_pages_nodemask+0x646/0x910 [ 1200.895071][T32721] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1200.926084][T32721] ? lock_downgrade+0x920/0x920 [ 1200.945519][T32721] ? set_pte_at+0xcc/0x130 [ 1200.965733][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1200.995082][T32721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1201.024920][T32721] alloc_pages_vma+0xdd/0x620 [ 1201.045435][T32721] wp_page_copy+0xb6e/0x1560 [ 1201.054900][T32721] ? find_held_lock+0x35/0x130 [ 1201.074840][T32721] ? follow_pfn+0x2a0/0x2a0 [ 1201.095263][T32721] ? lock_downgrade+0x920/0x920 [ 1201.105301][T32721] ? vm_normal_page+0x15d/0x3c0 [ 1201.125484][T32721] ? __pte_alloc_kernel+0x210/0x210 [ 1201.134983][T32721] ? do_raw_spin_unlock+0x178/0x270 [ 1201.145743][T32721] do_wp_page+0x543/0x1540 [ 1201.165119][T32721] ? do_raw_spin_lock+0x12a/0x2e0 [ 1201.174867][T32721] ? lock_acquire+0x190/0x410 [ 1201.185591][T32721] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1201.202357][T32721] ? fault_around_bytes_set+0xa0/0xa0 [ 1201.205371][T32721] __handle_mm_fault+0x327b/0x3da0 [ 1201.215103][T32721] ? vm_iomap_memory+0x1a0/0x1a0 [ 1201.225658][T32721] ? handle_mm_fault+0x292/0xa50 [ 1201.234723][T32721] ? handle_mm_fault+0x7a0/0xa50 [ 1201.245396][T32721] ? __kasan_check_read+0x11/0x20 [ 1201.245396][T32721] handle_mm_fault+0x3b2/0xa50 [ 1201.260941][T32721] __do_page_fault+0x536/0xd80 [ 1201.276234][T32721] do_page_fault+0x38/0x590 [ 1201.295163][T32721] do_async_page_fault+0x30/0xa0 [ 1201.306227][T32721] async_page_fault+0x39/0x40 [ 1201.315407][T32721] RIP: 0023:0x8055390 [ 1201.325357][T32721] Code: 5c f8 0c 89 c8 89 da 05 00 00 00 80 83 d2 00 83 fa 00 0f 87 d2 fe ff ff 3d ff ff ff 7e 0f 86 5d ff ff ff e9 c2 fe ff ff 66 90 <89> 04 9e eb ae 8b 74 24 1c c1 e3 03 89 f0 01 d8 39 c6 89 c7 89 44 [ 1201.345272][T32721] RSP: 002b:00000000ffd5d830 EFLAGS: 00010246 [ 1201.365357][T32721] RAX: 000000003f9ca8d9 RBX: 00000000000008d9 RCX: 0000000000000000 [ 1201.376290][T32721] RDX: 000000003f9ca8d9 RSI: 0000000008150000 RDI: 0000000000000006 [ 1201.384794][T32721] RBP: 000000003f9ca8dd R08: 0000000000000000 R09: 0000000000000000 [ 1201.404947][T32721] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1201.415790][T32721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1201.434274][T32721] Mem-Info: [ 1201.439700][T32721] active_anon:43328 inactive_anon:233 isolated_anon:0 [ 1201.439700][T32721] active_file:2876 inactive_file:17842 isolated_file:0 [ 1201.439700][T32721] unevictable:0 dirty:0 writeback:12 unstable:0 [ 1201.439700][T32721] slab_reclaimable:15489 slab_unreclaimable:59368 [ 1201.439700][T32721] mapped:39903 shmem:307 pagetables:2901 bounce:0 [ 1201.439700][T32721] free:146344 free_pcp:431 free_cma:0 [ 1201.492837][T32721] Node 0 active_anon:137260kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1201.560595][T32721] Node 0 DMA free:2836kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:324kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:160kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1201.611505][T32721] lowmem_reserve[]: 0 532 532 532 532 [ 1201.623712][T32721] Node 0 DMA32 free:23404kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136936kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4880kB bounce:0kB free_pcp:1724kB local_pcp:176kB free_cma:0kB [ 1201.669615][T32721] lowmem_reserve[]: 0 0 0 0 0 [ 1201.675330][T32721] Node 0 DMA: 19*4kB (U) 16*8kB (UME) 17*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2876kB [ 1201.698765][T32721] Node 0 DMA32: 1143*4kB (UME) 406*8kB (UME) 180*16kB (UME) 87*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23404kB [ 1201.739994][T32721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.766386][T32721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1201.786592][T32721] 13402 total pagecache pages [ 1201.793339][T32721] 0 pages in swap cache [ 1201.800908][T32721] Swap cache stats: add 0, delete 0, find 0/0 [ 1201.809876][T32721] Free swap = 0kB [ 1201.814931][T32721] Total swap = 0kB [ 1201.820687][T32721] 524155 pages RAM [ 1201.827208][T32721] 0 pages HighMem/MovableOnly [ 1201.838139][T32721] 141707 pages reserved [ 1201.844705][T32721] 0 pages cma reserved [ 1201.852122][T32721] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=10991,uid=0 [ 1201.876286][T32721] Out of memory: Killed process 10991 (syz-executor.2) total-vm:72480kB, anon-rss:140kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:29 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000900)="ba", 0x1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:37:29 executing program 0: unshare(0x400) r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 03:37:29 executing program 1: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='.\x06\x00\x00\x00\x00\x00\x00\x00syz1\x00', 0x1ff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x0, 0x0) readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/11, 0x2}], 0x10000000000000dc) 03:37:29 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f3, &(0x7f0000000300)={'gre0\x00\x00\x00\b\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000042f7c20fb03026608036b6c2d162729b15962e08152db425a19df02d45"]}) 03:37:29 executing program 0: unshare(0x400) r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 03:37:29 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0xe, &(0x7f0000000080)={0x0, 0x0}, 0x8) 03:37:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x0, 0x0, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 03:37:29 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f3, &(0x7f0000000300)={'gre0\x00\x00\x00\b\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000042f7c20fb03026608036b6c2d162729b15962e08152db425a19df02d45"]}) [ 1202.072101][T32745] sock: process `syz-executor.1' is using obsolete setsockopt SO_BSDCOMPAT 03:37:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x0, 0x0, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 03:37:29 executing program 0: unshare(0x400) r0 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r0, 0x0, &(0x7f0000000300)) 03:37:29 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x0, 0x0, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 03:37:29 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f3, &(0x7f0000000300)={'gre0\x00\x00\x00\b\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000042f7c20fb03026608036b6c2d162729b15962e08152db425a19df02d45"]}) 03:37:29 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0xe, &(0x7f0000000080)={0x0, 0x0}, 0x8) 03:37:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000002fc0)=@ethtool_gstrings={0x33}}) 03:37:29 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0xe, &(0x7f0000000080)={0x0, 0x0}, 0x8) [ 1202.375169][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:37:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000002fc0)=@ethtool_gstrings={0x33}}) [ 1202.401200][ T9407] CPU: 2 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 03:37:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000002fc0)=@ethtool_gstrings={0x33}}) [ 1202.407803][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1202.414647][ T9407] Call Trace: [ 1202.414647][ T9407] dump_stack+0x197/0x210 [ 1202.414647][ T9407] dump_header+0x10b/0x82d [ 1202.414647][ T9407] ? oom_kill_process+0x94/0x420 [ 1202.414647][ T9407] oom_kill_process.cold+0x10/0x15 03:37:29 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'bond_slave_0\x00', &(0x7f0000002fc0)=@ethtool_gstrings={0x33}}) [ 1202.464716][ T9407] out_of_memory+0x334/0x13c0 [ 1202.464716][ T9407] ? oom_killer_disable+0x280/0x280 [ 1202.464716][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1202.464716][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1202.464716][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1202.464716][ T9407] ? warn_alloc+0x110/0x110 [ 1202.464716][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1202.464716][ T9407] ? should_fail+0x1de/0x852 [ 1202.464716][ T9407] ? __kasan_check_read+0x11/0x20 [ 1202.464716][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1202.464716][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1202.464716][ T9407] ? activate_task+0x212/0x490 [ 1202.464716][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1202.464716][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1202.464716][ T9407] alloc_pages_vma+0xdd/0x620 [ 1202.464716][ T9407] wp_page_copy+0x226/0x1560 [ 1202.464716][ T9407] ? find_held_lock+0x35/0x130 [ 1202.464716][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1202.464716][ T9407] ? lock_downgrade+0x920/0x920 [ 1202.464716][ T9407] ? swp_swapcount+0x540/0x540 [ 1202.464716][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1202.464716][ T9407] do_wp_page+0x543/0x1540 [ 1202.464716][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1202.464716][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1202.464716][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1202.464716][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1202.464716][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1202.464716][ T9407] ? __kasan_check_read+0x11/0x20 [ 1202.464716][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1202.464716][ T9407] __do_page_fault+0x536/0xd80 [ 1202.464716][ T9407] do_page_fault+0x38/0x590 [ 1202.464716][ T9407] do_async_page_fault+0x30/0xa0 [ 1202.464716][ T9407] async_page_fault+0x39/0x40 [ 1202.464716][ T9407] RIP: 0023:0x808fa5d [ 1202.464716][ T9407] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1202.464716][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1202.464716][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1202.464716][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007c3f [ 1202.464716][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1202.464716][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1202.464716][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1203.002400][ T9407] Mem-Info: 03:37:30 executing program 0: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) [ 1203.006381][ T9407] active_anon:43312 inactive_anon:233 isolated_anon:0 [ 1203.006381][ T9407] active_file:2880 inactive_file:17845 isolated_file:0 [ 1203.006381][ T9407] unevictable:0 dirty:6 writeback:9 unstable:0 [ 1203.006381][ T9407] slab_reclaimable:15489 slab_unreclaimable:59281 [ 1203.006381][ T9407] mapped:39903 shmem:307 pagetables:2958 bounce:0 [ 1203.006381][ T9407] free:146640 free_pcp:235 free_cma:0 [ 1203.076318][ T9407] Node 0 active_anon:137208kB inactive_anon:896kB active_file:16kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:16kB writeback:4kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1203.119391][ T9407] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:296kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1203.169630][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1203.178395][ T9407] Node 0 DMA32 free:23856kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136984kB inactive_anon:896kB active_file:20kB inactive_file:8kB unevictable:0kB writepending:20kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4836kB bounce:0kB free_pcp:1084kB local_pcp:240kB free_cma:0kB [ 1203.245361][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1203.266424][ T9407] Node 0 DMA: 21*4kB (UME) 3*8kB (M) 18*16kB (UME) 9*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2796kB [ 1203.298985][ T9407] Node 0 DMA32: 1268*4kB (UME) 358*8kB (ME) 203*16kB (UME) 72*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23408kB [ 1203.319456][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1203.330641][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1203.342356][ T9407] 13409 total pagecache pages [ 1203.348304][ T9407] 0 pages in swap cache [ 1203.352941][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1203.360538][ T9407] Free swap = 0kB [ 1203.364806][ T9407] Total swap = 0kB [ 1203.369545][ T9407] 524155 pages RAM [ 1203.377187][ T9407] 0 pages HighMem/MovableOnly [ 1203.386222][ T9407] 141707 pages reserved [ 1203.392461][ T9407] 0 pages cma reserved [ 1203.397425][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=10968,uid=0 [ 1203.419034][ T9407] Out of memory: Killed process 10968 (syz-executor.2) total-vm:72480kB, anon-rss:140kB, file-rss:34832kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:30 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f3, &(0x7f0000000300)={'gre0\x00\x00\x00\b\x00', &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000042f7c20fb03026608036b6c2d162729b15962e08152db425a19df02d45"]}) 03:37:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x0, 0x0, 0x2}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 03:37:30 executing program 1: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0xe, &(0x7f0000000080)={0x0, 0x0}, 0x8) 03:37:30 executing program 0: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) 03:37:30 executing program 2: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) 03:37:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) 03:37:30 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x11, 0x0, 0xd0}) [ 1203.699868][ T9411] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:37:30 executing program 1: unshare(0x2040400) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) fstat(r1, &(0x7f00000007c0)) [ 1203.714999][ T9411] CPU: 2 PID: 9411 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1203.724645][ T9411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1203.724645][ T9411] Call Trace: [ 1203.724645][ T9411] dump_stack+0x197/0x210 [ 1203.724645][ T9411] dump_header+0x10b/0x82d [ 1203.724645][ T9411] ? oom_kill_process+0x94/0x420 [ 1203.724645][ T9411] oom_kill_process.cold+0x10/0x15 [ 1203.794688][ T9411] out_of_memory+0x334/0x13c0 [ 1203.804701][ T9411] ? oom_killer_disable+0x280/0x280 [ 1203.804701][ T9411] ? mutex_trylock+0x264/0x2f0 [ 1203.804701][ T9411] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1203.804701][ T9411] __alloc_pages_slowpath+0x222b/0x2920 [ 1203.804701][ T9411] ? warn_alloc+0x110/0x110 [ 1203.804701][ T9411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1203.875067][ T9411] ? should_fail+0x1de/0x852 [ 1203.894871][ T9411] ? __kasan_check_read+0x11/0x20 [ 1203.914824][ T9411] __alloc_pages_nodemask+0x646/0x910 [ 1203.934771][ T9411] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1203.954778][ T9411] ? activate_task+0x212/0x490 [ 1203.954778][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1203.954778][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1203.984730][ T9411] alloc_pages_vma+0xdd/0x620 [ 1203.984730][ T9411] wp_page_copy+0x226/0x1560 [ 1203.984730][ T9411] ? find_held_lock+0x35/0x130 [ 1204.004687][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1204.004687][ T9411] ? lock_downgrade+0x920/0x920 [ 1204.004687][ T9411] ? swp_swapcount+0x540/0x540 [ 1204.004687][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1204.034851][ T9411] do_wp_page+0x543/0x1540 [ 1204.044738][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1204.044738][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1204.044738][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1204.044738][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1204.044738][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1204.044738][ T9411] ? __kasan_check_read+0x11/0x20 [ 1204.044738][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1204.044738][ T9411] __do_page_fault+0x536/0xd80 [ 1204.114890][ T9411] do_page_fault+0x38/0x590 [ 1204.114890][ T9411] do_async_page_fault+0x30/0xa0 [ 1204.114890][ T9411] async_page_fault+0x39/0x40 [ 1204.114890][ T9411] RIP: 0023:0x808fa5d [ 1204.114890][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1204.184718][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1204.194731][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1204.194731][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 0000000000003451 [ 1204.214763][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1204.214763][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1204.244682][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 03:37:31 executing program 0: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) [ 1204.272743][ T9411] Mem-Info: [ 1204.284696][ T9411] active_anon:43296 inactive_anon:233 isolated_anon:0 [ 1204.284696][ T9411] active_file:2877 inactive_file:17848 isolated_file:0 [ 1204.284696][ T9411] unevictable:0 dirty:29 writeback:0 unstable:0 [ 1204.284696][ T9411] slab_reclaimable:15488 slab_unreclaimable:59275 [ 1204.284696][ T9411] mapped:39890 shmem:307 pagetables:2853 bounce:0 03:37:31 executing program 1: unshare(0x2040400) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) fstat(r1, &(0x7f00000007c0)) [ 1204.284696][ T9411] free:146450 free_pcp:341 free_cma:0 [ 1204.418797][ T9411] Node 0 active_anon:137332kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 03:37:31 executing program 1: unshare(0x2040400) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) fstat(r1, &(0x7f00000007c0)) [ 1204.460142][ T9411] Node 0 DMA free:2808kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1204.497031][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1204.504954][ T9411] Node 0 DMA32 free:24156kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:137064kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9200kB pagetables:4908kB bounce:0kB free_pcp:1812kB local_pcp:408kB free_cma:0kB 03:37:31 executing program 1: unshare(0x2040400) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = dup(r0) fstat(r1, &(0x7f00000007c0)) [ 1204.565778][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1204.573946][ T9411] Node 0 DMA: 31*4kB (UME) 3*8kB (M) 16*16kB (UME) 10*32kB (UM) 5*64kB (UME) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2836kB [ 1204.595312][ T9411] Node 0 DMA32: 1175*4kB (UME) 393*8kB (UME) 223*16kB (UME) 82*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23956kB [ 1204.625670][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1204.641374][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1204.666007][ T9411] 13414 total pagecache pages [ 1204.682593][ T9411] 0 pages in swap cache [ 1204.701070][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1204.713036][ T9411] Free swap = 0kB [ 1204.727579][ T9411] Total swap = 0kB [ 1204.748768][ T9411] 524155 pages RAM [ 1204.757733][ T9411] 0 pages HighMem/MovableOnly [ 1204.771889][ T9411] 141707 pages reserved [ 1204.784252][ T9411] 0 pages cma reserved [ 1204.795410][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=12632,uid=0 [ 1204.826614][ T9411] Out of memory: Killed process 12632 (syz-executor.3) total-vm:72480kB, anon-rss:148kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:32 executing program 2: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) 03:37:32 executing program 0: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) 03:37:32 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) 03:37:32 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) 03:37:32 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) 03:37:32 executing program 2: syz_open_dev$vcsu(&(0x7f00000001c0)='/dev/vcsu#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) 03:37:32 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="f0ca9a0001a9279d8901"], 0xa) close(r2) socket(0x10, 0x3, 0x4) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000100)="1608cbc458631fe5e81d7f934619bb33e1b080151adb64fad34e6cfbb010675d35a6de9396a194cb000f17971377858c14ab983f7e4c98ef7a1f078d8592ea8a96b9766bc39cd179", 0x48}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000004, 0x0) 03:37:32 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) msync(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x6) 03:37:32 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) msync(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x6) 03:37:32 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000001600)='io.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="393a32098008419ecc9288d2a79183b12eb70300103b280fcc3b2879dad0f211d346aa0c51be107ac6b87e345403d443323855f4fcf04a664177bb5c0eeccd491838ee3b42d5a25fb5713d574eed5440cc5b07f9730b8db4391020bc608eb37c550e2278472c563e40fd616362c2197c597d8df12dc4e70fa17d09e671d8e21b5a62773761179a558b2cb2fd6878187867aed53b000a4dd8b5f5e19ee7b1"], 0x4) 03:37:32 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="f0ca9a0001a9279d8901"], 0xa) close(r2) socket(0x10, 0x3, 0x4) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000100)="1608cbc458631fe5e81d7f934619bb33e1b080151adb64fad34e6cfbb010675d35a6de9396a194cb000f17971377858c14ab983f7e4c98ef7a1f078d8592ea8a96b9766bc39cd179", 0x48}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000004, 0x0) 03:37:32 executing program 3: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x2) 03:37:32 executing program 2: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) msync(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x6) 03:37:32 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="f0ca9a0001a9279d8901"], 0xa) close(r2) socket(0x10, 0x3, 0x4) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000100)="1608cbc458631fe5e81d7f934619bb33e1b080151adb64fad34e6cfbb010675d35a6de9396a194cb000f17971377858c14ab983f7e4c98ef7a1f078d8592ea8a96b9766bc39cd179", 0x48}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000004, 0x0) 03:37:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 03:37:32 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) msync(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x6) 03:37:32 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) write$binfmt_elf64(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="f0ca9a0001a9279d8901"], 0xa) close(r2) socket(0x10, 0x3, 0x4) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000100)="1608cbc458631fe5e81d7f934619bb33e1b080151adb64fad34e6cfbb010675d35a6de9396a194cb000f17971377858c14ab983f7e4c98ef7a1f078d8592ea8a96b9766bc39cd179", 0x48}], 0x1) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000004, 0x0) 03:37:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d0000003c0002000001000000000000000000000000000000000000000000000c000408000000000052e0db0400060000000000002000000000000000000000a1d00492c8b4f08fe7f3b1d6cf071419d9a4117c1b56df878163d7c9dd693feb8150aba872a32bf17c61fa00000000eb2058d096ee49dffb7715c858c243d00000000000000005ac83a479d1a7e5be078ca3fa1e43ab1cafada043d3134cdf53a3c237ea5e295ac3dc7fd793ff88d6d360dcf043f9e97024c647e9db2be930090000000003000000000040000000d3fc4a3d36b953281a5c21adf253719b7066138155058c7182cded61b62a0ceaf76065"], 0x6c}}, 0x0) 03:37:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) [ 1205.401655][ T491] netem: change failed 03:37:32 executing program 2: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 0: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) 03:37:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 03:37:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d0000003c0002000001000000000000000000000000000000000000000000000c000408000000000052e0db0400060000000000002000000000000000000000a1d00492c8b4f08fe7f3b1d6cf071419d9a4117c1b56df878163d7c9dd693feb8150aba872a32bf17c61fa00000000eb2058d096ee49dffb7715c858c243d00000000000000005ac83a479d1a7e5be078ca3fa1e43ab1cafada043d3134cdf53a3c237ea5e295ac3dc7fd793ff88d6d360dcf043f9e97024c647e9db2be930090000000003000000000040000000d3fc4a3d36b953281a5c21adf253719b7066138155058c7182cded61b62a0ceaf76065"], 0x6c}}, 0x0) 03:37:32 executing program 0: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) [ 1205.473928][ T501] netem: change failed 03:37:32 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r0, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x0) 03:37:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d0000003c0002000001000000000000000000000000000000000000000000000c000408000000000052e0db0400060000000000002000000000000000000000a1d00492c8b4f08fe7f3b1d6cf071419d9a4117c1b56df878163d7c9dd693feb8150aba872a32bf17c61fa00000000eb2058d096ee49dffb7715c858c243d00000000000000005ac83a479d1a7e5be078ca3fa1e43ab1cafada043d3134cdf53a3c237ea5e295ac3dc7fd793ff88d6d360dcf043f9e97024c647e9db2be930090000000003000000000040000000d3fc4a3d36b953281a5c21adf253719b7066138155058c7182cded61b62a0ceaf76065"], 0x6c}}, 0x0) 03:37:32 executing program 0: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) [ 1205.549541][ T508] netem: change failed 03:37:32 executing program 2: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 3: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="6c0000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000a0001006e6574656d0000003c0002000001000000000000000000000000000000000000000000000c000408000000000052e0db0400060000000000002000000000000000000000a1d00492c8b4f08fe7f3b1d6cf071419d9a4117c1b56df878163d7c9dd693feb8150aba872a32bf17c61fa00000000eb2058d096ee49dffb7715c858c243d00000000000000005ac83a479d1a7e5be078ca3fa1e43ab1cafada043d3134cdf53a3c237ea5e295ac3dc7fd793ff88d6d360dcf043f9e97024c647e9db2be930090000000003000000000040000000d3fc4a3d36b953281a5c21adf253719b7066138155058c7182cded61b62a0ceaf76065"], 0x6c}}, 0x0) 03:37:32 executing program 0: socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00'}) [ 1205.666011][ T517] netem: change failed 03:37:32 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10041, 0x0, 0x0) 03:37:32 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb='.0My\xb4,\xdf\x19T\xdf:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:32 executing program 3: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 2: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) 03:37:32 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10041, 0x0, 0x0) [ 1205.789583][ T522] libceph: resolve '.0My´' (ret=-3): failed [ 1205.808546][ T522] libceph: Failed to parse monitor IPs: -3 03:37:33 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb='.0My\xb4,\xdf\x19T\xdf:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:33 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10041, 0x0, 0x0) [ 1205.900183][ T530] libceph: resolve '.0My´' (ret=-3): failed [ 1205.908237][ T530] libceph: Failed to parse monitor IPs: -3 03:37:33 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x10041, 0x0, 0x0) 03:37:33 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb='.0My\xb4,\xdf\x19T\xdf:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:33 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000800)="230000002d0007031dfffd946fa2830020200ae800000000a61d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b138a32052b44e099d881e02546dcda4cc7e6397", 0x4c}], 0x1}, 0x0) [ 1205.956857][ T537] libceph: resolve '.0My´' (ret=-3): failed 03:37:33 executing program 3: pipe(&(0x7f0000000200)) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000c40)) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) creat(&(0x7f0000000200)='./bus\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge_slave_1\x00', &(0x7f0000000280)=ANY=[@ANYRES32=r0]}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xc) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', 0x0}) [ 1205.968722][ T537] libceph: Failed to parse monitor IPs: -3 03:37:33 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1a4, 0xffffffffffffffff, 0x5}, 0x3c) 03:37:33 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000800)="230000002d0007031dfffd946fa2830020200ae800000000a61d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b138a32052b44e099d881e02546dcda4cc7e6397", 0x4c}], 0x1}, 0x0) 03:37:33 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(&(0x7f0000000040)=@nullb='.0My\xb4,\xdf\x19T\xdf:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:33 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1a4, 0xffffffffffffffff, 0x5}, 0x3c) [ 1206.040321][ T547] libceph: resolve '.0My´' (ret=-3): failed 03:37:33 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000800)="230000002d0007031dfffd946fa2830020200ae800000000a61d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b138a32052b44e099d881e02546dcda4cc7e6397", 0x4c}], 0x1}, 0x0) [ 1206.053911][ T547] libceph: Failed to parse monitor IPs: -3 03:37:33 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1a4, 0xffffffffffffffff, 0x5}, 0x3c) 03:37:33 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000800)="230000002d0007031dfffd946fa2830020200ae800000000a61d85680c1ba3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea8653b138a32052b44e099d881e02546dcda4cc7e6397", 0x4c}], 0x1}, 0x0) 03:37:33 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}, [@ldst={0x5, 0x5, 0x5}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) 03:37:33 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x1a4, 0xffffffffffffffff, 0x5}, 0x3c) 03:37:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f00000000c0)=@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@dev]}, 0x18) 03:37:33 executing program 2: clock_adjtime(0xffc99a3b, &(0x7f00000002c0)) 03:37:33 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f00000000c0)=@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@dev]}, 0x18) 03:37:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}, [@ldst={0x5, 0x5, 0x5}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) 03:37:33 executing program 2: clock_adjtime(0xffc99a3b, &(0x7f00000002c0)) 03:37:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f00000000c0)=@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@dev]}, 0x18) 03:37:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}, [@ldst={0x5, 0x5, 0x5}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) 03:37:33 executing program 2: clock_adjtime(0xffc99a3b, &(0x7f00000002c0)) 03:37:33 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f00000000c0)=@srh={0x0, 0x2, 0x4, 0x1, 0x0, 0x0, 0x0, [@dev]}, 0x18) 03:37:33 executing program 2: clock_adjtime(0xffc99a3b, &(0x7f00000002c0)) 03:37:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8}, [@ldst={0x5, 0x5, 0x5}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) 03:37:33 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_SCRNMAP(r0, 0x5609, &(0x7f0000000000)=""/172) 03:37:33 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001a00cf6000000000000095000000000000007c41776586b2841fb71916411c22f945fb70fc5b4e982e61d68b61c1ba6e53657b8dc7c5bb72290946131bc6470051a39eab7f8651b8ca38a6e7fae8bc5e5c45d8cfc8c575b46ecea5a34655b9b5b14d09000000048d2e9ec9b5d29ab9e06bdb414497312320fd387df6c51cc11505e90fbda6eae76f8ed901258df22c9bdaf8e6757d69649b5cb15ee2c0938814d822a35998d52500c165c101db2d1605084d8146afba76791233df255a428e4ec6f2de157a023ac6f9007a320553d872768f9f909cb5b064e8e6f29c241c403dc86e5166ce266f011713559b71894556015cb97dfcb26cf2fa4f52f247f089a09c3ef834e4e6f457bef1e6b24d86dac622be551242b30efadf5b8292490f7e4f76238e91e17793a6677072199752aa0679ca86887afd14b51539b9792a39086af837c24c09eb392e724e"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) 03:37:33 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x0, 0x0) read(r0, 0x0, 0x0) 03:37:33 executing program 1: setrlimit(0x9, &(0x7f0000000000)) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6) 03:37:33 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x3, 0x4, 0x80000000004, 0xe657}, 0x3c) close(r0) 03:37:33 executing program 3: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd", 0x2}], 0x1, 0x0) 03:37:33 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001a00cf6000000000000095000000000000007c41776586b2841fb71916411c22f945fb70fc5b4e982e61d68b61c1ba6e53657b8dc7c5bb72290946131bc6470051a39eab7f8651b8ca38a6e7fae8bc5e5c45d8cfc8c575b46ecea5a34655b9b5b14d09000000048d2e9ec9b5d29ab9e06bdb414497312320fd387df6c51cc11505e90fbda6eae76f8ed901258df22c9bdaf8e6757d69649b5cb15ee2c0938814d822a35998d52500c165c101db2d1605084d8146afba76791233df255a428e4ec6f2de157a023ac6f9007a320553d872768f9f909cb5b064e8e6f29c241c403dc86e5166ce266f011713559b71894556015cb97dfcb26cf2fa4f52f247f089a09c3ef834e4e6f457bef1e6b24d86dac622be551242b30efadf5b8292490f7e4f76238e91e17793a6677072199752aa0679ca86887afd14b51539b9792a39086af837c24c09eb392e724e"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) 03:37:33 executing program 1: setrlimit(0x9, &(0x7f0000000000)) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6) 03:37:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000000)) 03:37:33 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001a00cf6000000000000095000000000000007c41776586b2841fb71916411c22f945fb70fc5b4e982e61d68b61c1ba6e53657b8dc7c5bb72290946131bc6470051a39eab7f8651b8ca38a6e7fae8bc5e5c45d8cfc8c575b46ecea5a34655b9b5b14d09000000048d2e9ec9b5d29ab9e06bdb414497312320fd387df6c51cc11505e90fbda6eae76f8ed901258df22c9bdaf8e6757d69649b5cb15ee2c0938814d822a35998d52500c165c101db2d1605084d8146afba76791233df255a428e4ec6f2de157a023ac6f9007a320553d872768f9f909cb5b064e8e6f29c241c403dc86e5166ce266f011713559b71894556015cb97dfcb26cf2fa4f52f247f089a09c3ef834e4e6f457bef1e6b24d86dac622be551242b30efadf5b8292490f7e4f76238e91e17793a6677072199752aa0679ca86887afd14b51539b9792a39086af837c24c09eb392e724e"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) 03:37:33 executing program 1: setrlimit(0x9, &(0x7f0000000000)) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6) 03:37:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000000)) 03:37:33 executing program 1: setrlimit(0x9, &(0x7f0000000000)) mprotect(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x6) 03:37:33 executing program 3: syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) r0 = syz_open_dev$cec(0x0, 0x0, 0x2) ioctl$IOC_PR_PREEMPT(r0, 0x8044610a, 0x0) 03:37:33 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000001a00cf6000000000000095000000000000007c41776586b2841fb71916411c22f945fb70fc5b4e982e61d68b61c1ba6e53657b8dc7c5bb72290946131bc6470051a39eab7f8651b8ca38a6e7fae8bc5e5c45d8cfc8c575b46ecea5a34655b9b5b14d09000000048d2e9ec9b5d29ab9e06bdb414497312320fd387df6c51cc11505e90fbda6eae76f8ed901258df22c9bdaf8e6757d69649b5cb15ee2c0938814d822a35998d52500c165c101db2d1605084d8146afba76791233df255a428e4ec6f2de157a023ac6f9007a320553d872768f9f909cb5b064e8e6f29c241c403dc86e5166ce266f011713559b71894556015cb97dfcb26cf2fa4f52f247f089a09c3ef834e4e6f457bef1e6b24d86dac622be551242b30efadf5b8292490f7e4f76238e91e17793a6677072199752aa0679ca86887afd14b51539b9792a39086af837c24c09eb392e724e"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) 03:37:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000000)) 03:37:33 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xd0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000002400070500"/20, @ANYRES32=r1, @ANYBLOB="00000000ffffffff00001a0008000100706965000c0002000800050000000000"], 0x38}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x41f809b1a7d7b00, 0x0) 03:37:33 executing program 2: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$can_j1939(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1}, 0x40002340) 03:37:33 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x6, 0x0, &(0x7f0000000000)) 03:37:33 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, 0x1c) write$binfmt_elf32(r0, 0x0, 0x0) 03:37:33 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xd0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000002400070500"/20, @ANYRES32=r1, @ANYBLOB="00000000ffffffff00001a0008000100706965000c0002000800050000000000"], 0x38}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x41f809b1a7d7b00, 0x0) 03:37:33 executing program 2: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$can_j1939(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1}, 0x40002340) 03:37:34 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, 0x1c) write$binfmt_elf32(r0, 0x0, 0x0) 03:37:34 executing program 2: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$can_j1939(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1}, 0x40002340) 03:37:34 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 03:37:34 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xd0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000002400070500"/20, @ANYRES32=r1, @ANYBLOB="00000000ffffffff00001a0008000100706965000c0002000800050000000000"], 0x38}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x41f809b1a7d7b00, 0x0) 03:37:34 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, 0x1c) write$binfmt_elf32(r0, 0x0, 0x0) 03:37:34 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xd0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="380000002400070500"/20, @ANYRES32=r1, @ANYBLOB="00000000ffffffff00001a0008000100706965000c0002000800050000000000"], 0x38}}, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x41f809b1a7d7b00, 0x0) 03:37:34 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 03:37:34 executing program 2: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) recvmsg$can_j1939(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/39, 0x27}], 0x1}, 0x40002340) 03:37:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)) 03:37:34 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 03:37:34 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[0xfeffffff], [], @loopback}}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}, 0x1c) write$binfmt_elf32(r0, 0x0, 0x0) 03:37:34 executing program 0: add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) 03:37:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)) 03:37:34 executing program 2: wait4(0x0, 0x0, 0x0, 0x0) getpid() r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'all\x00\x19\x00\x00!C\x19\xb2d\xb4\xa0$v', 0x420000015001}) 03:37:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x8}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:34 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@generic={0x2, "d266a9fe1085d0990ab68591c58cf79de38758ae5c5e0dad1ca0ab8c72d1fdcf7cc6af6f43a4925ca63aea7a0a6391678a6f94427fc733205d25b8f633eb356e572e33dc2252b11e79ffed133b28b2c37acaa026e2818f519b9fd3237cb47719ab6ed9a95260965dd5952d121bdeeeac5e660803ff206679bde6f56ba467"}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)="8a", 0x1}], 0x1}, 0x20000846) 03:37:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)) 03:37:34 executing program 2: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) dup2(r1, r0) 03:37:34 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@generic={0x2, "d266a9fe1085d0990ab68591c58cf79de38758ae5c5e0dad1ca0ab8c72d1fdcf7cc6af6f43a4925ca63aea7a0a6391678a6f94427fc733205d25b8f633eb356e572e33dc2252b11e79ffed133b28b2c37acaa026e2818f519b9fd3237cb47719ab6ed9a95260965dd5952d121bdeeeac5e660803ff206679bde6f56ba467"}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)="8a", 0x1}], 0x1}, 0x20000846) 03:37:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_buf(r0, 0x6, 0x23, 0x0, &(0x7f0000000100)) 03:37:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}}, 0x0) 03:37:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x8}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:34 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@generic={0x2, "d266a9fe1085d0990ab68591c58cf79de38758ae5c5e0dad1ca0ab8c72d1fdcf7cc6af6f43a4925ca63aea7a0a6391678a6f94427fc733205d25b8f633eb356e572e33dc2252b11e79ffed133b28b2c37acaa026e2818f519b9fd3237cb47719ab6ed9a95260965dd5952d121bdeeeac5e660803ff206679bde6f56ba467"}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)="8a", 0x1}], 0x1}, 0x20000846) 03:37:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}}, 0x0) 03:37:34 executing program 1: keyctl$invalidate(0x15, 0x0) 03:37:34 executing program 0: r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@generic={0x2, "d266a9fe1085d0990ab68591c58cf79de38758ae5c5e0dad1ca0ab8c72d1fdcf7cc6af6f43a4925ca63aea7a0a6391678a6f94427fc733205d25b8f633eb356e572e33dc2252b11e79ffed133b28b2c37acaa026e2818f519b9fd3237cb47719ab6ed9a95260965dd5952d121bdeeeac5e660803ff206679bde6f56ba467"}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)="8a", 0x1}], 0x1}, 0x20000846) 03:37:34 executing program 1: keyctl$invalidate(0x15, 0x0) 03:37:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}}, 0x0) 03:37:34 executing program 1: keyctl$invalidate(0x15, 0x0) 03:37:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x8}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:34 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) 03:37:34 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x4}]}]}, 0x28}}, 0x0) 03:37:34 executing program 1: keyctl$invalidate(0x15, 0x0) 03:37:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x8}]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge_slave_1\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge_slave_1\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 03:37:34 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x807a00, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f00000004c0), 0x50) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge_slave_1\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) 03:37:34 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) 03:37:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001740)=@newlink={0xb0, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x88, 0x2b, [@IFLA_XDP_FD={0x7c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}}, @IFLA_XDP_FLAGS={0x5}]}]}, 0xb0}}, 0x0) 03:37:34 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x101012, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp\x00', 0x0) write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="00bf18020003"], 0x1ee) sendfile(r0, r1, &(0x7f0000000000), 0x7fffffffffffffff) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'bridge_slave_1\x00', &(0x7f0000000000)=@ethtool_sset_info={0xa}}) [ 1207.628698][ T727] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:37:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x20008006) accept4$vsock_stream(r1, 0x0, 0x0, 0x0) [ 1207.641161][ T727] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 1207.663826][ T727] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:37:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x20008006) accept4$vsock_stream(r1, 0x0, 0x0, 0x0) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="07000000000000000030710000000000000000de"]}) 03:37:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001740)=@newlink={0xb0, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x88, 0x2b, [@IFLA_XDP_FD={0x7c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}}, @IFLA_XDP_FLAGS={0x5}]}]}, 0xb0}}, 0x0) [ 1207.740667][ T739] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:37:34 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) 03:37:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x20008006) accept4$vsock_stream(r1, 0x0, 0x0, 0x0) 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="07000000000000000030710000000000000000de"]}) [ 1207.752937][ T739] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 1207.764866][ T739] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="07000000000000000030710000000000000000de"]}) 03:37:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001740)=@newlink={0xb0, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x88, 0x2b, [@IFLA_XDP_FD={0x7c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}}, @IFLA_XDP_FLAGS={0x5}]}]}, 0xb0}}, 0x0) 03:37:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'md5\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x20008006) accept4$vsock_stream(r1, 0x0, 0x0, 0x0) [ 1207.827014][ T749] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:37:34 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="07000000000000000030710000000000000000de"]}) [ 1207.842910][ T749] netlink: 'syz-executor.3': attribute type 3 has an invalid length. 03:37:35 executing program 0: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_INFO(0x0, 0x0, 0x3, 0x0) [ 1207.855421][ T749] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:37:35 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:35 executing program 1: io_uring_setup(0x115, &(0x7f00000000c0)={0x0, 0x0, 0x5}) 03:37:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001740)=@newlink={0xb0, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_XDP={0x88, 0x2b, [@IFLA_XDP_FD={0x7c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}}, @IFLA_XDP_FLAGS={0x5}]}]}, 0xb0}}, 0x0) [ 1207.939121][ T761] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1207.961166][ T761] netlink: 'syz-executor.3': attribute type 3 has an invalid length. 03:37:35 executing program 0: timer_create(0x0, 0x0, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000200)) [ 1207.973825][ T761] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:37:35 executing program 0: timer_create(0x0, 0x0, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000200)) 03:37:35 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xa, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r2, 0x1000000000013) 03:37:35 executing program 0: timer_create(0x0, 0x0, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000200)) 03:37:35 executing program 1: io_uring_setup(0x115, &(0x7f00000000c0)={0x0, 0x0, 0x5}) [ 1208.121711][ T39] audit: type=1804 audit(2000000255.260:376): pid=762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16660 res=1 [ 1208.158419][ T39] audit: type=1804 audit(2000000255.260:377): pid=757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16660 res=1 [ 1208.169452][ T762] Process accounting resumed [ 1208.190812][ T39] audit: type=1804 audit(2000000255.300:378): pid=757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="file0" dev="sda1" ino=16660 res=1 [ 1208.214751][ T762] Process accounting resumed 03:37:35 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:35 executing program 0: timer_create(0x0, 0x0, &(0x7f0000000140)) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(0x0, 0x1, &(0x7f00000001c0)={{0x77359400}, {r0, r1+10000000}}, 0x0) timer_gettime(0x0, &(0x7f0000000200)) 03:37:35 executing program 1: io_uring_setup(0x115, &(0x7f00000000c0)={0x0, 0x0, 0x5}) [ 1208.230370][ T39] audit: type=1804 audit(2000000255.300:379): pid=762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16660 res=1 03:37:35 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:35 executing program 1: io_uring_setup(0x115, &(0x7f00000000c0)={0x0, 0x0, 0x5}) [ 1208.419277][ T39] audit: type=1804 audit(2000000255.558:380): pid=785 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16626 res=1 [ 1208.447491][ T778] Process accounting resumed [ 1208.455457][ T39] audit: type=1804 audit(2000000255.558:381): pid=780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="file0" dev="sda1" ino=16626 res=1 [ 1208.467522][ T782] Process accounting resumed [ 1208.481122][ T39] audit: type=1804 audit(2000000255.587:382): pid=787 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="file0" dev="sda1" ino=16608 res=1 [ 1208.509852][ T39] audit: type=1804 audit(2000000255.587:383): pid=789 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="file0" dev="sda1" ino=16608 res=1 03:37:36 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:36 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:36 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:36 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xa, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r2, 0x1000000000013) [ 1209.256437][ T39] audit: type=1804 audit(2000000256.401:384): pid=903 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="file0" dev="sda1" ino=16771 res=1 [ 1209.285370][ T891] Process accounting resumed 03:37:36 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.290424][ T903] Process accounting resumed [ 1209.291341][ T39] audit: type=1804 audit(2000000256.401:385): pid=899 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="file0" dev="sda1" ino=16754 res=1 [ 1209.321821][ T895] Process accounting resumed 03:37:36 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:36 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.507265][ T916] Process accounting resumed 03:37:36 executing program 1: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.537505][ T908] Process accounting resumed 03:37:36 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.575857][ T911] Process accounting resumed 03:37:36 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.706608][ T919] Process accounting resumed [ 1209.755053][ T927] Process accounting resumed 03:37:36 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 1209.803858][ T923] Process accounting resumed 03:37:37 executing program 1: clock_gettime(0x3, &(0x7f0000000080)) 03:37:37 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xa, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r2, 0x1000000000013) 03:37:37 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:37 executing program 1: clock_gettime(0x3, &(0x7f0000000080)) [ 1209.961494][ T930] Process accounting resumed 03:37:37 executing program 0: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:37 executing program 1: clock_gettime(0x3, &(0x7f0000000080)) 03:37:37 executing program 1: clock_gettime(0x3, &(0x7f0000000080)) 03:37:37 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_trie\x00') lseek(r0, 0x0, 0x1) 03:37:37 executing program 1: mremap(&(0x7f0000a96000/0x1000)=nil, 0x7fffdfecf000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) [ 1210.167758][ T946] Process accounting resumed [ 1210.249572][ T942] Process accounting resumed 03:37:37 executing program 2: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffffc}, 0x0, 0x8) rt_sigtimedwait(&(0x7f0000000300)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) acct(&(0x7f00000003c0)='./file0\x00') creat(&(0x7f0000000280)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) 03:37:37 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 03:37:37 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xa, 0x0) timer_create(0x0, &(0x7f0000000040)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r2, 0x1000000000013) 03:37:37 executing program 1: mremap(&(0x7f0000a96000/0x1000)=nil, 0x7fffdfecf000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 03:37:37 executing program 1: mremap(&(0x7f0000a96000/0x1000)=nil, 0x7fffdfecf000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 03:37:37 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 03:37:38 executing program 1: mremap(&(0x7f0000a96000/0x1000)=nil, 0x7fffdfecf000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 03:37:38 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) [ 1210.967782][ T963] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1210.995444][ T963] CPU: 1 PID: 963 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1211.004878][ T963] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1211.044984][ T963] Call Trace: [ 1211.044984][ T963] dump_stack+0x197/0x210 [ 1211.044984][ T963] dump_header+0x10b/0x82d [ 1211.044984][ T963] ? oom_kill_process+0x94/0x420 [ 1211.044984][ T963] oom_kill_process.cold+0x10/0x15 [ 1211.044984][ T963] out_of_memory+0x334/0x13c0 [ 1211.044984][ T963] ? oom_killer_disable+0x280/0x280 [ 1211.044984][ T963] ? mutex_trylock+0x264/0x2f0 [ 1211.044984][ T963] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1211.044984][ T963] __alloc_pages_slowpath+0x222b/0x2920 [ 1211.044984][ T963] ? warn_alloc+0x110/0x110 [ 1211.044984][ T963] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1211.044984][ T963] ? should_fail+0x1de/0x852 [ 1211.044984][ T963] ? __kasan_check_read+0x11/0x20 [ 1211.044984][ T963] __alloc_pages_nodemask+0x646/0x910 [ 1211.044984][ T963] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1211.044984][ T963] ? lock_downgrade+0x920/0x920 [ 1211.044984][ T963] ? __kasan_check_write+0x14/0x20 [ 1211.044984][ T963] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1211.044984][ T963] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1211.044984][ T963] alloc_pages_vma+0xdd/0x620 [ 1211.044984][ T963] __handle_mm_fault+0x1ed5/0x3da0 [ 1211.044984][ T963] ? vm_iomap_memory+0x1a0/0x1a0 [ 1211.044984][ T963] ? handle_mm_fault+0x292/0xa50 [ 1211.044984][ T963] ? handle_mm_fault+0x7a0/0xa50 [ 1211.044984][ T963] ? __kasan_check_read+0x11/0x20 [ 1211.285963][ T963] handle_mm_fault+0x3b2/0xa50 [ 1211.285963][ T963] __do_page_fault+0x536/0xd80 [ 1211.285963][ T963] do_page_fault+0x38/0x590 [ 1211.285963][ T963] do_async_page_fault+0x30/0xa0 [ 1211.285963][ T963] async_page_fault+0x39/0x40 [ 1211.285963][ T963] RIP: 0023:0x80577c6 [ 1211.285963][ T963] Code: 9d 03 00 83 c4 20 83 f8 ff 89 45 ac 0f 84 f9 02 00 00 8b 45 ac 85 c0 0f 84 bc 02 00 00 8b 5d ac 8b 75 a0 8d 84 33 40 fb ff ff <89> 98 70 02 00 00 89 b0 74 02 00 00 89 c3 89 45 b4 05 8c 00 00 00 [ 1211.285963][ T963] RSP: 002b:00000000ffd5d860 EFLAGS: 00010286 [ 1211.285963][ T963] RAX: 00000000f5d38b40 RBX: 00000000f5d18000 RCX: 0000000000021000 [ 1211.285963][ T963] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000021000 [ 1211.460940][ T963] RBP: 00000000ffd5d8d8 R08: 0000000000000000 R09: 0000000000000000 [ 1211.491379][ T963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1211.525883][ T963] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1211.575059][ T963] Mem-Info: [ 1211.590330][ T963] active_anon:43240 inactive_anon:233 isolated_anon:0 [ 1211.590330][ T963] active_file:2876 inactive_file:17867 isolated_file:0 [ 1211.590330][ T963] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1211.590330][ T963] slab_reclaimable:15697 slab_unreclaimable:59722 [ 1211.590330][ T963] mapped:39903 shmem:307 pagetables:2861 bounce:0 [ 1211.590330][ T963] free:146100 free_pcp:90 free_cma:0 [ 1211.735039][ T963] Node 0 active_anon:137256kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1211.748244][ T958] Process accounting resumed 03:37:38 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) [ 1211.795521][ T963] Node 0 DMA free:2836kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:320kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1211.796621][ T0] NOHZ: local_softirq_pending 08 [ 1211.873467][ T963] lowmem_reserve[]: 0 532 532 532 532 [ 1211.881005][ T963] Node 0 DMA32 free:23728kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136936kB inactive_anon:896kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4888kB bounce:0kB free_pcp:620kB local_pcp:224kB free_cma:0kB [ 1211.934773][ T963] lowmem_reserve[]: 0 0 0 0 0 [ 1211.940474][ T963] Node 0 DMA: 18*4kB (UM) 22*8kB (UM) 14*16kB (UME) 13*32kB (UME) 4*64kB (UM) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2936kB [ 1211.958950][ T963] Node 0 DMA32: 1246*4kB (UME) 393*8kB (UME) 174*16kB (UME) 88*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 23648kB [ 1211.981736][ T963] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1211.995342][ T963] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1212.007357][ T963] 13428 total pagecache pages [ 1212.013015][ T963] 0 pages in swap cache [ 1212.018077][ T963] Swap cache stats: add 0, delete 0, find 0/0 [ 1212.025998][ T963] Free swap = 0kB [ 1212.031216][ T963] Total swap = 0kB [ 1212.036230][ T963] 524155 pages RAM [ 1212.041289][ T963] 0 pages HighMem/MovableOnly [ 1212.048678][ T963] 141707 pages reserved [ 1212.053615][ T963] 0 pages cma reserved [ 1212.061379][ T963] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=10946,uid=0 [ 1212.082468][ T963] Out of memory: Killed process 10946 (syz-executor.3) total-vm:72612kB, anon-rss:148kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:39 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 03:37:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000800010073667100480002000000000000000000000000000000000000000000000000000000000000471a00000000000000000000000000000000000000000000f3aff151ed1e4a08454f9c9ed6974ba345296ca6ffafecb3ab42207c5c129cdf6500"/126], 0x74}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7c0000002c00010700"/20, @ANYRES32=r2, @ANYBLOB="00000002000000000300c4c1080001006270660050000200080006000000000004000500400002003c00010000000000eeff0027000000000b75da11000000000000000010000000000000000000000000000000000000000000ddffffff00"/111], 0x7c}}, 0x0) r3 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x42, 0x0) 03:37:39 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 03:37:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 03:37:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000800010073667100480002000000000000000000000000000000000000000000000000000000000000471a00000000000000000000000000000000000000000000f3aff151ed1e4a08454f9c9ed6974ba345296ca6ffafecb3ab42207c5c129cdf6500"/126], 0x74}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7c0000002c00010700"/20, @ANYRES32=r2, @ANYBLOB="00000002000000000300c4c1080001006270660050000200080006000000000004000500400002003c00010000000000eeff0027000000000b75da11000000000000000010000000000000000000000000000000000000000000ddffffff00"/111], 0x7c}}, 0x0) r3 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x42, 0x0) 03:37:39 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [0x0, 0x48]}, 0x5}, 0x1c) bind$inet6(r0, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast2}, 0x1c) 03:37:39 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX], 0x12) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 03:37:39 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000800010073667100480002000000000000000000000000000000000000000000000000000000000000471a00000000000000000000000000000000000000000000f3aff151ed1e4a08454f9c9ed6974ba345296ca6ffafecb3ab42207c5c129cdf6500"/126], 0x74}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7c0000002c00010700"/20, @ANYRES32=r2, @ANYBLOB="00000002000000000300c4c1080001006270660050000200080006000000000004000500400002003c00010000000000eeff0027000000000b75da11000000000000000010000000000000000000000000000000000000000000ddffffff00"/111], 0x7c}}, 0x0) r3 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x42, 0x0) 03:37:39 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:39 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:39 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff000000000800010073667100480002000000000000000000000000000000000000000000000000000000000000471a00000000000000000000000000000000000000000000f3aff151ed1e4a08454f9c9ed6974ba345296ca6ffafecb3ab42207c5c129cdf6500"/126], 0x74}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="7c0000002c00010700"/20, @ANYRES32=r2, @ANYBLOB="00000002000000000300c4c1080001006270660050000200080006000000000004000500400002003c00010000000000eeff0027000000000b75da11000000000000000010000000000000000000000000000000000000000000ddffffff00"/111], 0x7c}}, 0x0) r3 = socket(0x4000000000010, 0x1000000000080002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x42, 0x0) 03:37:39 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:39 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 03:37:40 executing program 2: clock_getres(0xb00, 0x0) 03:37:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 03:37:40 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:40 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX], 0x12) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 03:37:40 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) 03:37:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0xa, 0xffffffffffffffff) 03:37:40 executing program 2: clock_getres(0xb00, 0x0) 03:37:40 executing program 2: clock_getres(0xb00, 0x0) 03:37:40 executing program 3: r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000800)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec61221adf59be045b70e48884ca000018cea71fcfed06fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23fb6430a9a4c2850b6380a743d6ea0c3b121f66c716", 0xc9, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0xf3, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x0f@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}}) 03:37:40 executing program 1: r0 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r0, &(0x7f0000000000)={0x18, 0x2, {0x0, @rand_addr=0x3288}}, 0x1e) connect$pptp(r0, &(0x7f0000000300)={0x18, 0x2, {0x0, @initdev}}, 0x1e) [ 1213.545556][ T9411] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1213.558979][ T9411] CPU: 1 PID: 9411 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1213.568184][ T9411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1213.568184][ T9411] Call Trace: [ 1213.568184][ T9411] dump_stack+0x197/0x210 [ 1213.568184][ T9411] dump_header+0x10b/0x82d [ 1213.594870][ T9411] ? oom_kill_process+0x94/0x420 [ 1213.594870][ T9411] oom_kill_process.cold+0x10/0x15 [ 1213.594870][ T9411] out_of_memory+0x334/0x13c0 [ 1213.594870][ T9411] ? oom_killer_disable+0x280/0x280 [ 1213.594870][ T9411] ? mutex_trylock+0x264/0x2f0 [ 1213.594870][ T9411] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1213.594870][ T9411] __alloc_pages_slowpath+0x222b/0x2920 [ 1213.594870][ T9411] ? warn_alloc+0x110/0x110 [ 1213.594870][ T9411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1213.594870][ T9411] ? should_fail+0x1de/0x852 [ 1213.594870][ T9411] ? __kasan_check_read+0x11/0x20 [ 1213.594870][ T9411] __alloc_pages_nodemask+0x646/0x910 [ 1213.594870][ T9411] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1213.594870][ T9411] ? activate_task+0x212/0x490 [ 1213.594870][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1213.594870][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1213.594870][ T9411] alloc_pages_vma+0xdd/0x620 [ 1213.594870][ T9411] wp_page_copy+0x226/0x1560 [ 1213.594870][ T9411] ? find_held_lock+0x35/0x130 [ 1213.594870][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1213.594870][ T9411] ? lock_downgrade+0x920/0x920 [ 1213.594870][ T9411] ? swp_swapcount+0x540/0x540 [ 1213.594870][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1213.594870][ T9411] do_wp_page+0x543/0x1540 [ 1213.594870][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1213.594870][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1213.594870][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1213.594870][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1213.594870][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1213.594870][ T9411] ? __kasan_check_read+0x11/0x20 [ 1213.594870][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1213.594870][ T9411] __do_page_fault+0x536/0xd80 [ 1213.594870][ T9411] do_page_fault+0x38/0x590 [ 1213.594870][ T9411] do_async_page_fault+0x30/0xa0 [ 1213.594870][ T9411] async_page_fault+0x39/0x40 [ 1213.594870][ T9411] RIP: 0023:0x808fa5d [ 1213.594870][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1213.594870][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1213.594870][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1213.594870][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 0000000000003573 [ 1213.594870][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 03:37:41 executing program 2: clock_getres(0xb00, 0x0) [ 1213.594870][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.927169][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1213.942111][ T9411] Mem-Info: [ 1213.946529][ T9411] active_anon:43269 inactive_anon:233 isolated_anon:0 [ 1213.946529][ T9411] active_file:2885 inactive_file:26055 isolated_file:0 [ 1213.946529][ T9411] unevictable:0 dirty:6091 writeback:1 unstable:0 [ 1213.946529][ T9411] slab_reclaimable:16201 slab_unreclaimable:59325 [ 1213.946529][ T9411] mapped:39903 shmem:307 pagetables:2847 bounce:0 [ 1213.946529][ T9411] free:137581 free_pcp:217 free_cma:0 [ 1213.999466][ T9411] Node 0 active_anon:137212kB inactive_anon:896kB active_file:36kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1214.038868][ T9411] Node 0 DMA free:2824kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:44kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1214.072835][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1214.079225][ T9411] Node 0 DMA32 free:24320kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136944kB inactive_anon:896kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4984kB bounce:0kB free_pcp:828kB local_pcp:108kB free_cma:0kB [ 1214.115253][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1214.120526][ T9411] Node 0 DMA: 3*4kB (UME) 13*8kB (UM) 17*16kB (UM) 13*32kB (UME) 4*64kB (UM) 2*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 2852kB [ 1214.146410][ T9411] Node 0 DMA32: 632*4kB (UME) 778*8kB (UME) 196*16kB (UME) 89*32kB (UME) 43*64kB (UME) 24*128kB (UME) 14*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 24656kB 03:37:41 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX], 0x12) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 03:37:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 03:37:41 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) [ 1214.188212][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1214.231481][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1214.273384][ T9411] 18372 total pagecache pages [ 1214.300002][ T9411] 0 pages in swap cache [ 1214.323045][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1214.353175][ T9411] Free swap = 0kB 03:37:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) [ 1214.367586][ T9411] Total swap = 0kB [ 1214.381752][ T9411] 524155 pages RAM [ 1214.393665][ T9411] 0 pages HighMem/MovableOnly [ 1214.410420][ T9411] 141707 pages reserved 03:37:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) [ 1214.427765][ T9411] 0 pages cma reserved [ 1214.444317][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14782,uid=0 [ 1214.501757][ T9411] Out of memory: Killed process 14782 (syz-executor.3) total-vm:72348kB, anon-rss:144kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:41 executing program 3: r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000800)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec61221adf59be045b70e48884ca000018cea71fcfed06fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23fb6430a9a4c2850b6380a743d6ea0c3b121f66c716", 0xc9, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0xf3, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x0f@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}}) 03:37:41 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 03:37:41 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:42 executing program 0: r0 = open(&(0x7f0000000000)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX], 0x12) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r1, 0x2007fff) sendfile(r0, r0, &(0x7f00000001c0), 0x8080fffffffe) 03:37:42 executing program 3: r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000800)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec61221adf59be045b70e48884ca000018cea71fcfed06fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23fb6430a9a4c2850b6380a743d6ea0c3b121f66c716", 0xc9, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0xf3, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x0f@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}}) 03:37:42 executing program 2: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:42 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:42 executing program 3: r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000800)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec61221adf59be045b70e48884ca000018cea71fcfed06fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23fb6430a9a4c2850b6380a743d6ea0c3b121f66c716", 0xc9, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0xf3, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x0f@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}}) 03:37:42 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:42 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 03:37:42 executing program 2: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:43 executing program 1: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) 03:37:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 03:37:43 executing program 2: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) dup2(r1, r0) 03:37:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 03:37:43 executing program 1: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) 03:37:43 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000180)=0x80, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf) 03:37:43 executing program 2: set_robust_list(&(0x7f0000000080), 0xc) 03:37:43 executing program 1: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) 03:37:43 executing program 2: set_robust_list(&(0x7f0000000080), 0xc) 03:37:43 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x43, &(0x7f0000000280), 0x4) 03:37:43 executing program 1: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setregid(0xffffffffffffffff, r1) 03:37:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 03:37:43 executing program 2: set_robust_list(&(0x7f0000000080), 0xc) 03:37:43 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x43, &(0x7f0000000280), 0x4) 03:37:43 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast2}, 0x9) 03:37:43 executing program 2: set_robust_list(&(0x7f0000000080), 0xc) 03:37:43 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast2}, 0x9) 03:37:43 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x43, &(0x7f0000000280), 0x4) 03:37:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 03:37:43 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast2}, 0x9) 03:37:43 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x43, &(0x7f0000000280), 0x4) 03:37:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40, &(0x7f0000001fde), 0x4) 03:37:43 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0x305}, 0x14}}, 0x0) 03:37:43 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast2}, 0x9) 03:37:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x6, 0x0, &(0x7f0000000140)) 03:37:43 executing program 1: socket$inet_smc(0x2b, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:37:43 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:43 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0x305}, 0x14}}, 0x0) 03:37:43 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x6, 0x0, &(0x7f0000000140)) 03:37:44 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x6, 0x0, &(0x7f0000000140)) 03:37:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 1: socket$inet_smc(0x2b, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:37:44 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0x305}, 0x14}}, 0x0) 03:37:44 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x6, 0x0, &(0x7f0000000140)) 03:37:44 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_GET(r0, &(0x7f0000000280)={0x0, 0x2, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r1, 0x305}, 0x14}}, 0x0) 03:37:44 executing program 1: socket$inet_smc(0x2b, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:37:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 1: socket$inet_smc(0x2b, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) syz_open_dev$sndseq(&(0x7f0000ce9ff3)='/dev/snd/seq\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x0, 0x0) syz_open_dev$sndseq(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:37:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x5c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x19, 0x2, [@IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x8}, @IFLA_BOND_NUM_PEER_NOTIF={0x8}, @IFLA_BOND_MODE={0x8, 0x1, 0x1}, @IFLA_BOND_PRIMARY_RESELECT={0x8}]}}}]}, 0x5c}}, 0x0) 03:37:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x100000000000a, 0x7) 03:37:44 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000200)='./file0/file0\x00', 0x0) pwrite64(r0, &(0x7f0000000000), 0xffffff7b, 0x2) 03:37:44 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x100000000000a, 0x7) 03:37:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x5c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x19, 0x2, [@IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x8}, @IFLA_BOND_NUM_PEER_NOTIF={0x8}, @IFLA_BOND_MODE={0x8, 0x1, 0x1}, @IFLA_BOND_PRIMARY_RESELECT={0x8}]}}}]}, 0x5c}}, 0x0) 03:37:44 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) listen(r0, 0x5a6c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) r2 = socket$inet(0x10, 0x3, 0x4) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff09fffefd956fa283b724a6008000004e22000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 03:37:44 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x100000000000a, 0x7) 03:37:44 executing program 0: pipe(&(0x7f00000001c0)={0xffffffffffffffff}) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0x100000000000a, 0x7) 03:37:44 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x5c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x19, 0x2, [@IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x8}, @IFLA_BOND_NUM_PEER_NOTIF={0x8}, @IFLA_BOND_MODE={0x8, 0x1, 0x1}, @IFLA_BOND_PRIMARY_RESELECT={0x8}]}}}]}, 0x5c}}, 0x0) 03:37:44 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000180)={0x4, 0x8}, 0x10) [ 1217.663358][ T1182] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1217.711880][ T1182] CPU: 3 PID: 1182 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1217.721623][ T1182] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1217.754968][ T1182] Call Trace: [ 1217.754968][ T1182] dump_stack+0x197/0x210 [ 1217.754968][ T1182] dump_header+0x10b/0x82d [ 1217.754968][ T1182] ? oom_kill_process+0x94/0x420 [ 1217.754968][ T1182] oom_kill_process.cold+0x10/0x15 [ 1217.754968][ T1182] out_of_memory+0x334/0x13c0 [ 1217.754968][ T1182] ? oom_killer_disable+0x280/0x280 [ 1217.754968][ T1182] ? mutex_trylock+0x264/0x2f0 [ 1217.754968][ T1182] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1217.754968][ T1182] __alloc_pages_slowpath+0x222b/0x2920 03:37:45 executing program 0: r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SFACILITIES(r0, 0x89e5, &(0x7f00000001c0)) 03:37:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5f}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1381, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1217.992244][ T1182] ? warn_alloc+0x110/0x110 03:37:45 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000200)='./file0/file0\x00', 0x0) pwrite64(r0, &(0x7f0000000000), 0xffffff7b, 0x2) 03:37:45 executing program 0: r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) write(r0, 0x0, 0x0) [ 1217.996421][ T1182] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1218.026863][ T1182] ? should_fail+0x1de/0x852 [ 1218.035660][ T1182] ? __kasan_check_read+0x11/0x20 [ 1218.045493][ T1182] __alloc_pages_nodemask+0x646/0x910 [ 1218.075088][ T1182] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1218.094714][ T1182] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1218.104821][ T1182] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1218.115850][ T1182] alloc_pages_vma+0xdd/0x620 [ 1218.125052][ T1182] wp_page_copy+0x226/0x1560 [ 1218.135065][ T1182] ? find_held_lock+0x35/0x130 [ 1218.148944][ T1182] ? follow_pfn+0x2a0/0x2a0 [ 1218.154819][ T1182] ? lock_downgrade+0x920/0x920 [ 1218.176893][ T1182] ? swp_swapcount+0x540/0x540 [ 1218.188700][ T1182] ? do_raw_spin_unlock+0x178/0x270 [ 1218.198915][ T1182] do_wp_page+0x543/0x1540 [ 1218.205275][ T1182] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1218.217920][ T1182] __handle_mm_fault+0x327b/0x3da0 [ 1218.224840][ T1182] ? vm_iomap_memory+0x1a0/0x1a0 [ 1218.234858][ T1182] ? handle_mm_fault+0x292/0xa50 [ 1218.246935][ T1182] ? handle_mm_fault+0x7a0/0xa50 [ 1218.253077][ T1182] ? __kasan_check_read+0x11/0x20 [ 1218.257446][ T1182] handle_mm_fault+0x3b2/0xa50 [ 1218.265474][ T1182] __do_page_fault+0x536/0xd80 [ 1218.275364][ T1182] do_page_fault+0x38/0x590 [ 1218.275364][ T1182] do_async_page_fault+0x30/0xa0 [ 1218.285277][ T1182] async_page_fault+0x39/0x40 [ 1218.298171][ T1182] RIP: 0010:__put_user_4+0x1c/0x30 [ 1218.313528][ T1182] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1218.378773][ T1182] RSP: 0018:ffffc9000525ff30 EFLAGS: 00050293 [ 1218.392441][ T1182] RAX: 0000000000007ce6 RBX: 00007fffffffeffd RCX: 0000000008873968 [ 1218.411657][ T1182] RDX: dffffc0000000000 RSI: 1ffff110032c9413 RDI: ffff888019649db0 [ 1218.430175][ T1182] RBP: ffffc9000525ff48 R08: 0000000000000001 R09: ffff88801964a090 [ 1218.448930][ T1182] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1218.465266][ T1182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1218.476346][ T1182] ? schedule_tail+0xd8/0x130 [ 1218.483488][ T1182] ret_from_fork+0x8/0x30 [ 1218.489822][ T1182] RIP: 0023:0xf7f59a39 [ 1218.495139][ T1182] Code: Bad RIP value. [ 1218.501156][ T1182] RSP: 002b:00000000ffcb56e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1218.512151][ T1182] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1218.524097][ T1182] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008873968 [ 1218.527820][ T1182] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1218.544830][ T1182] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1218.544830][ T1182] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 03:37:45 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5f}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1381, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:45 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000200)='./file0/file0\x00', 0x0) pwrite64(r0, &(0x7f0000000000), 0xffffff7b, 0x2) [ 1218.574821][ T1182] Mem-Info: [ 1218.582159][ T1182] active_anon:43180 inactive_anon:233 isolated_anon:0 [ 1218.582159][ T1182] active_file:2878 inactive_file:21964 isolated_file:0 [ 1218.582159][ T1182] unevictable:0 dirty:4123 writeback:38 unstable:0 [ 1218.582159][ T1182] slab_reclaimable:16786 slab_unreclaimable:58690 [ 1218.582159][ T1182] mapped:39890 shmem:307 pagetables:2808 bounce:0 [ 1218.582159][ T1182] free:141074 free_pcp:241 free_cma:0 [ 1218.648077][ T1182] Node 0 active_anon:137200kB inactive_anon:896kB active_file:8kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:8kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1218.690441][ T1182] Node 0 DMA free:2800kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1218.732530][ T1182] lowmem_reserve[]: 0 532 532 532 532 [ 1218.740636][ T1182] Node 0 DMA32 free:23324kB min:26180kB low:32212kB high:38244kB reserved_highatomic:0KB active_anon:136932kB inactive_anon:896kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4880kB bounce:0kB free_pcp:1620kB local_pcp:424kB free_cma:0kB [ 1218.803157][ T1182] lowmem_reserve[]: 0 0 0 0 0 [ 1218.812582][ T1182] Node 0 DMA: 7*4kB (UM) 13*8kB (UME) 16*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2852kB [ 1218.850185][ T1182] Node 0 DMA32: 861*4kB (UME) 462*8kB (UME) 299*16kB (UME) 103*32kB (UME) 41*64kB (UM) 18*128kB (UM) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 24244kB [ 1218.935679][ T1182] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1218.965154][ T1182] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1219.007872][ T1182] 17487 total pagecache pages [ 1219.017966][ T1182] 0 pages in swap cache [ 1219.032013][ T1182] Swap cache stats: add 0, delete 0, find 0/0 [ 1219.044498][ T1182] Free swap = 0kB [ 1219.053212][ T1182] Total swap = 0kB [ 1219.065608][ T1182] 524155 pages RAM [ 1219.073908][ T1182] 0 pages HighMem/MovableOnly [ 1219.082384][ T1182] 141707 pages reserved [ 1219.089381][ T1182] 0 pages cma reserved [ 1219.095783][ T1182] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=11431,uid=0 [ 1219.120169][ T1182] Out of memory: Killed process 11431 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34828kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1219.147556][ T1129] oom_reaper: reaped process 11431 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:37:46 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x5c, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x19, 0x2, [@IFLA_BOND_PRIMARY={0x8}, @IFLA_BOND_ALL_SLAVES_ACTIVE={0x8}, @IFLA_BOND_NUM_PEER_NOTIF={0x8}, @IFLA_BOND_MODE={0x8, 0x1, 0x1}, @IFLA_BOND_PRIMARY_RESELECT={0x8}]}}}]}, 0x5c}}, 0x0) 03:37:46 executing program 0: getgroups(0x2, &(0x7f0000000040)=[0x0, 0xffffffffffffffff]) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, r0}}) 03:37:46 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000880)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000200)='./file0/file0\x00', 0x0) pwrite64(r0, &(0x7f0000000000), 0xffffff7b, 0x2) 03:37:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5f}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1381, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:46 executing program 0: getgroups(0x2, &(0x7f0000000040)=[0x0, 0xffffffffffffffff]) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, r0}}) 03:37:46 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x5f}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1381, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:46 executing program 2: r0 = gettid() tkill(r0, 0x20) 03:37:46 executing program 0: getgroups(0x2, &(0x7f0000000040)=[0x0, 0xffffffffffffffff]) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, r0}}) 03:37:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:37:46 executing program 2: r0 = gettid() tkill(r0, 0x20) 03:37:46 executing program 0: getgroups(0x2, &(0x7f0000000040)=[0x0, 0xffffffffffffffff]) shmctl$IPC_SET(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x0, r0}}) 03:37:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:37:46 executing program 2: r0 = gettid() tkill(r0, 0x20) 03:37:46 executing program 1: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:37:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:46 executing program 2: r0 = gettid() tkill(r0, 0x20) 03:37:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:46 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:46 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) socket$inet(0x2, 0x2, 0x0) shutdown(r1, 0x0) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:37:46 executing program 1: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:46 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:46 executing program 1: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:47 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:47 executing program 0: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:47 executing program 3: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmmsg(r0, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4038009) 03:37:47 executing program 1: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:47 executing program 0: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:47 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x177, 0x4) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x8, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) recvmmsg(r0, &(0x7f0000000680)=[{{0x0, 0x0, 0x0}}], 0x1, 0x203f, 0x0) 03:37:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xc, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x22, 0x1e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:47 executing program 0: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1\x00') 03:37:47 executing program 2: r0 = socket$inet6(0xa, 0x802, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) ppoll(&(0x7f0000000180)=[{r1}, {r0}], 0x2, &(0x7f0000000240), 0x0, 0x0) 03:37:47 executing program 3: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmmsg(r0, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4038009) 03:37:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@ipv6_delroute={0x24, 0x19, 0xf16eb7a97ad0e803, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8}]}, 0x24}}, 0x0) 03:37:47 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @broadcast}}}}}}, 0x0) 03:37:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@ipv6_delroute={0x24, 0x19, 0xf16eb7a97ad0e803, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8}]}, 0x24}}, 0x0) 03:37:47 executing program 3: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmmsg(r0, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4038009) 03:37:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@ipv6_delroute={0x24, 0x19, 0xf16eb7a97ad0e803, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8}]}, 0x24}}, 0x0) 03:37:47 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @broadcast}}}}}}, 0x0) 03:37:47 executing program 3: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) sendmmsg(r0, &(0x7f0000007b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4038009) 03:37:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xc, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x22, 0x1e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:47 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@ipv6_delroute={0x24, 0x19, 0xf16eb7a97ad0e803, 0x0, 0x0, {}, [@RTA_EXPIRES={0x8}]}, 0x24}}, 0x0) 03:37:47 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @broadcast}}}}}}, 0x0) 03:37:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xc, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x22, 0x1e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:47 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000280)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x70}, @dev}, @icmp=@time_exceeded={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @broadcast}}}}}}, 0x0) 03:37:47 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw6\x00') socket$inet6(0xa, 0x3, 0x6) preadv(r0, &(0x7f0000000380)=[{&(0x7f0000000080)=""/233, 0xe9}], 0x1, 0x1) 03:37:47 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xc, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x22, 0x1e}}, &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:37:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt(r0, 0x3a, 0x1, &(0x7f0000000040)="a70c79ff7822c34d8244c4a2494dded77bb3712956253d56a42d54026baf316e55", 0x21) 03:37:47 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f00000000c0)={0xf, 0x8}, 0x10) 03:37:47 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt(r0, 0x3a, 0x1, &(0x7f0000000040)="a70c79ff7822c34d8244c4a2494dded77bb3712956253d56a42d54026baf316e55", 0x21) 03:37:47 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x8200) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffa) [ 1220.833613][ T39] kauditd_printk_skb: 24 callbacks suppressed 03:37:47 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0285628, &(0x7f00000000c0)) 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt(r0, 0x3a, 0x1, &(0x7f0000000040)="a70c79ff7822c34d8244c4a2494dded77bb3712956253d56a42d54026baf316e55", 0x21) [ 1220.833622][ T39] audit: type=1804 audit(2000000267.964:410): pid=1310 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="bus" dev="sda1" ino=16629 res=1 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt(r0, 0x3a, 0x1, &(0x7f0000000040)="a70c79ff7822c34d8244c4a2494dded77bb3712956253d56a42d54026baf316e55", 0x21) 03:37:48 executing program 1: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:48 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x8200) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffa) 03:37:48 executing program 1: syz_mount_image$ntfs(&(0x7f00000000c0)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fmask={'fmask'}}, {@show_sys_files_no='show_sys_files=no'}]}) 03:37:48 executing program 3: syz_emit_ethernet(0x3d, &(0x7f0000000640)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x2, 0x2f, 0x0, @remote, @ipv4={[], [], @local}, {[], @udp={0x2c00, 0x0, 0x8}}}}}}, 0x0) 03:37:48 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 03:37:48 executing program 3: syz_emit_ethernet(0x3d, &(0x7f0000000640)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x2, 0x2f, 0x0, @remote, @ipv4={[], [], @local}, {[], @udp={0x2c00, 0x0, 0x8}}}}}}, 0x0) [ 1220.984029][ T39] audit: type=1804 audit(2000000268.113:411): pid=1325 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="bus" dev="sda1" ino=16785 res=1 [ 1221.069412][ T1328] ntfs: (device loop1): parse_options(): Unrecognized mount option . 03:37:48 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x8200) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffa) 03:37:48 executing program 3: syz_emit_ethernet(0x3d, &(0x7f0000000640)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x2, 0x2f, 0x0, @remote, @ipv4={[], [], @local}, {[], @udp={0x2c00, 0x0, 0x8}}}}}}, 0x0) 03:37:48 executing program 3: syz_emit_ethernet(0x3d, &(0x7f0000000640)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, '\x00', 0x2, 0x2f, 0x0, @remote, @ipv4={[], [], @local}, {[], @udp={0x2c00, 0x0, 0x8}}}}}}, 0x0) [ 1221.202609][ T1328] ntfs: (device loop1): parse_options(): Unrecognized mount option . 03:37:48 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 03:37:48 executing program 3: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x800454d2, 0x0) 03:37:48 executing program 1: syz_mount_image$ntfs(&(0x7f00000000c0)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fmask={'fmask'}}, {@show_sys_files_no='show_sys_files=no'}]}) [ 1221.362268][ T39] audit: type=1804 audit(2000000268.499:412): pid=1341 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="bus" dev="sda1" ino=16801 res=1 03:37:48 executing program 2: r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x8200) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r2, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) r3 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8000fffffffa) 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) [ 1221.410686][ T1351] ntfs: (device loop1): parse_options(): Unrecognized mount option . 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) 03:37:48 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 03:37:48 executing program 1: syz_mount_image$ntfs(&(0x7f00000000c0)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fmask={'fmask'}}, {@show_sys_files_no='show_sys_files=no'}]}) [ 1221.578456][ T39] audit: type=1804 audit(2000000268.718:413): pid=1358 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="bus" dev="sda1" ino=16601 res=1 [ 1221.628287][ T1368] ntfs: (device loop1): parse_options(): Unrecognized mount option . 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) 03:37:48 executing program 1: syz_mount_image$ntfs(&(0x7f00000000c0)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fmask={'fmask'}}, {@show_sys_files_no='show_sys_files=no'}]}) 03:37:48 executing program 0: r0 = socket(0x200000000000011, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'ip6tnl0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 03:37:48 executing program 3: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) [ 1221.802542][ T1378] ntfs: (device loop1): parse_options(): Unrecognized mount option . 03:37:49 executing program 2: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) 03:37:49 executing program 2: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) 03:37:49 executing program 3: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000140)) 03:37:49 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x0, 0x8004}, 0x20) 03:37:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x20) 03:37:49 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x0, 0x8004}, 0x20) 03:37:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x20) 03:37:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2d, &(0x7f0000000ac0)=ANY=[], 0x0) 03:37:49 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x0, 0x8004}, 0x20) 03:37:49 executing program 2: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) shutdown(r0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4, 0x0, @local, 0x1}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) 03:37:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x20) 03:37:49 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x0, 0x8004}, 0x20) 03:37:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2d, &(0x7f0000000ac0)=ANY=[], 0x0) 03:37:49 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)='23', 0x2}], 0x1}, 0x0) 03:37:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2d, &(0x7f0000000ac0)=ANY=[], 0x0) 03:37:49 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={r0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x20) 03:37:49 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2d, &(0x7f0000000ac0)=ANY=[], 0x0) 03:37:49 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/udplite\x00') lseek(r0, 0x8000000000001, 0x0) 03:37:49 executing program 1: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x2, 0x0) write$P9_RSTATu(r0, &(0x7f0000000480)={0x6f, 0x7d, 0x0, {{0x0, 0x59, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/kvm\x00', 0x0, '', 0x9, '/dev/kvm\x00', 0x14, 'vboxnet1\\+security#$'}, 0x1, '}'}}, 0x6f) 03:37:49 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 03:37:49 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001740)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000180)={0x0, 0x8446}) 03:37:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000bfdfdc)={0x20, 0x0, 0x10000001, 0x800000001, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x1, @ipv4=@multicast2}]}]}, 0x20}}, 0x0) 03:37:49 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x80) unshare(0x400) r1 = dup(r0) timerfd_gettime(r1, 0x0) [ 1222.373915][ T1430] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:49 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x80) unshare(0x400) r1 = dup(r0) timerfd_gettime(r1, 0x0) 03:37:49 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001740)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000180)={0x0, 0x8446}) [ 1222.395106][ T1430] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:49 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x80) unshare(0x400) r1 = dup(r0) timerfd_gettime(r1, 0x0) 03:37:49 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000bfdfdc)={0x20, 0x0, 0x10000001, 0x800000001, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x1, @ipv4=@multicast2}]}]}, 0x20}}, 0x0) [ 1222.501096][ T1439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1222.514293][ T1439] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1222.569428][ T9411] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1222.594431][ T9411] CPU: 3 PID: 9411 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1222.604706][ T9411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1222.624804][ T9411] Call Trace: [ 1222.624804][ T9411] dump_stack+0x197/0x210 [ 1222.624804][ T9411] dump_header+0x10b/0x82d [ 1222.644811][ T9411] ? oom_kill_process+0x94/0x420 [ 1222.655090][ T9411] oom_kill_process.cold+0x10/0x15 [ 1222.662787][ T9411] out_of_memory+0x334/0x13c0 [ 1222.666173][ T9411] ? oom_killer_disable+0x280/0x280 [ 1222.675180][ T9411] ? mutex_trylock+0x264/0x2f0 [ 1222.675180][ T9411] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1222.694804][ T9411] __alloc_pages_slowpath+0x222b/0x2920 [ 1222.705412][ T9411] ? warn_alloc+0x110/0x110 [ 1222.705412][ T9411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1222.724798][ T9411] ? should_fail+0x1de/0x852 [ 1222.727032][ T9411] ? __kasan_check_read+0x11/0x20 [ 1222.734796][ T9411] __alloc_pages_nodemask+0x646/0x910 [ 1222.734796][ T9411] ? cpuacct_charge+0x1db/0x360 [ 1222.755417][ T9411] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1222.764919][ T9411] ? update_curr+0x3e0/0x8d0 [ 1222.764919][ T9411] ? update_curr+0x3e0/0x8d0 [ 1222.775496][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1222.775496][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1222.795384][ T9411] alloc_pages_vma+0xdd/0x620 [ 1222.804801][ T9411] wp_page_copy+0x226/0x1560 [ 1222.804801][ T9411] ? find_held_lock+0x35/0x130 [ 1222.815578][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1222.824919][ T9411] ? lock_downgrade+0x920/0x920 [ 1222.835585][ T9411] ? swp_swapcount+0x540/0x540 [ 1222.835585][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1222.844763][ T9411] do_wp_page+0x543/0x1540 [ 1222.863464][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1222.873711][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1222.882539][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1222.885784][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1222.885784][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1222.905338][ T9411] ? __kasan_check_read+0x11/0x20 [ 1222.925299][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1222.934743][ T9411] __do_page_fault+0x536/0xd80 [ 1222.945357][ T9411] do_page_fault+0x38/0x590 [ 1222.954790][ T9411] do_async_page_fault+0x30/0xa0 [ 1222.966082][ T9411] async_page_fault+0x39/0x40 [ 1222.974726][ T9411] RIP: 0023:0x808fa5d [ 1222.985643][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1223.029043][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1223.037428][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1223.050717][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 00000000000035da [ 1223.062517][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1223.076744][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1223.090034][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1223.106112][ T9411] Mem-Info: 03:37:50 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x80) unshare(0x400) r1 = dup(r0) timerfd_gettime(r1, 0x0) 03:37:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000bfdfdc)={0x20, 0x0, 0x10000001, 0x800000001, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x1, @ipv4=@multicast2}]}]}, 0x20}}, 0x0) [ 1223.115457][ T9411] active_anon:43183 inactive_anon:233 isolated_anon:0 [ 1223.115457][ T9411] active_file:2876 inactive_file:17902 isolated_file:0 [ 1223.115457][ T9411] unevictable:0 dirty:22 writeback:0 unstable:0 [ 1223.115457][ T9411] slab_reclaimable:15778 slab_unreclaimable:59197 [ 1223.115457][ T9411] mapped:39886 shmem:307 pagetables:2767 bounce:0 [ 1223.115457][ T9411] free:146941 free_pcp:152 free_cma:0 03:37:50 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) [ 1223.137153][ T1443] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1223.190880][ T9411] Node 0 active_anon:137248kB inactive_anon:896kB active_file:0kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75372kB dirty:28kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1223.215717][ T1443] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 03:37:50 executing program 0: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) [ 1223.281462][ T9411] Node 0 DMA free:2820kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:276kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:8kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:168kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 03:37:50 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000bfdfdc)={0x20, 0x0, 0x10000001, 0x800000001, 0x0, 0x0, {}, [@nested={0xc, 0x2, [@typed={0x8, 0x1, @ipv4=@multicast2}]}]}, 0x20}}, 0x0) [ 1223.353098][ T1448] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1223.362006][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1223.382368][ T1448] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1223.399991][ T9411] Node 0 DMA32 free:25532kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:137012kB inactive_anon:896kB active_file:0kB inactive_file:48kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:5128kB bounce:0kB free_pcp:724kB local_pcp:124kB free_cma:0kB [ 1223.471960][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1223.482532][ T9411] Node 0 DMA: 16*4kB (UME) 19*8kB (UME) 16*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2936kB [ 1223.513215][ T9411] Node 0 DMA32: 1025*4kB (UME) 638*8kB (UME) 208*16kB (UME) 114*32kB (UME) 43*64kB (UME) 18*128kB (UM) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 25332kB [ 1223.548808][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1223.561367][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1223.574132][ T9411] 13463 total pagecache pages [ 1223.581513][ T9411] 0 pages in swap cache [ 1223.598226][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1223.613502][ T9411] Free swap = 0kB [ 1223.618923][ T9411] Total swap = 0kB [ 1223.624076][ T9411] 524155 pages RAM [ 1223.629313][ T9411] 0 pages HighMem/MovableOnly [ 1223.636519][ T9411] 141707 pages reserved [ 1223.642499][ T9411] 0 pages cma reserved [ 1223.648636][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=11420,uid=0 [ 1223.666756][ T9411] Out of memory: Killed process 11420 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34828kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1223.691547][ T1129] oom_reaper: reaped process 11420 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:37:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001740)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000180)={0x0, 0x8446}) 03:37:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000000000815d6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) 03:37:50 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 03:37:50 executing program 0: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 03:37:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000000000815d6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) 03:37:50 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001740)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000180)={0x0, 0x8446}) 03:37:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000000000815d6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) 03:37:50 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x10400003) 03:37:50 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000000000815d6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42) 03:37:51 executing program 0: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 03:37:51 executing program 2: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x1ff, &(0x7f00000003c0)=0x0) fcntl$setstatus(r0, 0x4, 0x44800) r2 = creat(&(0x7f00000004c0)='./bus\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40046602, &(0x7f0000000000)) io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) 03:37:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x34}}, 0x0) 03:37:51 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) clone(0x800007fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) mount(&(0x7f0000000380)=ANY=[@ANYBLOB="022e4d79b42c743edf1956df3a"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) [ 1223.977020][ T1477] libceph: resolve '.My´' (ret=-3): failed 03:37:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x34}}, 0x0) [ 1224.013986][ T1477] libceph: Failed to parse monitor IPs: -3 [ 1224.045626][ T1481] libceph: resolve '.My´' (ret=-3): failed [ 1224.064560][ T1481] libceph: Failed to parse monitor IPs: -3 03:37:51 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) clone(0x800007fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) mount(&(0x7f0000000380)=ANY=[@ANYBLOB="022e4d79b42c743edf1956df3a"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @rand_addr="52b0eaddfaa2ca2532663aee771fa4cf"}}, 0x0, 0x9, 0x0, "8c8f2ebd2746ad6c3c108b6c556232d89ad4981b76e75eef5d7679982cd00bed292bac737344a45da87ad62d5efa983118b47fe5a68c0c732f0bdae13035c963f850442dc2b46e96dcba0a6b111a14f8"}, 0xd8) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001400add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) [ 1224.144766][ T1486] libceph: resolve '.My´' (ret=-3): failed [ 1224.162541][ T1486] libceph: Failed to parse monitor IPs: -3 03:37:51 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) clone(0x800007fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) mount(&(0x7f0000000380)=ANY=[@ANYBLOB="022e4d79b42c743edf1956df3a"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @rand_addr="52b0eaddfaa2ca2532663aee771fa4cf"}}, 0x0, 0x9, 0x0, "8c8f2ebd2746ad6c3c108b6c556232d89ad4981b76e75eef5d7679982cd00bed292bac737344a45da87ad62d5efa983118b47fe5a68c0c732f0bdae13035c963f850442dc2b46e96dcba0a6b111a14f8"}, 0xd8) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001400add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) [ 1224.200078][ T1492] libceph: resolve '.My´' (ret=-3): failed [ 1224.209498][ T1492] libceph: Failed to parse monitor IPs: -3 03:37:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @rand_addr="52b0eaddfaa2ca2532663aee771fa4cf"}}, 0x0, 0x9, 0x0, "8c8f2ebd2746ad6c3c108b6c556232d89ad4981b76e75eef5d7679982cd00bed292bac737344a45da87ad62d5efa983118b47fe5a68c0c732f0bdae13035c963f850442dc2b46e96dcba0a6b111a14f8"}, 0xd8) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001400add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 03:37:51 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x2b2) 03:37:51 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @rand_addr="52b0eaddfaa2ca2532663aee771fa4cf"}}, 0x0, 0x9, 0x0, "8c8f2ebd2746ad6c3c108b6c556232d89ad4981b76e75eef5d7679982cd00bed292bac737344a45da87ad62d5efa983118b47fe5a68c0c732f0bdae13035c963f850442dc2b46e96dcba0a6b111a14f8"}, 0xd8) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="580000001400add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 03:37:51 executing program 1: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) clone(0x800007fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff) mount(&(0x7f0000000380)=ANY=[@ANYBLOB="022e4d79b42c743edf1956df3a"], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ceph\x00', 0x0, 0x0) 03:37:51 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x34}}, 0x0) [ 1224.340894][ T1504] libceph: resolve '.My´' (ret=-3): failed 03:37:51 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffd}, 0x0, 0x8) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) splice(r0, 0x0, r1, 0x0, 0x4000, 0x0) [ 1224.361905][ T1504] libceph: Failed to parse monitor IPs: -3 03:37:51 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffd}, 0x0, 0x8) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) splice(r0, 0x0, r1, 0x0, 0x4000, 0x0) 03:37:51 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffd}, 0x0, 0x8) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) splice(r0, 0x0, r1, 0x0, 0x4000, 0x0) 03:37:51 executing program 0: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffd}, 0x0, 0x8) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) splice(r0, 0x0, r1, 0x0, 0x4000, 0x0) 03:37:52 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 03:37:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1b0000001e0001002cbd7000fddbdf2507000000", @ANYRES32=0x0, @ANYBLOB="0110020002000000080020000000000008001b00fd9000000c0001e0643e93b5c72200001c00220086e56f6d86da29ff1e09b7db1938a64679ef1e415c894d9b4dd1865e683c7a0937eba51d"], 0x58}}, 0x0) 03:37:52 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x8, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}]]}}}]}, 0x34}}, 0x0) 03:37:52 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x2b2) 03:37:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1b0000001e0001002cbd7000fddbdf2507000000", @ANYRES32=0x0, @ANYBLOB="0110020002000000080020000000000008001b00fd9000000c0001e0643e93b5c72200001c00220086e56f6d86da29ff1e09b7db1938a64679ef1e415c894d9b4dd1865e683c7a0937eba51d"], 0x58}}, 0x0) 03:37:52 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 03:37:52 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 03:37:52 executing program 1: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) 03:37:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) fstat(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r2, 0x0) fchown(r0, 0x0, 0x0) 03:37:52 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu\x00\x95kp\xaa\xe8\x9adB\xd9\\_\x0e2f\x9f\x15T\xbc\xb7\xba\xaf]M\xe3', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000440)='cpuset.mems\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000100)='cpuset.effective_mems\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x3) 03:37:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1b0000001e0001002cbd7000fddbdf2507000000", @ANYRES32=0x0, @ANYBLOB="0110020002000000080020000000000008001b00fd9000000c0001e0643e93b5c72200001c00220086e56f6d86da29ff1e09b7db1938a64679ef1e415c894d9b4dd1865e683c7a0937eba51d"], 0x58}}, 0x0) 03:37:53 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x2b2) 03:37:53 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) ioctl$KDGKBENT(r0, 0x4b66, &(0x7f00000000c0)) 03:37:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1b0000001e0001002cbd7000fddbdf2507000000", @ANYRES32=0x0, @ANYBLOB="0110020002000000080020000000000008001b00fd9000000c0001e0643e93b5c72200001c00220086e56f6d86da29ff1e09b7db1938a64679ef1e415c894d9b4dd1865e683c7a0937eba51d"], 0x58}}, 0x0) 03:37:53 executing program 1: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_rr_get_interval(0x0, &(0x7f0000000140)) 03:37:53 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) 03:37:53 executing program 0: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:53 executing program 1: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_rr_get_interval(0x0, &(0x7f0000000140)) 03:37:53 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) 03:37:53 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) 03:37:53 executing program 2: r0 = socket$caif_seqpacket(0x25, 0x5, 0x0) poll(&(0x7f0000000140)=[{r0}], 0x1, 0x2b2) 03:37:53 executing program 0: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:53 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) 03:37:53 executing program 1: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_rr_get_interval(0x0, &(0x7f0000000140)) 03:37:53 executing program 1: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_rr_get_interval(0x0, &(0x7f0000000140)) 03:37:53 executing program 3: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:53 executing program 0: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:53 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) [ 1227.040518][ T1583] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1227.058945][ T1583] CPU: 0 PID: 1583 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1227.068714][ T1583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1227.068714][ T1583] Call Trace: [ 1227.068714][ T1583] dump_stack+0x197/0x210 [ 1227.068714][ T1583] dump_header+0x10b/0x82d [ 1227.068714][ T1583] oom_kill_process.cold+0x10/0x15 [ 1227.068714][ T1583] out_of_memory+0x334/0x13c0 [ 1227.068714][ T1583] ? oom_killer_disable+0x280/0x280 [ 1227.068714][ T1583] ? mutex_trylock+0x264/0x2f0 [ 1227.068714][ T1583] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1227.068714][ T1583] __alloc_pages_slowpath+0x222b/0x2920 [ 1227.068714][ T1583] ? warn_alloc+0x110/0x110 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1227.068714][ T1583] ? should_fail+0x1de/0x852 [ 1227.068714][ T1583] ? __kasan_check_read+0x11/0x20 [ 1227.068714][ T1583] __alloc_pages_nodemask+0x646/0x910 [ 1227.068714][ T1583] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1227.068714][ T1583] ? __kasan_check_read+0x11/0x20 [ 1227.068714][ T1583] ? __lock_acquire+0x16f2/0x4a00 [ 1227.068714][ T1583] ? pmd_val+0x85/0x100 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1227.068714][ T1583] alloc_pages_vma+0xdd/0x620 [ 1227.068714][ T1583] __handle_mm_fault+0x1ed5/0x3da0 [ 1227.068714][ T1583] ? vm_iomap_memory+0x1a0/0x1a0 [ 1227.068714][ T1583] ? handle_mm_fault+0x292/0xa50 [ 1227.068714][ T1583] ? handle_mm_fault+0x7a0/0xa50 [ 1227.068714][ T1583] ? __kasan_check_read+0x11/0x20 [ 1227.068714][ T1583] handle_mm_fault+0x3b2/0xa50 [ 1227.068714][ T1583] __get_user_pages+0x7b2/0x1ac0 [ 1227.068714][ T1583] ? follow_page_mask+0x1dd0/0x1dd0 [ 1227.068714][ T1583] ? process_vm_rw_core.isra.0+0x420/0xc60 [ 1227.068714][ T1583] get_user_pages_remote+0x234/0x4b0 [ 1227.068714][ T1583] process_vm_rw_core.isra.0+0x464/0xc60 [ 1227.068714][ T1583] ? alloc_vmap_area.cold+0x24/0x24 [ 1227.068714][ T1583] ? compat_rw_copy_check_uvector+0x180/0x4c0 [ 1227.068714][ T1583] ? compat_rw_copy_check_uvector+0x189/0x4c0 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1227.068714][ T1583] ? compat_rw_copy_check_uvector+0x36b/0x4c0 [ 1227.068714][ T1583] compat_process_vm_rw+0x21f/0x240 [ 1227.068714][ T1583] ? find_held_lock+0x35/0x130 [ 1227.068714][ T1583] ? process_vm_rw+0x240/0x240 [ 1227.068714][ T1583] ? lock_downgrade+0x920/0x920 [ 1227.068714][ T1583] ? __kasan_check_read+0x11/0x20 [ 1227.068714][ T1583] ? _copy_to_user+0x118/0x160 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1227.068714][ T1583] ? put_old_timespec32+0x113/0x200 [ 1227.068714][ T1583] ? get_old_timespec32+0x200/0x200 [ 1227.068714][ T1583] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1227.068714][ T1583] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1227.068714][ T1583] ? do_fast_syscall_32+0xd1/0xe16 [ 1227.068714][ T1583] __ia32_compat_sys_process_vm_writev+0xe0/0x1a0 [ 1227.068714][ T1583] do_fast_syscall_32+0x27b/0xe16 [ 1227.068714][ T1583] entry_SYSENTER_compat+0x70/0x7f [ 1227.068714][ T1583] RIP: 0023:0xf7f3ca39 [ 1227.068714][ T1583] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1227.068714][ T1583] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 1227.068714][ T1583] RAX: ffffffffffffffda RBX: 00000000000035f8 RCX: 0000000020000000 [ 1227.068714][ T1583] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 000000000000023a [ 1227.068714][ T1583] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1227.068714][ T1583] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1227.068714][ T1583] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1227.466999][ T1583] Mem-Info: [ 1227.701072][ T1583] active_anon:43704 inactive_anon:233 isolated_anon:0 [ 1227.701072][ T1583] active_file:2877 inactive_file:17903 isolated_file:0 [ 1227.701072][ T1583] unevictable:0 dirty:21 writeback:0 unstable:0 [ 1227.701072][ T1583] slab_reclaimable:15752 slab_unreclaimable:59460 [ 1227.701072][ T1583] mapped:39903 shmem:307 pagetables:2862 bounce:0 [ 1227.701072][ T1583] free:145134 free_pcp:89 free_cma:0 [ 1227.750462][ T1583] Node 0 active_anon:139132kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1227.791308][ T1583] Node 0 DMA free:2780kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:340kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1227.831251][ T1583] lowmem_reserve[]: 0 532 532 532 532 [ 1227.838930][ T1583] Node 0 DMA32 free:22252kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:138792kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4848kB bounce:0kB free_pcp:448kB local_pcp:112kB free_cma:0kB [ 1227.880622][ T1583] lowmem_reserve[]: 0 0 0 0 0 [ 1227.886280][ T1583] Node 0 DMA: 15*4kB (U) 8*8kB (UE) 12*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2780kB [ 1227.904144][ T1583] Node 0 DMA32: 947*4kB (UE) 423*8kB (UME) 197*16kB (UME) 105*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 22900kB [ 1227.923284][ T1583] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1227.935954][ T1583] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1227.948398][ T1583] 13463 total pagecache pages [ 1227.955438][ T1583] 0 pages in swap cache [ 1227.960329][ T1583] Swap cache stats: add 0, delete 0, find 0/0 [ 1227.967708][ T1583] Free swap = 0kB [ 1227.972272][ T1583] Total swap = 0kB [ 1227.977347][ T1583] 524155 pages RAM [ 1227.982388][ T1583] 0 pages HighMem/MovableOnly [ 1227.988749][ T1583] 141707 pages reserved [ 1227.994398][ T1583] 0 pages cma reserved [ 1228.000164][ T1583] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=11411,uid=0 [ 1228.020460][ T1583] Out of memory: Killed process 11411 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34828kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1228.045769][ T1129] oom_reaper: reaped process 11411 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1228.095341][ T1575] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 1228.113288][ T1575] CPU: 3 PID: 1575 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1228.122612][ T1575] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1228.122612][ T1575] Call Trace: [ 1228.122612][ T1575] dump_stack+0x197/0x210 [ 1228.122612][ T1575] dump_header+0x10b/0x82d [ 1228.122612][ T1575] ? oom_kill_process+0x94/0x420 [ 1228.122612][ T1575] oom_kill_process.cold+0x10/0x15 [ 1228.122612][ T1575] out_of_memory+0x334/0x13c0 [ 1228.122612][ T1575] ? oom_killer_disable+0x280/0x280 [ 1228.122612][ T1575] ? mutex_trylock+0x264/0x2f0 [ 1228.122612][ T1575] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1228.122612][ T1575] __alloc_pages_slowpath+0x222b/0x2920 [ 1228.122612][ T1575] ? warn_alloc+0x110/0x110 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1228.122612][ T1575] ? should_fail+0x1de/0x852 [ 1228.122612][ T1575] ? __kasan_check_read+0x11/0x20 [ 1228.122612][ T1575] __alloc_pages_nodemask+0x646/0x910 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1228.122612][ T1575] ? xas_start+0x166/0x560 [ 1228.122612][ T1575] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1228.122612][ T1575] ? __kasan_check_read+0x11/0x20 [ 1228.122612][ T1575] ? find_get_entry+0x4a6/0x7a0 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1228.122612][ T1575] alloc_pages_current+0x107/0x210 [ 1228.122612][ T1575] __page_cache_alloc+0x29d/0x490 [ 1228.122612][ T1575] pagecache_get_page+0x27e/0x9e0 [ 1228.122612][ T1575] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1228.122612][ T1575] grab_cache_page_write_begin+0x75/0xb0 [ 1228.122612][ T1575] ext4_da_write_begin+0x33b/0xc70 [ 1228.122612][ T1575] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1228.122612][ T1575] ? ext4_write_begin+0xdc0/0xdc0 [ 1228.122612][ T1575] ? copyin+0x150/0x150 [ 1228.122612][ T1575] ? __mark_inode_dirty+0x3d1/0x1390 [ 1228.122612][ T1575] generic_perform_write+0x23b/0x540 [ 1228.122612][ T1575] ? __mnt_drop_write_file+0x31/0x40 [ 1228.122612][ T1575] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1228.122612][ T1575] ? down_write+0xdf/0x150 [ 1228.122612][ T1575] ? file_modified+0x85/0xa0 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1228.122612][ T1575] ext4_buffered_write_iter+0x1fe/0x460 [ 1228.122612][ T1575] ext4_file_write_iter+0x20d/0x1770 [ 1228.122612][ T1575] ? stack_trace_save+0xac/0xe0 [ 1228.122612][ T1575] ? stack_trace_consume_entry+0x190/0x190 [ 1228.122612][ T1575] ? ext4_dio_supported+0x630/0x630 [ 1228.122612][ T1575] ? __kasan_check_read+0x11/0x20 [ 1228.122612][ T1575] ? mark_lock+0xc2/0x1220 [ 1228.122612][ T1575] ? mark_lock+0xc2/0x1220 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1228.122612][ T1575] ? iov_iter_init+0xee/0x220 [ 1228.122612][ T1575] new_sync_write+0x4d3/0x770 [ 1228.122612][ T1575] ? new_sync_read+0x800/0x800 [ 1228.122612][ T1575] ? do_acct_process+0x354/0x1140 [ 1228.122612][ T1575] ? mark_held_locks+0xf0/0xf0 [ 1228.122612][ T1575] __vfs_write+0xe1/0x110 [ 1228.122612][ T1575] __kernel_write+0x11b/0x3b0 [ 1228.122612][ T1575] do_acct_process+0xd24/0x1140 [ 1228.122612][ T1575] ? acct_on+0x790/0x790 [ 1228.122612][ T1575] acct_process+0x559/0x60f [ 1228.122612][ T1575] ? acct_collect+0x850/0x850 [ 1228.122612][ T1575] ? fput_many+0x12c/0x1a0 [ 1228.122612][ T1575] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1228.122612][ T1575] do_exit+0x1b2e/0x2ef0 [ 1228.122612][ T1575] ? mm_update_next_owner+0x7c0/0x7c0 [ 1228.122612][ T1575] ? preempt_schedule_common+0x63/0xe0 [ 1228.122612][ T1575] ? preempt_schedule+0x4b/0x60 [ 1228.122612][ T1575] ? ___preempt_schedule+0x16/0x18 [ 1228.122612][ T1575] do_group_exit+0x135/0x360 [ 1228.122612][ T1575] __ia32_sys_exit_group+0x44/0x50 [ 1228.122612][ T1575] do_fast_syscall_32+0x27b/0xe16 [ 1228.122612][ T1575] entry_SYSENTER_compat+0x70/0x7f [ 1228.122612][ T1575] RIP: 0023:0xf7f59a39 [ 1228.122612][ T1575] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1228.122612][ T1575] RSP: 002b:00000000ffcb56ec EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 1228.122612][ T1575] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000000001e [ 1228.122612][ T1575] RDX: 00000000ffcb57c4 RSI: 0000000000000000 RDI: 000000000805971b [ 1228.122612][ T1575] RBP: 00000000fffffff7 R08: 0000000000000000 R09: 0000000000000000 [ 1228.122612][ T1575] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1228.122612][ T1575] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1228.953738][ T1575] Mem-Info: [ 1228.962941][ T1575] active_anon:43656 inactive_anon:233 isolated_anon:0 [ 1228.962941][ T1575] active_file:2878 inactive_file:17909 isolated_file:0 [ 1228.962941][ T1575] unevictable:0 dirty:31 writeback:0 unstable:0 [ 1228.962941][ T1575] slab_reclaimable:15727 slab_unreclaimable:59370 [ 1228.962941][ T1575] mapped:39903 shmem:307 pagetables:2812 bounce:0 [ 1228.962941][ T1575] free:145796 free_pcp:77 free_cma:0 [ 1229.020763][ T1575] Node 0 active_anon:139052kB inactive_anon:896kB active_file:4kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1229.072098][ T1575] Node 0 DMA free:2780kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:348kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1229.163734][ T1575] lowmem_reserve[]: 0 532 532 532 532 [ 1229.185880][ T1575] Node 0 DMA32 free:23680kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:138704kB inactive_anon:896kB active_file:4kB inactive_file:16kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9104kB pagetables:4896kB bounce:0kB free_pcp:312kB local_pcp:0kB free_cma:0kB [ 1229.266335][ T1575] lowmem_reserve[]: 0 0 0 0 0 [ 1229.274021][ T1575] Node 0 DMA: 21*4kB (UM) 12*8kB (UME) 15*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2884kB [ 1229.295721][ T1575] Node 0 DMA32: 1256*4kB (UME) 504*8kB (UME) 219*16kB (UME) 107*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 25200kB [ 1229.318987][ T1575] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1229.329624][ T1575] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1229.339719][ T1575] 13471 total pagecache pages [ 1229.347920][ T1575] 0 pages in swap cache [ 1229.357206][ T1575] Swap cache stats: add 0, delete 0, find 0/0 [ 1229.370354][ T1575] Free swap = 0kB [ 1229.379233][ T1575] Total swap = 0kB [ 1229.386749][ T1575] 524155 pages RAM [ 1229.391980][ T1575] 0 pages HighMem/MovableOnly [ 1229.397910][ T1575] 141707 pages reserved [ 1229.403790][ T1575] 0 pages cma reserved [ 1229.414232][ T1575] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=11012,uid=0 [ 1229.440379][ T1575] Out of memory: Killed process 11012 (syz-executor.3) total-vm:72480kB, anon-rss:144kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:56 executing program 0: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:56 executing program 3: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:56 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) [ 1229.464169][ T1129] oom_reaper: reaped process 11012 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:37:56 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) [ 1229.609349][ T1589] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 03:37:56 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) [ 1229.634968][ T1589] CPU: 2 PID: 1589 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 03:37:56 executing program 0: syz_emit_ethernet(0x12, &(0x7f0000000140)={@dev, @empty, [{}], {@generic={0x6558}}}, 0x0) [ 1229.644648][ T1589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1229.661495][ T1589] Call Trace: 03:37:56 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) [ 1229.665060][ T1589] dump_stack+0x197/0x210 [ 1229.670858][ T1589] dump_header+0x10b/0x82d 03:37:56 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 1229.671755][ T1589] oom_kill_process.cold+0x10/0x15 [ 1229.671755][ T1589] out_of_memory+0x334/0x13c0 [ 1229.671755][ T1589] ? oom_killer_disable+0x280/0x280 [ 1229.671755][ T1589] ? mutex_trylock+0x264/0x2f0 [ 1229.671755][ T1589] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1229.671755][ T1589] __alloc_pages_slowpath+0x222b/0x2920 03:37:56 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) [ 1229.671755][ T1589] ? warn_alloc+0x110/0x110 [ 1229.671755][ T1589] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1229.671755][ T1589] ? should_fail+0x1de/0x852 [ 1229.671755][ T1589] ? __kasan_check_read+0x11/0x20 [ 1229.671755][ T1589] __alloc_pages_nodemask+0x646/0x910 [ 1229.745073][ T1589] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1229.755393][ T1589] ? __kasan_check_read+0x11/0x20 [ 1229.764948][ T1589] ? __lock_acquire+0x16f2/0x4a00 [ 1229.775326][ T1589] ? pmd_val+0x85/0x100 [ 1229.784780][ T1589] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1229.795313][ T1589] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1229.817937][ T1589] alloc_pages_vma+0xdd/0x620 [ 1229.821778][ T1589] __handle_mm_fault+0x1ed5/0x3da0 [ 1229.835098][ T1589] ? vm_iomap_memory+0x1a0/0x1a0 [ 1229.835098][ T1589] ? handle_mm_fault+0x292/0xa50 [ 1229.864832][ T1589] ? handle_mm_fault+0x7a0/0xa50 [ 1229.874867][ T1589] ? __kasan_check_read+0x11/0x20 [ 1229.884824][ T1589] handle_mm_fault+0x3b2/0xa50 [ 1229.894701][ T1589] __get_user_pages+0x7b2/0x1ac0 [ 1229.908741][ T1589] ? follow_page_mask+0x1dd0/0x1dd0 [ 1229.914919][ T1589] ? process_vm_rw_core.isra.0+0x420/0xc60 [ 1229.914919][ T1589] get_user_pages_remote+0x234/0x4b0 [ 1229.934677][ T1589] process_vm_rw_core.isra.0+0x464/0xc60 [ 1229.934677][ T1589] ? alloc_vmap_area.cold+0x24/0x24 [ 1229.934677][ T1589] ? compat_rw_copy_check_uvector+0x180/0x4c0 [ 1229.954664][ T1589] ? compat_rw_copy_check_uvector+0x189/0x4c0 [ 1229.964684][ T1589] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1229.964684][ T1589] ? compat_rw_copy_check_uvector+0x36b/0x4c0 [ 1229.964684][ T1589] compat_process_vm_rw+0x21f/0x240 [ 1229.964684][ T1589] ? find_held_lock+0x35/0x130 [ 1229.985273][ T1589] ? process_vm_rw+0x240/0x240 [ 1229.985273][ T1589] ? lock_downgrade+0x920/0x920 [ 1229.996497][ T1589] ? __kasan_check_read+0x11/0x20 [ 1230.004934][ T1589] ? _copy_to_user+0x118/0x160 [ 1230.004934][ T1589] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1230.004934][ T1589] ? put_old_timespec32+0x113/0x200 [ 1230.025366][ T1589] ? get_old_timespec32+0x200/0x200 [ 1230.025366][ T1589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.034704][ T1589] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1230.034704][ T1589] ? do_fast_syscall_32+0xd1/0xe16 [ 1230.034704][ T1589] __ia32_compat_sys_process_vm_writev+0xe0/0x1a0 [ 1230.055339][ T1589] do_fast_syscall_32+0x27b/0xe16 [ 1230.055339][ T1589] entry_SYSENTER_compat+0x70/0x7f [ 1230.064702][ T1589] RIP: 0023:0xf7f3ca39 [ 1230.064702][ T1589] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1230.094691][ T1589] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 1230.105278][ T1589] RAX: ffffffffffffffda RBX: 00000000000035fa RCX: 0000000020000000 [ 1230.114691][ T1589] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 000000000000023a [ 1230.114691][ T1589] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1230.135326][ T1589] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1230.144704][ T1589] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1230.156291][ T1589] Mem-Info: [ 1230.160199][ T1589] active_anon:43566 inactive_anon:233 isolated_anon:0 [ 1230.160199][ T1589] active_file:2879 inactive_file:17907 isolated_file:0 [ 1230.160199][ T1589] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1230.160199][ T1589] slab_reclaimable:15706 slab_unreclaimable:59916 [ 1230.160199][ T1589] mapped:39890 shmem:307 pagetables:2786 bounce:0 [ 1230.160199][ T1589] free:145068 free_pcp:0 free_cma:0 [ 1230.206642][ T1589] Node 0 active_anon:138692kB inactive_anon:896kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:12kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1230.239190][ T1589] Node 0 DMA free:2832kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:332kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1230.274044][ T1589] lowmem_reserve[]: 0 532 532 532 532 [ 1230.280929][ T1589] Node 0 DMA32 free:24756kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:138160kB inactive_anon:896kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:20kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9160kB pagetables:4888kB bounce:0kB free_pcp:132kB local_pcp:12kB free_cma:0kB [ 1230.315891][ T1589] lowmem_reserve[]: 0 0 0 0 0 [ 1230.321111][ T1589] Node 0 DMA: 20*4kB (U) 19*8kB (UE) 14*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2920kB [ 1230.337769][ T1589] Node 0 DMA32: 1024*4kB (UME) 548*8kB (UME) 233*16kB (UME) 106*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 24816kB [ 1230.355697][ T1589] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1230.366559][ T1589] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1230.377799][ T1589] 13477 total pagecache pages [ 1230.383113][ T1589] 0 pages in swap cache [ 1230.387771][ T1589] Swap cache stats: add 0, delete 0, find 0/0 [ 1230.394451][ T1589] Free swap = 0kB [ 1230.398972][ T1589] Total swap = 0kB [ 1230.403070][ T1589] 524155 pages RAM [ 1230.407374][ T1589] 0 pages HighMem/MovableOnly [ 1230.412431][ T1589] 141707 pages reserved [ 1230.417108][ T1589] 0 pages cma reserved [ 1230.421839][ T1589] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=10982,uid=0 [ 1230.438944][ T1589] Out of memory: Killed process 10982 (syz-executor.3) total-vm:72480kB, anon-rss:144kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:37:57 executing program 3: r0 = gettid() madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f00000000c0)=[{&(0x7f0000217f28)=""/231, 0x5df211b9}], 0x23a, 0x0) 03:37:57 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) 03:37:57 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 03:37:57 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) [ 1230.463343][ T1129] oom_reaper: reaped process 10982 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:37:57 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) 03:37:57 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f0000000240)="caa5c2c78c3442d515d8f3a45ccc94ceccb6065885e6360d62309ff22e26c4c21ff262ec9159c63421a4086b01b98b0ee8c99f9aa06142a80c499f3f7436e803", 0x40}, {&(0x7f0000000140)="c1", 0x1}], 0x2, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'sm3-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) splice(r0, 0x0, r4, 0x0, 0x200000, 0x0) 03:37:57 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mount$fuseblk(&(0x7f0000000180)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='fuseblk\x00', 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 03:37:57 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) [ 1230.737362][ T1721] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1230.750645][ T1721] CPU: 0 PID: 1721 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1230.759993][ T1721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1230.760536][ T1721] Call Trace: [ 1230.760536][ T1721] dump_stack+0x197/0x210 [ 1230.760536][ T1721] dump_header+0x10b/0x82d [ 1230.760536][ T1721] oom_kill_process.cold+0x10/0x15 [ 1230.760536][ T1721] out_of_memory+0x334/0x13c0 [ 1230.760536][ T1721] ? oom_killer_disable+0x280/0x280 [ 1230.760536][ T1721] ? mutex_trylock+0x264/0x2f0 [ 1230.760536][ T1721] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1230.760536][ T1721] __alloc_pages_slowpath+0x222b/0x2920 [ 1230.760536][ T1721] ? warn_alloc+0x110/0x110 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1230.760536][ T1721] ? should_fail+0x1de/0x852 [ 1230.760536][ T1721] ? __kasan_check_read+0x11/0x20 [ 1230.760536][ T1721] __alloc_pages_nodemask+0x646/0x910 [ 1230.760536][ T1721] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1230.760536][ T1721] ? __kasan_check_read+0x11/0x20 [ 1230.760536][ T1721] ? __lock_acquire+0x16f2/0x4a00 [ 1230.760536][ T1721] ? pmd_val+0x85/0x100 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1230.760536][ T1721] alloc_pages_vma+0xdd/0x620 [ 1230.760536][ T1721] __handle_mm_fault+0x1ed5/0x3da0 [ 1230.760536][ T1721] ? vm_iomap_memory+0x1a0/0x1a0 [ 1230.760536][ T1721] ? handle_mm_fault+0x292/0xa50 [ 1230.760536][ T1721] ? handle_mm_fault+0x7a0/0xa50 [ 1230.760536][ T1721] ? __kasan_check_read+0x11/0x20 [ 1230.760536][ T1721] handle_mm_fault+0x3b2/0xa50 [ 1230.760536][ T1721] __get_user_pages+0x7b2/0x1ac0 [ 1230.760536][ T1721] ? follow_page_mask+0x1dd0/0x1dd0 [ 1230.760536][ T1721] ? process_vm_rw_core.isra.0+0x420/0xc60 [ 1230.760536][ T1721] get_user_pages_remote+0x234/0x4b0 [ 1230.760536][ T1721] process_vm_rw_core.isra.0+0x464/0xc60 [ 1230.760536][ T1721] ? alloc_vmap_area.cold+0x24/0x24 [ 1230.760536][ T1721] ? compat_rw_copy_check_uvector+0x180/0x4c0 [ 1230.760536][ T1721] ? compat_rw_copy_check_uvector+0x189/0x4c0 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1230.760536][ T1721] ? compat_rw_copy_check_uvector+0x36b/0x4c0 [ 1230.760536][ T1721] compat_process_vm_rw+0x21f/0x240 [ 1230.760536][ T1721] ? find_held_lock+0x35/0x130 [ 1230.760536][ T1721] ? process_vm_rw+0x240/0x240 [ 1230.760536][ T1721] ? lock_downgrade+0x920/0x920 [ 1230.760536][ T1721] ? __kasan_check_read+0x11/0x20 [ 1230.760536][ T1721] ? _copy_to_user+0x118/0x160 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1230.760536][ T1721] ? put_old_timespec32+0x113/0x200 [ 1230.760536][ T1721] ? get_old_timespec32+0x200/0x200 [ 1230.760536][ T1721] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1230.760536][ T1721] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1230.760536][ T1721] ? do_fast_syscall_32+0xd1/0xe16 [ 1230.760536][ T1721] __ia32_compat_sys_process_vm_writev+0xe0/0x1a0 [ 1230.760536][ T1721] do_fast_syscall_32+0x27b/0xe16 [ 1230.760536][ T1721] entry_SYSENTER_compat+0x70/0x7f [ 1230.760536][ T1721] RIP: 0023:0xf7f3ca39 [ 1230.760536][ T1721] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1230.760536][ T1721] RSP: 002b:00000000f5d380cc EFLAGS: 00000296 ORIG_RAX: 000000000000015c [ 1230.760536][ T1721] RAX: ffffffffffffffda RBX: 00000000000035fc RCX: 0000000020000000 [ 1230.760536][ T1721] RDX: 0000000000000001 RSI: 00000000200000c0 RDI: 000000000000023a [ 1230.760536][ T1721] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1230.760536][ T1721] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1230.760536][ T1721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1231.171788][ T1721] Mem-Info: [ 1231.175232][ T1721] active_anon:43830 inactive_anon:233 isolated_anon:0 [ 1231.175232][ T1721] active_file:2866 inactive_file:17932 isolated_file:0 [ 1231.175232][ T1721] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1231.175232][ T1721] slab_reclaimable:15709 slab_unreclaimable:59417 [ 1231.175232][ T1721] mapped:39916 shmem:307 pagetables:2729 bounce:0 [ 1231.175232][ T1721] free:145364 free_pcp:115 free_cma:0 [ 1231.216586][ T1721] Node 0 active_anon:139964kB inactive_anon:896kB active_file:0kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:12kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1231.247203][ T1721] Node 0 DMA free:2792kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:444kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1231.287099][ T1721] lowmem_reserve[]: 0 532 532 532 532 [ 1231.292971][ T1721] Node 0 DMA32 free:23168kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:139372kB inactive_anon:896kB active_file:0kB inactive_file:68kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4944kB bounce:0kB free_pcp:460kB local_pcp:232kB free_cma:0kB [ 1231.336835][ T1721] lowmem_reserve[]: 0 0 0 0 0 [ 1231.342591][ T1721] Node 0 DMA: 20*4kB (U) 18*8kB (UME) 13*16kB (UME) 10*32kB (UE) 4*64kB (U) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2800kB [ 1231.361666][ T1721] Node 0 DMA32: 982*4kB (UME) 297*8kB (UME) 246*16kB (UME) 106*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 22848kB [ 1231.379779][ T1721] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1231.389999][ T1721] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1231.400668][ T1721] 13487 total pagecache pages [ 1231.405728][ T1721] 0 pages in swap cache [ 1231.410628][ T1721] Swap cache stats: add 0, delete 0, find 0/0 [ 1231.419022][ T1721] Free swap = 0kB [ 1231.423050][ T1721] Total swap = 0kB [ 1231.427181][ T1721] 524155 pages RAM [ 1231.431309][ T1721] 0 pages HighMem/MovableOnly [ 1231.439350][ T1721] 141707 pages reserved [ 1231.445463][ T1721] 0 pages cma reserved [ 1231.451429][ T1721] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=10957,uid=0 [ 1231.468448][ T1721] Out of memory: Killed process 10957 (syz-executor.3) total-vm:72480kB, anon-rss:144kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1231.486699][ T1129] oom_reaper: reaped process 10957 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1231.535506][ T1723] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 1231.548608][ T1723] CPU: 3 PID: 1723 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1231.557673][ T1723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1231.558434][ T1723] Call Trace: [ 1231.558434][ T1723] dump_stack+0x197/0x210 [ 1231.558434][ T1723] dump_header+0x10b/0x82d [ 1231.558434][ T1723] ? oom_kill_process+0x94/0x420 [ 1231.558434][ T1723] oom_kill_process.cold+0x10/0x15 [ 1231.558434][ T1723] out_of_memory+0x334/0x13c0 [ 1231.558434][ T1723] ? oom_killer_disable+0x280/0x280 [ 1231.558434][ T1723] ? mutex_trylock+0x264/0x2f0 [ 1231.558434][ T1723] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1231.558434][ T1723] __alloc_pages_slowpath+0x222b/0x2920 [ 1231.558434][ T1723] ? warn_alloc+0x110/0x110 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1231.558434][ T1723] ? should_fail+0x1de/0x852 [ 1231.558434][ T1723] ? __kasan_check_read+0x11/0x20 [ 1231.558434][ T1723] __alloc_pages_nodemask+0x646/0x910 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1231.558434][ T1723] ? xas_start+0x166/0x560 [ 1231.558434][ T1723] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1231.558434][ T1723] ? __kasan_check_read+0x11/0x20 [ 1231.558434][ T1723] ? find_get_entry+0x4a6/0x7a0 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1231.558434][ T1723] alloc_pages_current+0x107/0x210 [ 1231.558434][ T1723] __page_cache_alloc+0x29d/0x490 [ 1231.558434][ T1723] pagecache_get_page+0x27e/0x9e0 [ 1231.558434][ T1723] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1231.558434][ T1723] grab_cache_page_write_begin+0x75/0xb0 [ 1231.558434][ T1723] ext4_da_write_begin+0x33b/0xc70 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1231.558434][ T1723] ? ext4_write_begin+0xdc0/0xdc0 [ 1231.558434][ T1723] ? copyin+0x150/0x150 [ 1231.558434][ T1723] ? __mark_inode_dirty+0x3d1/0x1390 [ 1231.558434][ T1723] generic_perform_write+0x23b/0x540 [ 1231.558434][ T1723] ? __mnt_drop_write_file+0x31/0x40 [ 1231.558434][ T1723] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1231.558434][ T1723] ? down_write+0xdf/0x150 [ 1231.558434][ T1723] ? file_modified+0x85/0xa0 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1231.558434][ T1723] ext4_buffered_write_iter+0x1fe/0x460 [ 1231.558434][ T1723] ext4_file_write_iter+0x20d/0x1770 [ 1231.558434][ T1723] ? stack_trace_save+0xac/0xe0 [ 1231.558434][ T1723] ? stack_trace_consume_entry+0x190/0x190 [ 1231.558434][ T1723] ? ext4_dio_supported+0x630/0x630 [ 1231.558434][ T1723] ? __kasan_check_read+0x11/0x20 [ 1231.558434][ T1723] ? mark_lock+0xc2/0x1220 [ 1231.558434][ T1723] ? mark_lock+0xc2/0x1220 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1231.558434][ T1723] ? iov_iter_init+0xee/0x220 [ 1231.558434][ T1723] new_sync_write+0x4d3/0x770 [ 1231.558434][ T1723] ? new_sync_read+0x800/0x800 [ 1231.558434][ T1723] ? do_acct_process+0x354/0x1140 [ 1231.558434][ T1723] ? mark_held_locks+0xf0/0xf0 [ 1231.558434][ T1723] __vfs_write+0xe1/0x110 [ 1231.558434][ T1723] __kernel_write+0x11b/0x3b0 [ 1231.558434][ T1723] do_acct_process+0xd24/0x1140 [ 1231.558434][ T1723] ? acct_on+0x790/0x790 [ 1231.558434][ T1723] acct_process+0x559/0x60f [ 1231.558434][ T1723] ? acct_collect+0x850/0x850 [ 1231.558434][ T1723] ? fput_many+0x12c/0x1a0 [ 1231.558434][ T1723] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1231.558434][ T1723] do_exit+0x1b2e/0x2ef0 [ 1231.558434][ T1723] ? mm_update_next_owner+0x7c0/0x7c0 [ 1231.558434][ T1723] ? preempt_schedule_common+0x63/0xe0 [ 1231.558434][ T1723] ? preempt_schedule+0x4b/0x60 [ 1231.558434][ T1723] ? ___preempt_schedule+0x16/0x18 [ 1231.558434][ T1723] do_group_exit+0x135/0x360 [ 1231.558434][ T1723] __ia32_sys_exit_group+0x44/0x50 [ 1231.558434][ T1723] do_fast_syscall_32+0x27b/0xe16 [ 1231.558434][ T1723] entry_SYSENTER_compat+0x70/0x7f [ 1231.558434][ T1723] RIP: 0023:0xf7f59a39 [ 1231.558434][ T1723] Code: Bad RIP value. [ 1231.558434][ T1723] RSP: 002b:00000000ffcb56ec EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 1231.558434][ T1723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000000001e [ 1231.558434][ T1723] RDX: 00000000ffcb57c4 RSI: 0000000000000000 RDI: 000000000805971b [ 1231.558434][ T1723] RBP: 00000000fffffff7 R08: 0000000000000000 R09: 0000000000000000 [ 1231.558434][ T1723] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1231.558434][ T1723] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1232.006812][ T1723] Mem-Info: [ 1232.010216][ T1723] active_anon:43816 inactive_anon:233 isolated_anon:0 [ 1232.010216][ T1723] active_file:2888 inactive_file:17922 isolated_file:0 [ 1232.010216][ T1723] unevictable:0 dirty:0 writeback:4 unstable:0 [ 1232.010216][ T1723] slab_reclaimable:15708 slab_unreclaimable:59308 [ 1232.010216][ T1723] mapped:39903 shmem:307 pagetables:2738 bounce:0 [ 1232.010216][ T1723] free:145374 free_pcp:123 free_cma:0 [ 1232.053784][ T1723] Node 0 active_anon:140016kB inactive_anon:896kB active_file:44kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:4kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1232.083888][ T1723] Node 0 DMA free:2808kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:436kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1232.118502][ T1723] lowmem_reserve[]: 0 532 532 532 532 [ 1232.124689][ T1723] Node 0 DMA32 free:23472kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:139580kB inactive_anon:896kB active_file:44kB inactive_file:0kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4988kB bounce:0kB free_pcp:492kB local_pcp:16kB free_cma:0kB [ 1232.171638][ T1723] lowmem_reserve[]: 0 0 0 0 0 [ 1232.182035][ T1723] Node 0 DMA: 20*4kB (U) 19*8kB (UME) 13*16kB (UME) 10*32kB (UE) 4*64kB (U) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2808kB [ 1232.209910][ T1723] Node 0 DMA32: 982*4kB (UME) 361*8kB (UME) 251*16kB (UME) 106*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23440kB [ 1232.230663][ T1723] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1232.241209][ T1723] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1232.242023][ T0] NOHZ: local_softirq_pending 08 [ 1232.251571][ T1723] 13495 total pagecache pages [ 1232.264440][ T1723] 0 pages in swap cache [ 1232.269192][ T1723] Swap cache stats: add 0, delete 0, find 0/0 [ 1232.275704][ T1723] Free swap = 0kB [ 1232.279527][ T1723] Total swap = 0kB [ 1232.283297][ T1723] 524155 pages RAM [ 1232.287889][ T1723] 0 pages HighMem/MovableOnly [ 1232.294023][ T1723] 141707 pages reserved [ 1232.299056][ T1723] 0 pages cma reserved [ 1232.303713][ T1723] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14772,uid=0 [ 1232.320820][ T1723] Out of memory: Killed process 14772 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1232.341261][ T1129] oom_reaper: reaped process 14772 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1232.427985][ T1723] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 1232.444053][ T1723] CPU: 0 PID: 1723 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1232.453754][ T1723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1232.453754][ T1723] Call Trace: [ 1232.453754][ T1723] dump_stack+0x197/0x210 [ 1232.453754][ T1723] dump_header+0x10b/0x82d [ 1232.453754][ T1723] ? oom_kill_process+0x94/0x420 [ 1232.453754][ T1723] oom_kill_process.cold+0x10/0x15 [ 1232.453754][ T1723] out_of_memory+0x334/0x13c0 [ 1232.453754][ T1723] ? oom_killer_disable+0x280/0x280 [ 1232.453754][ T1723] ? mutex_trylock+0x264/0x2f0 [ 1232.453754][ T1723] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1232.453754][ T1723] __alloc_pages_slowpath+0x222b/0x2920 [ 1232.453754][ T1723] ? warn_alloc+0x110/0x110 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1232.453754][ T1723] ? should_fail+0x1de/0x852 [ 1232.453754][ T1723] ? __kasan_check_read+0x11/0x20 [ 1232.453754][ T1723] __alloc_pages_nodemask+0x646/0x910 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1232.453754][ T1723] ? xas_start+0x166/0x560 [ 1232.453754][ T1723] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1232.453754][ T1723] ? __kasan_check_read+0x11/0x20 [ 1232.453754][ T1723] ? find_get_entry+0x4a6/0x7a0 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1232.453754][ T1723] alloc_pages_current+0x107/0x210 [ 1232.453754][ T1723] __page_cache_alloc+0x29d/0x490 [ 1232.453754][ T1723] pagecache_get_page+0x27e/0x9e0 [ 1232.453754][ T1723] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1232.453754][ T1723] grab_cache_page_write_begin+0x75/0xb0 [ 1232.453754][ T1723] ext4_da_write_begin+0x33b/0xc70 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1232.453754][ T1723] ? ext4_write_begin+0xdc0/0xdc0 [ 1232.453754][ T1723] ? copyin+0x150/0x150 [ 1232.453754][ T1723] ? __mark_inode_dirty+0x3d1/0x1390 [ 1232.453754][ T1723] generic_perform_write+0x23b/0x540 [ 1232.453754][ T1723] ? __mnt_drop_write_file+0x31/0x40 [ 1232.453754][ T1723] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1232.453754][ T1723] ? down_write+0xdf/0x150 [ 1232.453754][ T1723] ? file_modified+0x85/0xa0 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1232.453754][ T1723] ext4_buffered_write_iter+0x1fe/0x460 [ 1232.453754][ T1723] ext4_file_write_iter+0x20d/0x1770 [ 1232.453754][ T1723] ? stack_trace_save+0xac/0xe0 [ 1232.453754][ T1723] ? stack_trace_consume_entry+0x190/0x190 [ 1232.453754][ T1723] ? ext4_dio_supported+0x630/0x630 [ 1232.453754][ T1723] ? __kasan_check_read+0x11/0x20 [ 1232.453754][ T1723] ? mark_lock+0xc2/0x1220 [ 1232.453754][ T1723] ? mark_lock+0xc2/0x1220 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1232.453754][ T1723] ? iov_iter_init+0xee/0x220 [ 1232.453754][ T1723] new_sync_write+0x4d3/0x770 [ 1232.453754][ T1723] ? new_sync_read+0x800/0x800 [ 1232.453754][ T1723] ? do_acct_process+0x354/0x1140 [ 1232.453754][ T1723] ? mark_held_locks+0xf0/0xf0 [ 1232.453754][ T1723] __vfs_write+0xe1/0x110 [ 1232.453754][ T1723] __kernel_write+0x11b/0x3b0 [ 1232.453754][ T1723] do_acct_process+0xd24/0x1140 [ 1232.453754][ T1723] ? acct_on+0x790/0x790 [ 1232.453754][ T1723] acct_process+0x559/0x60f [ 1232.453754][ T1723] ? acct_collect+0x850/0x850 [ 1232.453754][ T1723] ? fput_many+0x12c/0x1a0 [ 1232.453754][ T1723] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1232.453754][ T1723] do_exit+0x1b2e/0x2ef0 [ 1232.453754][ T1723] ? mm_update_next_owner+0x7c0/0x7c0 [ 1232.453754][ T1723] ? preempt_schedule_common+0x63/0xe0 [ 1232.453754][ T1723] ? preempt_schedule+0x4b/0x60 [ 1232.453754][ T1723] ? ___preempt_schedule+0x16/0x18 [ 1232.453754][ T1723] do_group_exit+0x135/0x360 [ 1232.453754][ T1723] __ia32_sys_exit_group+0x44/0x50 [ 1232.453754][ T1723] do_fast_syscall_32+0x27b/0xe16 [ 1232.453754][ T1723] entry_SYSENTER_compat+0x70/0x7f [ 1232.453754][ T1723] RIP: 0023:0xf7f59a39 [ 1232.453754][ T1723] Code: Bad RIP value. [ 1232.453754][ T1723] RSP: 002b:00000000ffcb56ec EFLAGS: 00000286 ORIG_RAX: 00000000000000fc [ 1232.453754][ T1723] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000000001e [ 1232.453754][ T1723] RDX: 00000000ffcb57c4 RSI: 0000000000000000 RDI: 000000000805971b [ 1232.453754][ T1723] RBP: 00000000fffffff7 R08: 0000000000000000 R09: 0000000000000000 [ 1232.453754][ T1723] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1232.453754][ T1723] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1232.916623][ T1723] Mem-Info: [ 1232.921237][ T1723] active_anon:43786 inactive_anon:233 isolated_anon:0 [ 1232.921237][ T1723] active_file:2876 inactive_file:17943 isolated_file:0 [ 1232.921237][ T1723] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1232.921237][ T1723] slab_reclaimable:15708 slab_unreclaimable:59439 [ 1232.921237][ T1723] mapped:39903 shmem:307 pagetables:2713 bounce:0 [ 1232.921237][ T1723] free:145157 free_pcp:123 free_cma:0 [ 1232.961659][ T1723] Node 0 active_anon:140016kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1232.993563][ T1723] Node 0 DMA free:2808kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:436kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1233.026921][ T1723] lowmem_reserve[]: 0 532 532 532 532 [ 1233.035656][ T1723] Node 0 DMA32 free:22520kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:139580kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4988kB bounce:0kB free_pcp:492kB local_pcp:244kB free_cma:0kB [ 1233.086732][ T1723] lowmem_reserve[]: 0 0 0 0 0 03:38:00 executing program 0: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) 03:38:00 executing program 3: add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000100)="35c964724b", 0x5, 0xfffffffffffffffd) [ 1233.092849][ T1723] Node 0 DMA: 18*4kB (UM) 23*8kB (UE) 14*16kB (UME) 10*32kB (UE) 4*64kB (U) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2848kB 03:38:00 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) [ 1233.130672][ T1723] Node 0 DMA32: 1182*4kB (UME) 469*8kB (UME) 258*16kB (UME) 107*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 25248kB 03:38:00 executing program 0: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) [ 1233.158348][ T1723] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1233.175119][ T1723] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1233.193183][ T1723] 13504 total pagecache pages [ 1233.202552][ T1723] 0 pages in swap cache [ 1233.211170][ T1723] Swap cache stats: add 0, delete 0, find 0/0 [ 1233.235573][ T1723] Free swap = 0kB [ 1233.249775][ T1723] Total swap = 0kB [ 1233.265260][ T1723] 524155 pages RAM [ 1233.277568][ T1723] 0 pages HighMem/MovableOnly [ 1233.291116][ T1723] 141707 pages reserved [ 1233.302009][ T1723] 0 pages cma reserved [ 1233.312136][ T1723] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=11308,uid=0 [ 1233.351790][ T1723] Out of memory: Killed process 11308 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 03:38:00 executing program 3: add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000100)="35c964724b", 0x5, 0xfffffffffffffffd) 03:38:00 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) r1 = socket$netlink(0x10, 0x3, 0x0) dup3(r1, r0, 0x0) 03:38:00 executing program 0: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 2: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 3: add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000100)="35c964724b", 0x5, 0xfffffffffffffffd) 03:38:00 executing program 0: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 2: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 3: add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f0000000100)="35c964724b", 0x5, 0xfffffffffffffffd) 03:38:00 executing program 1: r0 = socket$inet(0x2, 0x803, 0x85) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x5, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000514ff0), 0x10) 03:38:00 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd607f81dd057f0000fe80000000000000000000000000000000000000000000000000ffffac1e0001000000000000000005020000000000000008000000000000ff010000000000000000000000000001fe880000000000000000000000000001ff01000000000000000000000000000100000000000000000000ffffac1414bb00140000000000000103000000003fd6af6fb5496040ec3fbfcee02dc046bf41f6b203c89dc1e20cf57c26afd7f0ba0d901bfedf19eccad1ad15aaa6eef00df6bcb8a0cc2ae1db0107e256ad9f01040100c910ff01000000000000000000000000000100445c8edcc4a11f2a6094f67fcb0099111b8df1c3acb034e60f144021218d86007caeeec04c049b3a6cef5e9e8ab2a9a722d604e300ee1ef57fc9c3526717542330a3a67bfd000000000000000002040100000000fe8000000000000000000000000000aa0000000000000000001c0000000000000740000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007280000000008000000000000000000000000000000000000000000000000000000000000000000000000255502675e2355db906d875d681d6c83fbff7b50b2cc3c9683b973fc7b75d506b2119388115d071000000000020000000000000000000000c2040000000007280000000008000000000000000000000000000000000000000000000000000000000000000000000005020000050200000102000000000000000000000b000000000000075800000000140000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030090780000000060af266d0000000000000000000000000000ffff0000000000000000000000000000ffff000000000008040400000000dca9351cc6f307458cd9fb5e518ab63cff020000000000000000000000000001fe8000000000000000000000000000bbff010000000000000000000000000001001600000000000000010004010005020000000100040100009f3af643d06a0a421eb71289619ebaf6433ec8ef95ee9b09321b8f750201c8d3af46f7e8d0b077992af9619c5ef009e593dbb0e087c770b795ce01c9caeafd0eedd209d9f1bd6283cf37cde132496e1843b99d3f80e0c08c10b66cc705c508f9d02c9c5fc9f747993105e2d7c3d880d076c74676899944e45d0e02798a5ea290939c5adfdd1d6cf2dc927fc668810f45efefb3442c7a5a9e52351cb03ea582e6000000000000000010040800000000ff02000000000000000000000000000100000000000000000000000000000001fe800000000000000000000000000000a64d3cb2a7b617de64feb4df9d3fab71000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000fe8000000000000000000000000000bb000604030000000000000000000000000000000000000000fe80000000000000000000000000000000000000000000000000ffffffffffff000c000000000000000100040100c910fe880000000000000000000000000001c910fe800000000000000000000000000000c91045ee00000000000000000000000000080720000000000600000000000000000000000000000000000000000000000000000000010000000000000000000a000000000000fe80000000000000000000000000000000000000000000000000ffb625be483dc69e2000000000000000000000000001fe8000000000000000000000000000aa00000000000000000000ffffffffffffc0ca705de1e04e01a7484dd362ccb5a6ef9a891605475de2426fda4ad199b4"], 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x13, 0x10, 0x4}, 0x3c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0xb, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x10000000}, [@map={0x18, 0x0, 0x1, 0x0, r0}]}, &(0x7f0000000440)='syzkaller\x00', 0x5, 0x401, &(0x7f0000000200)=""/144}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000880)={r1, 0xc0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) 03:38:00 executing program 2: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) write(r0, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000785000), 0x34a) writev(r0, &(0x7f00000013c0)=[{&(0x7f00000000c0)="da", 0x1}], 0x1) sendmmsg$alg(r1, &(0x7f0000236fc8)=[{0x8004000, 0x0, 0x0}], 0x1, 0x0) 03:38:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000003e40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c, 0x0}}], 0x2, 0x8000) 03:38:00 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 03:38:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000003e40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c, 0x0}}], 0x2, 0x8000) 03:38:00 executing program 1: r0 = socket$inet(0x2, 0x803, 0x85) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x5, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000514ff0), 0x10) 03:38:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000003e40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c, 0x0}}], 0x2, 0x8000) 03:38:00 executing program 1: r0 = socket$inet(0x2, 0x803, 0x85) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x5, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000514ff0), 0x10) 03:38:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000480)="390000001300090468fe0700000000000000ff3f02000000450100010000000004002b000a0001005fa4ee1ee438d2fd000000000000006e00", 0x39}], 0x1) 03:38:00 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000003e40)=[{{&(0x7f0000000000)={0xa, 0x4e24, 0x0, @loopback}, 0x1c, 0x0}}, {{&(0x7f00000002c0)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c, 0x0}}], 0x2, 0x8000) 03:38:00 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 03:38:00 executing program 1: r0 = socket$inet(0x2, 0x803, 0x85) setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000000)=0x5, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000514ff0), 0x10) [ 1233.783683][ T1884] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:00 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @local}, 0x28, {0x2, 0x0, @remote}, 'tunl0\x00'}) 03:38:00 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @enum]}, {0x0, [0x0, 0x61]}}, &(0x7f0000003580)=""/4096, 0x44, 0x1000, 0x1041}, 0x20) 03:38:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000480)="390000001300090468fe0700000000000000ff3f02000000450100010000000004002b000a0001005fa4ee1ee438d2fd000000000000006e00", 0x39}], 0x1) 03:38:01 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @enum]}, {0x0, [0x0, 0x61]}}, &(0x7f0000003580)=""/4096, 0x44, 0x1000, 0x1041}, 0x20) 03:38:01 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 03:38:01 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @local}, 0x28, {0x2, 0x0, @remote}, 'tunl0\x00'}) [ 1233.852966][ T1890] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:01 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @enum]}, {0x0, [0x0, 0x61]}}, &(0x7f0000003580)=""/4096, 0x44, 0x1000, 0x1041}, 0x20) 03:38:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000480)="390000001300090468fe0700000000000000ff3f02000000450100010000000004002b000a0001005fa4ee1ee438d2fd000000000000006e00", 0x39}], 0x1) 03:38:01 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @local}, 0x28, {0x2, 0x0, @remote}, 'tunl0\x00'}) 03:38:01 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x0, 0x0, 0xd, 0x3}, @enum]}, {0x0, [0x0, 0x61]}}, &(0x7f0000003580)=""/4096, 0x44, 0x1000, 0x1041}, 0x20) [ 1233.915216][ T1900] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:01 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) 03:38:01 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{}, {0x0, @local}, 0x28, {0x2, 0x0, @remote}, 'tunl0\x00'}) 03:38:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000480)="390000001300090468fe0700000000000000ff3f02000000450100010000000004002b000a0001005fa4ee1ee438d2fd000000000000006e00", 0x39}], 0x1) [ 1233.972411][ T1913] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:01 executing program 3: r0 = socket$inet(0x2, 0x803, 0xa0) setsockopt$sock_timeval(r0, 0x1, 0x22, &(0x7f0000000000), 0x10) 03:38:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x14, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 03:38:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg(r0, &(0x7f0000000800)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0xc}], 0xc}, 0x0) 03:38:01 executing program 2: r0 = open(&(0x7f0000000080)='./file0\x00', 0x60040, 0x0) flock(r0, 0x2) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) flock(r1, 0x2) 03:38:01 executing program 3: r0 = socket$inet(0x2, 0x803, 0xa0) setsockopt$sock_timeval(r0, 0x1, 0x22, &(0x7f0000000000), 0x10) 03:38:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg(r0, &(0x7f0000000800)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0xc}], 0xc}, 0x0) 03:38:01 executing program 3: r0 = socket$inet(0x2, 0x803, 0xa0) setsockopt$sock_timeval(r0, 0x1, 0x22, &(0x7f0000000000), 0x10) 03:38:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg(r0, &(0x7f0000000800)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0xc}], 0xc}, 0x0) 03:38:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x14, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 03:38:01 executing program 0: r0 = socket$kcm(0xa, 0x2, 0x73) sendmsg(r0, &(0x7f0000000800)={&(0x7f00000000c0)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[{0xc}], 0xc}, 0x0) 03:38:01 executing program 3: r0 = socket$inet(0x2, 0x803, 0xa0) setsockopt$sock_timeval(r0, 0x1, 0x22, &(0x7f0000000000), 0x10) 03:38:01 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000380)="df", 0x1}], 0x1, &(0x7f0000000980)=[@sndrcv={0x30}], 0x30}, 0x0) 03:38:01 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x14, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 03:38:01 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffff9c}}, &(0x7f0000e6bffc)='GPL\xfb', 0x1, 0x99, &(0x7f000000d000)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000180), 0x10}, 0x46) 03:38:01 executing program 3: syz_emit_ethernet(0x32, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 03:38:02 executing program 3: syz_emit_ethernet(0x32, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 03:38:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000380)="df", 0x1}], 0x1, &(0x7f0000000980)=[@sndrcv={0x30}], 0x30}, 0x0) 03:38:02 executing program 1: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x14, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 03:38:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000380)="df", 0x1}], 0x1, &(0x7f0000000980)=[@sndrcv={0x30}], 0x30}, 0x0) 03:38:02 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000280)={&(0x7f0000000140)=@in={0x2, 0x0, @remote}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000380)="df", 0x1}], 0x1, &(0x7f0000000980)=[@sndrcv={0x30}], 0x30}, 0x0) 03:38:02 executing program 3: syz_emit_ethernet(0x32, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 03:38:02 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffff9c}}, &(0x7f0000e6bffc)='GPL\xfb', 0x1, 0x99, &(0x7f000000d000)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000180), 0x10}, 0x46) 03:38:02 executing program 3: syz_emit_ethernet(0x32, &(0x7f0000000cc0)={@link_local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}}}}}}, 0x0) 03:38:02 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@overriderock='overriderockperm'}]}) 03:38:02 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffff9c}}, &(0x7f0000e6bffc)='GPL\xfb', 0x1, 0x99, &(0x7f000000d000)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000180), 0x10}, 0x46) 03:38:02 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x50000000000, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c000000240007050000003225ed5408567c1abf", @ANYRES32=r2, @ANYBLOB="00000060ffffffff000000f20a000100636f64656c00fdff4b000200080005000000000008000200000000000800ffffffff0000080003200000000008000400000081000000000800010004000000a802040000000015cf000000000000e2ffa248c0b5"], 0x7c}}, 0x0) [ 1235.142122][ T1979] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:38:02 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x3, &(0x7f0000000100)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2a, 0xffffff9c}}, &(0x7f0000e6bffc)='GPL\xfb', 0x1, 0x99, &(0x7f000000d000)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000001c0), 0x8, 0x10, &(0x7f0000000180), 0x10}, 0x46) [ 1235.150139][ T1985] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1235.175096][ T1979] CPU: 1 PID: 1979 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1235.200061][ T1979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1235.236171][ T1979] Call Trace: 03:38:02 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="33000000190081ae08060c04000f000480207f03fe0400058701546f170009000800000000006596bc014e18bbdfede6efb408", 0x33}], 0x1, 0x0, 0x0, 0xf00}, 0x0) [ 1235.236171][ T1979] dump_stack+0x197/0x210 [ 1235.236171][ T1979] dump_header+0x10b/0x82d [ 1235.288277][ T1979] ? oom_kill_process+0x94/0x420 [ 1235.288277][ T1979] oom_kill_process.cold+0x10/0x15 [ 1235.306361][ T1980] ISOFS: Unable to identify CD-ROM format. [ 1235.288277][ T1979] out_of_memory+0x334/0x13c0 [ 1235.288277][ T1979] ? oom_killer_disable+0x280/0x280 [ 1235.288277][ T1979] ? mutex_trylock+0x264/0x2f0 [ 1235.288277][ T1979] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1235.288277][ T1979] __alloc_pages_slowpath+0x222b/0x2920 [ 1235.288277][ T1979] ? warn_alloc+0x110/0x110 [ 1235.288277][ T1979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1235.288277][ T1979] ? should_fail+0x1de/0x852 [ 1235.288277][ T1979] ? __kasan_check_read+0x11/0x20 [ 1235.288277][ T1979] __alloc_pages_nodemask+0x646/0x910 [ 1235.288277][ T1979] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1235.288277][ T1979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1235.288277][ T1979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1235.288277][ T1979] alloc_pages_vma+0xdd/0x620 [ 1235.288277][ T1979] wp_page_copy+0x226/0x1560 [ 1235.288277][ T1979] ? find_held_lock+0x35/0x130 [ 1235.288277][ T1979] ? follow_pfn+0x2a0/0x2a0 [ 1235.288277][ T1979] ? lock_downgrade+0x920/0x920 [ 1235.288277][ T1979] ? swp_swapcount+0x540/0x540 [ 1235.288277][ T1979] ? do_raw_spin_unlock+0x178/0x270 [ 1235.288277][ T1979] do_wp_page+0x543/0x1540 [ 1235.288277][ T1979] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1235.288277][ T1979] __handle_mm_fault+0x327b/0x3da0 [ 1235.288277][ T1979] ? vm_iomap_memory+0x1a0/0x1a0 [ 1235.288277][ T1979] ? handle_mm_fault+0x292/0xa50 [ 1235.288277][ T1979] ? handle_mm_fault+0x7a0/0xa50 [ 1235.288277][ T1979] ? __kasan_check_read+0x11/0x20 [ 1235.288277][ T1979] handle_mm_fault+0x3b2/0xa50 [ 1235.288277][ T1979] __do_page_fault+0x536/0xd80 [ 1235.288277][ T1979] do_page_fault+0x38/0x590 [ 1235.288277][ T1979] do_async_page_fault+0x30/0xa0 [ 1235.288277][ T1979] async_page_fault+0x39/0x40 [ 1235.288277][ T1979] RIP: 0010:__put_user_4+0x1c/0x30 [ 1235.288277][ T1979] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1235.288277][ T1979] RSP: 0018:ffffc90002757f30 EFLAGS: 00050293 [ 1235.288277][ T1979] RAX: 0000000000003623 RBX: 00007fffffffeffd RCX: 000000000a035968 [ 1235.288277][ T1979] RDX: dffffc0000000000 RSI: 1ffff110027a33b3 RDI: ffff888013d19ab0 [ 1235.288277][ T1979] RBP: ffffc90002757f48 R08: 0000000000000001 R09: ffff888013d19d90 [ 1235.288277][ T1979] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1235.288277][ T1979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1235.288277][ T1979] ? schedule_tail+0xd8/0x130 [ 1235.288277][ T1979] ret_from_fork+0x8/0x30 [ 1235.288277][ T1979] RIP: 0023:0xf7f3ca39 [ 1235.288277][ T1979] Code: Bad RIP value. [ 1235.288277][ T1979] RSP: 002b:00000000ffd5da60 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1235.288277][ T1979] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1235.288277][ T1979] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000a035968 [ 1235.288277][ T1979] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1235.288277][ T1979] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1235.288277][ T1979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1235.842647][ T1979] Mem-Info: [ 1235.847931][ T1979] active_anon:43130 inactive_anon:232 isolated_anon:0 [ 1235.847931][ T1979] active_file:2923 inactive_file:17948 isolated_file:0 [ 1235.847931][ T1979] unevictable:0 dirty:13 writeback:0 unstable:0 [ 1235.847931][ T1979] slab_reclaimable:15649 slab_unreclaimable:59534 [ 1235.847931][ T1979] mapped:39902 shmem:307 pagetables:2724 bounce:0 [ 1235.847931][ T1979] free:146875 free_pcp:114 free_cma:0 [ 1235.852121][ T1985] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.1'. 03:38:03 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="33000000190081ae08060c04000f000480207f03fe0400058701546f170009000800000000006596bc014e18bbdfede6efb408", 0x33}], 0x1, 0x0, 0x0, 0xf00}, 0x0) [ 1235.897902][ T1979] Node 0 active_anon:137184kB inactive_anon:896kB active_file:12kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:12kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes 03:38:03 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x50000000000, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c000000240007050000003225ed5408567c1abf", @ANYRES32=r2, @ANYBLOB="00000060ffffffff000000f20a000100636f64656c00fdff4b000200080005000000000008000200000000000800ffffffff0000080003200000000008000400000081000000000800010004000000a802040000000015cf000000000000e2ffa248c0b5"], 0x7c}}, 0x0) [ 1235.897908][ T1979] Node 0 DMA free:2852kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1235.897929][ T1979] lowmem_reserve[]: 0 532 532 532 532 [ 1235.993584][ T1979] Node 0 DMA32 free:24608kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136916kB inactive_anon:896kB active_file:12kB inactive_file:20kB unevictable:0kB writepending:12kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9200kB pagetables:4832kB bounce:0kB free_pcp:688kB local_pcp:4kB free_cma:0kB [ 1236.042026][ T1979] lowmem_reserve[]: 0 0 0 0 0 [ 1236.047876][ T1979] Node 0 DMA: 29*4kB (UME) 4*8kB (UM) 12*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2804kB [ 1236.068554][ T1979] Node 0 DMA32: 1435*4kB (UME) 480*8kB (UME) 192*16kB (UME) 90*32kB (UME) 42*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 24748kB [ 1236.072810][ T1998] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1236.091437][ T1979] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.091445][ T1979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.091449][ T1979] 13530 total pagecache pages [ 1236.091454][ T1979] 0 pages in swap cache [ 1236.091459][ T1979] Swap cache stats: add 0, delete 0, find 0/0 [ 1236.091463][ T1979] Free swap = 0kB [ 1236.091466][ T1979] Total swap = 0kB [ 1236.091470][ T1979] 524155 pages RAM [ 1236.091474][ T1979] 0 pages HighMem/MovableOnly [ 1236.091477][ T1979] 141707 pages reserved [ 1236.091481][ T1979] 0 pages cma reserved [ 1236.091488][ T1979] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=11299,uid=0 [ 1236.091979][ T1979] Out of memory: Killed process 11299 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1236.213978][ T1129] oom_reaper: reaped process 11299 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1236.309998][ T1979] syz-executor.3 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1236.325498][ T1979] CPU: 1 PID: 1979 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1236.336456][ T1979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1236.356658][ T1979] Call Trace: [ 1236.368117][ T1979] dump_stack+0x197/0x210 [ 1236.379045][ T1979] dump_header+0x10b/0x82d [ 1236.388690][ T1979] ? oom_kill_process+0x94/0x420 [ 1236.403625][ T1979] oom_kill_process.cold+0x10/0x15 [ 1236.415917][ T1979] out_of_memory+0x334/0x13c0 [ 1236.428844][ T1979] ? oom_killer_disable+0x280/0x280 [ 1236.434962][ T1979] ? mutex_trylock+0x264/0x2f0 [ 1236.444814][ T1979] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1236.464970][ T1979] __alloc_pages_slowpath+0x222b/0x2920 [ 1236.476377][ T1979] ? warn_alloc+0x110/0x110 [ 1236.484877][ T1979] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1236.495317][ T1979] ? should_fail+0x1de/0x852 [ 1236.495317][ T1979] ? __kasan_check_read+0x11/0x20 [ 1236.504886][ T1979] __alloc_pages_nodemask+0x646/0x910 [ 1236.515354][ T1979] ? __pte_alloc+0x1b5/0x310 [ 1236.534896][ T1979] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1236.544840][ T1979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1236.556131][ T1979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1236.563020][ T1979] alloc_pages_vma+0xdd/0x620 [ 1236.571476][ T1979] __handle_mm_fault+0x1ed5/0x3da0 [ 1236.577297][ T1979] ? vm_iomap_memory+0x1a0/0x1a0 [ 1236.583066][ T1979] ? handle_mm_fault+0x292/0xa50 [ 1236.590177][ T1979] ? handle_mm_fault+0x7a0/0xa50 [ 1236.599830][ T1979] ? __kasan_check_read+0x11/0x20 [ 1236.607365][ T1979] handle_mm_fault+0x3b2/0xa50 [ 1236.615315][ T1979] __do_page_fault+0x536/0xd80 [ 1236.622319][ T1979] do_page_fault+0x38/0x590 [ 1236.632369][ T1979] do_async_page_fault+0x30/0xa0 [ 1236.644056][ T1979] async_page_fault+0x39/0x40 [ 1236.655387][ T1979] RIP: 0023:0x8048523 [ 1236.655387][ T1979] Code: 3a 03 00 00 8b 44 24 20 8b 54 24 24 0b 44 24 28 0b 54 24 2c 09 c2 75 19 8b 44 24 0c 0b 44 24 08 75 20 8b 7c 24 1c 8a 44 24 30 <88> 07 e9 71 03 00 00 8b 44 24 1c 0f b6 28 8b 44 24 0c 0b 44 24 08 [ 1236.688442][ T1979] RSP: 002b:00000000ffd5d860 EFLAGS: 00010246 [ 1236.698186][ T1979] RAX: 0000000000000001 RBX: 000000000812b000 RCX: 00000000ad63dd37 [ 1236.704788][ T1979] RDX: 0000000000000000 RSI: 00000000ffd5d9f0 RDI: 0000000020000cc0 [ 1236.720505][ T1979] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1236.724812][ T1979] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 1236.743020][ T1979] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1236.758431][ T1979] Mem-Info: [ 1236.762583][ T1979] active_anon:43034 inactive_anon:233 isolated_anon:0 [ 1236.762583][ T1979] active_file:2878 inactive_file:17958 isolated_file:0 [ 1236.762583][ T1979] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1236.762583][ T1979] slab_reclaimable:15649 slab_unreclaimable:59639 [ 1236.762583][ T1979] mapped:39903 shmem:307 pagetables:2660 bounce:0 [ 1236.762583][ T1979] free:146710 free_pcp:212 free_cma:0 [ 1236.816109][ T1979] Node 0 active_anon:137196kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1236.851522][ T1979] Node 0 DMA free:2804kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1236.888618][ T1979] lowmem_reserve[]: 0 532 532 532 532 [ 1236.899220][ T1979] Node 0 DMA32 free:23580kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136928kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4880kB bounce:0kB free_pcp:848kB local_pcp:220kB free_cma:0kB [ 1236.938642][ T1979] lowmem_reserve[]: 0 0 0 0 0 [ 1236.944271][ T1979] Node 0 DMA: 29*4kB (UME) 4*8kB (UM) 12*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2804kB [ 1236.962390][ T1979] Node 0 DMA32: 1249*4kB (UME) 499*8kB (UME) 186*16kB (UME) 75*32kB (ME) 40*64kB (UM) 19*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23452kB [ 1236.981780][ T1979] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1236.992912][ T1979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1237.005115][ T1979] 13519 total pagecache pages [ 1237.010810][ T1979] 0 pages in swap cache [ 1237.015473][ T1979] Swap cache stats: add 0, delete 0, find 0/0 [ 1237.022414][ T1979] Free swap = 0kB [ 1237.027199][ T1979] Total swap = 0kB [ 1237.031189][ T1979] 524155 pages RAM [ 1237.035880][ T1979] 0 pages HighMem/MovableOnly [ 1237.041320][ T1979] 141707 pages reserved [ 1237.046743][ T1979] 0 pages cma reserved [ 1237.051914][ T1979] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=11287,uid=0 [ 1237.070813][ T1979] Out of memory: Killed process 11287 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:114688kB oom_score_adj:1000 [ 1237.091312][ T1129] oom_reaper: reaped process 11287 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:38:04 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@overriderock='overriderockperm'}]}) 03:38:04 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="33000000190081ae08060c04000f000480207f03fe0400058701546f170009000800000000006596bc014e18bbdfede6efb408", 0x33}], 0x1, 0x0, 0x0, 0xf00}, 0x0) 03:38:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x50000000000, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c000000240007050000003225ed5408567c1abf", @ANYRES32=r2, @ANYBLOB="00000060ffffffff000000f20a000100636f64656c00fdff4b000200080005000000000008000200000000000800ffffffff0000080003200000000008000400000081000000000800010004000000a802040000000015cf000000000000e2ffa248c0b5"], 0x7c}}, 0x0) 03:38:04 executing program 3: msgctl$IPC_RMID(0x0, 0x204) 03:38:04 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="33000000190081ae08060c04000f000480207f03fe0400058701546f170009000800000000006596bc014e18bbdfede6efb408", 0x33}], 0x1, 0x0, 0x0, 0xf00}, 0x0) [ 1237.225804][ T2004] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.1'. 03:38:04 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x50000000000, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c000000240007050000003225ed5408567c1abf", @ANYRES32=r2, @ANYBLOB="00000060ffffffff000000f20a000100636f64656c00fdff4b000200080005000000000008000200000000000800ffffffff0000080003200000000008000400000081000000000800010004000000a802040000000015cf000000000000e2ffa248c0b5"], 0x7c}}, 0x0) [ 1237.259962][ T2005] ISOFS: Unable to identify CD-ROM format. [ 1237.289899][ T2010] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.1'. 03:38:04 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x17) 03:38:04 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@overriderock='overriderockperm'}]}) 03:38:04 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x9e14, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x5, 0x0, @loopback}, 0x1c) 03:38:04 executing program 3: msgctl$IPC_RMID(0x0, 0x204) 03:38:04 executing program 3: msgctl$IPC_RMID(0x0, 0x204) 03:38:04 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSFF(r0, 0x40304580, 0x0) [ 1237.475095][ T2018] ISOFS: Unable to identify CD-ROM format. 03:38:04 executing program 3: msgctl$IPC_RMID(0x0, 0x204) 03:38:04 executing program 2: r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) fstatfs(r0, &(0x7f0000000880)=""/4096) 03:38:04 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x9e14, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x5, 0x0, @loopback}, 0x1c) 03:38:04 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={[{@overriderock='overriderockperm'}]}) 03:38:04 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x9e14, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x5, 0x0, @loopback}, 0x1c) 03:38:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@mpls_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) 03:38:04 executing program 2: r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) fstatfs(r0, &(0x7f0000000880)=""/4096) 03:38:04 executing program 2: r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) fstatfs(r0, &(0x7f0000000880)=""/4096) 03:38:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@mpls_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) 03:38:04 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f00000003c0)=0x9e14, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x5, 0x0, @loopback}, 0x1c) 03:38:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@mpls_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) [ 1237.671393][ T2143] ISOFS: Unable to identify CD-ROM format. 03:38:04 executing program 2: r0 = memfd_create(&(0x7f000088f000)='b\n\x00', 0x4) fstatfs(r0, &(0x7f0000000880)=""/4096) 03:38:04 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="0002040000000000ff020000000000000000000000000001883bd2c4241abfced696d1aee1a0bfbef217bdb04a1665e75167b7a697f7d77f23c2686d2a133bc36f41bfaf0b598147c512bbc151e64f488471b045db3bd14c922a7a4f59175381717fdf33cb3e05000000d93b9462e1e2e4f2b75e4b15043094ff7d4080f9fe82553f06d200000000a8090000000000000063fbd77acace27139316e3d3168d8d728c525a11446f99429ba6b9d374e443b155e6c430c4947b89a8ceceb7d09bee03b2468971fe86c31bd9225a94d67e687766af741beb463db6f8b2855d7b5505853127b9392a444a17d62f5851329ef1ca93750a818bce6ee2dd3b1ea56490e13d22211999d469c5153fd87305c33b4b95726bb04d587fd3ffbdd685418112173a866b4643b2f23223ddd482c930722b660f95c6701f950105e7ad2ec2dc68b4145b5c8d4daa75b1e4cc8726467e1c1d207a262ff50bc325092fda4ec96d1789c30d6da56b9c13f5301629d9417142087c586216e774fad71631b7515e15e1a56d18be610eb70ee6f70447ff68050a36bb6b4f9d2fd88e09ad4b2b4ad70ec17f7c3732329a57bd9ff7c91b6a9a82bae58e2339f341eb66777f6a48cbc1ad82749833b4a45963e75b4e0f90923460ee40ecb054ec58eb9223bb40abbb928ac0822d122c9a8cd345632522104dd57d9160258023ee1871dc36eb85f1f2dd30d9b65e5e7cbde641463a028d75b8974b24dc54c29e959f970a76ced36cc3d4ace0871115f6db4d35479d2e35d210b67b6a1b5907b30f2e66a29d7f50deddefdb5a2ef98b3b3438e6b43b59448216c65cf00bf6a228e4131f99a665f30d075effa200392106daff6716ad37754bf4977d208b9ffddaa834637267e1ba493c4039cc37eed567fac965d8becf4d301af10abcf35a87b08937f6fa7917481f"], 0x18) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:38:04 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@mpls_getroute={0x1c, 0x1a, 0x1}, 0x1c}}, 0x0) 03:38:04 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:04 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000300)="390000001300030468fe0704000000000000ff3f03000000450001070000001419001a000a000a00050008000200000800005d14a4e91ee438", 0x39}], 0x1) 03:38:04 executing program 3: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000001500)=[{&(0x7f0000000100)="fec8", 0xffd6}], 0x1}, 0x0) 03:38:05 executing program 3: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000001500)=[{&(0x7f0000000100)="fec8", 0xffd6}], 0x1}, 0x0) 03:38:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000300)="390000001300030468fe0704000000000000ff3f03000000450001070000001419001a000a000a00050008000200000800005d14a4e91ee438", 0x39}], 0x1) 03:38:05 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000300)="390000001300030468fe0704000000000000ff3f03000000450001070000001419001a000a000a00050008000200000800005d14a4e91ee438", 0x39}], 0x1) 03:38:05 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:05 executing program 3: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000001500)=[{&(0x7f0000000100)="fec8", 0xffd6}], 0x1}, 0x0) 03:38:05 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="0002040000000000ff020000000000000000000000000001883bd2c4241abfced696d1aee1a0bfbef217bdb04a1665e75167b7a697f7d77f23c2686d2a133bc36f41bfaf0b598147c512bbc151e64f488471b045db3bd14c922a7a4f59175381717fdf33cb3e05000000d93b9462e1e2e4f2b75e4b15043094ff7d4080f9fe82553f06d200000000a8090000000000000063fbd77acace27139316e3d3168d8d728c525a11446f99429ba6b9d374e443b155e6c430c4947b89a8ceceb7d09bee03b2468971fe86c31bd9225a94d67e687766af741beb463db6f8b2855d7b5505853127b9392a444a17d62f5851329ef1ca93750a818bce6ee2dd3b1ea56490e13d22211999d469c5153fd87305c33b4b95726bb04d587fd3ffbdd685418112173a866b4643b2f23223ddd482c930722b660f95c6701f950105e7ad2ec2dc68b4145b5c8d4daa75b1e4cc8726467e1c1d207a262ff50bc325092fda4ec96d1789c30d6da56b9c13f5301629d9417142087c586216e774fad71631b7515e15e1a56d18be610eb70ee6f70447ff68050a36bb6b4f9d2fd88e09ad4b2b4ad70ec17f7c3732329a57bd9ff7c91b6a9a82bae58e2339f341eb66777f6a48cbc1ad82749833b4a45963e75b4e0f90923460ee40ecb054ec58eb9223bb40abbb928ac0822d122c9a8cd345632522104dd57d9160258023ee1871dc36eb85f1f2dd30d9b65e5e7cbde641463a028d75b8974b24dc54c29e959f970a76ced36cc3d4ace0871115f6db4d35479d2e35d210b67b6a1b5907b30f2e66a29d7f50deddefdb5a2ef98b3b3438e6b43b59448216c65cf00bf6a228e4131f99a665f30d075effa200392106daff6716ad37754bf4977d208b9ffddaa834637267e1ba493c4039cc37eed567fac965d8becf4d301af10abcf35a87b08937f6fa7917481f"], 0x18) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:38:05 executing program 3: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000001500)=[{&(0x7f0000000100)="fec8", 0xffd6}], 0x1}, 0x0) 03:38:06 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000300)="390000001300030468fe0704000000000000ff3f03000000450001070000001419001a000a000a00050008000200000800005d14a4e91ee438", 0x39}], 0x1) 03:38:06 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:06 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:06 executing program 3: unshare(0x20600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fe1000)={0x5, 0x83, 0x80, 0xf}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000fed000)={0x7, 0x9, &(0x7f00000000c0)=@framed={{}, [@map={0x18, 0x0, 0x2, 0x0, r0}, @map, @map]}, &(0x7f0000919ff6)='syzkaller\x00', 0x0, 0xe1, &(0x7f0000000000)=""/225}, 0x14) 03:38:06 executing program 0: wait4(0x0, 0x0, 0x4244e4ad53f14051, 0x0) 03:38:06 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) creat(&(0x7f0000000140)='./bus\x00', 0x0) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) 03:38:06 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="0002040000000000ff020000000000000000000000000001883bd2c4241abfced696d1aee1a0bfbef217bdb04a1665e75167b7a697f7d77f23c2686d2a133bc36f41bfaf0b598147c512bbc151e64f488471b045db3bd14c922a7a4f59175381717fdf33cb3e05000000d93b9462e1e2e4f2b75e4b15043094ff7d4080f9fe82553f06d200000000a8090000000000000063fbd77acace27139316e3d3168d8d728c525a11446f99429ba6b9d374e443b155e6c430c4947b89a8ceceb7d09bee03b2468971fe86c31bd9225a94d67e687766af741beb463db6f8b2855d7b5505853127b9392a444a17d62f5851329ef1ca93750a818bce6ee2dd3b1ea56490e13d22211999d469c5153fd87305c33b4b95726bb04d587fd3ffbdd685418112173a866b4643b2f23223ddd482c930722b660f95c6701f950105e7ad2ec2dc68b4145b5c8d4daa75b1e4cc8726467e1c1d207a262ff50bc325092fda4ec96d1789c30d6da56b9c13f5301629d9417142087c586216e774fad71631b7515e15e1a56d18be610eb70ee6f70447ff68050a36bb6b4f9d2fd88e09ad4b2b4ad70ec17f7c3732329a57bd9ff7c91b6a9a82bae58e2339f341eb66777f6a48cbc1ad82749833b4a45963e75b4e0f90923460ee40ecb054ec58eb9223bb40abbb928ac0822d122c9a8cd345632522104dd57d9160258023ee1871dc36eb85f1f2dd30d9b65e5e7cbde641463a028d75b8974b24dc54c29e959f970a76ced36cc3d4ace0871115f6db4d35479d2e35d210b67b6a1b5907b30f2e66a29d7f50deddefdb5a2ef98b3b3438e6b43b59448216c65cf00bf6a228e4131f99a665f30d075effa200392106daff6716ad37754bf4977d208b9ffddaa834637267e1ba493c4039cc37eed567fac965d8becf4d301af10abcf35a87b08937f6fa7917481f"], 0x18) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:38:06 executing program 3: unshare(0x20600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fe1000)={0x5, 0x83, 0x80, 0xf}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000fed000)={0x7, 0x9, &(0x7f00000000c0)=@framed={{}, [@map={0x18, 0x0, 0x2, 0x0, r0}, @map, @map]}, &(0x7f0000919ff6)='syzkaller\x00', 0x0, 0xe1, &(0x7f0000000000)=""/225}, 0x14) 03:38:06 executing program 0: wait4(0x0, 0x0, 0x4244e4ad53f14051, 0x0) 03:38:06 executing program 0: wait4(0x0, 0x0, 0x4244e4ad53f14051, 0x0) 03:38:06 executing program 3: unshare(0x20600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fe1000)={0x5, 0x83, 0x80, 0xf}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000fed000)={0x7, 0x9, &(0x7f00000000c0)=@framed={{}, [@map={0x18, 0x0, 0x2, 0x0, r0}, @map, @map]}, &(0x7f0000919ff6)='syzkaller\x00', 0x0, 0xe1, &(0x7f0000000000)=""/225}, 0x14) 03:38:06 executing program 0: wait4(0x0, 0x0, 0x4244e4ad53f14051, 0x0) 03:38:06 executing program 3: unshare(0x20600) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000fe1000)={0x5, 0x83, 0x80, 0xf}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000fed000)={0x7, 0x9, &(0x7f00000000c0)=@framed={{}, [@map={0x18, 0x0, 0x2, 0x0, r0}, @map, @map]}, &(0x7f0000919ff6)='syzkaller\x00', 0x0, 0xe1, &(0x7f0000000000)=""/225}, 0x14) 03:38:06 executing program 2: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@disable_sparse_no='disable_sparse=no'}, {@case_sensitive_no='case_sensitive=no'}, {@errors_continue='errors=continue'}]}) [ 1239.779231][ T2314] ntfs: (device loop2): parse_options(): Unrecognized mount option . [ 1239.863835][ T2314] ntfs: (device loop2): parse_options(): Unrecognized mount option . 03:38:07 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000000800)=ANY=[@ANYBLOB="0002040000000000ff020000000000000000000000000001883bd2c4241abfced696d1aee1a0bfbef217bdb04a1665e75167b7a697f7d77f23c2686d2a133bc36f41bfaf0b598147c512bbc151e64f488471b045db3bd14c922a7a4f59175381717fdf33cb3e05000000d93b9462e1e2e4f2b75e4b15043094ff7d4080f9fe82553f06d200000000a8090000000000000063fbd77acace27139316e3d3168d8d728c525a11446f99429ba6b9d374e443b155e6c430c4947b89a8ceceb7d09bee03b2468971fe86c31bd9225a94d67e687766af741beb463db6f8b2855d7b5505853127b9392a444a17d62f5851329ef1ca93750a818bce6ee2dd3b1ea56490e13d22211999d469c5153fd87305c33b4b95726bb04d587fd3ffbdd685418112173a866b4643b2f23223ddd482c930722b660f95c6701f950105e7ad2ec2dc68b4145b5c8d4daa75b1e4cc8726467e1c1d207a262ff50bc325092fda4ec96d1789c30d6da56b9c13f5301629d9417142087c586216e774fad71631b7515e15e1a56d18be610eb70ee6f70447ff68050a36bb6b4f9d2fd88e09ad4b2b4ad70ec17f7c3732329a57bd9ff7c91b6a9a82bae58e2339f341eb66777f6a48cbc1ad82749833b4a45963e75b4e0f90923460ee40ecb054ec58eb9223bb40abbb928ac0822d122c9a8cd345632522104dd57d9160258023ee1871dc36eb85f1f2dd30d9b65e5e7cbde641463a028d75b8974b24dc54c29e959f970a76ced36cc3d4ace0871115f6db4d35479d2e35d210b67b6a1b5907b30f2e66a29d7f50deddefdb5a2ef98b3b3438e6b43b59448216c65cf00bf6a228e4131f99a665f30d075effa200392106daff6716ad37754bf4977d208b9ffddaa834637267e1ba493c4039cc37eed567fac965d8becf4d301af10abcf35a87b08937f6fa7917481f"], 0x18) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @loopback}, 0x1c) 03:38:07 executing program 3: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) 03:38:07 executing program 2: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@disable_sparse_no='disable_sparse=no'}, {@case_sensitive_no='case_sensitive=no'}, {@errors_continue='errors=continue'}]}) 03:38:07 executing program 0: syz_emit_ethernet(0x5e, &(0x7f00000002c0)={@link_local={0x1, 0x80, 0xc2, 0x4888, 0x5800f000}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x28, 0x29, 0x0, @remote, @mcast2, {[], @icmpv6=@ndisc_redir={0x89, 0x0, 0x0, [], @initdev={0xfe, 0x88, [], 0x0, 0x0}, @rand_addr="99f7ee1e4ed8133620c551778a0102a6"}}}}}}, 0x0) 03:38:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x10}]}, 0x30}}, 0x0) [ 1240.553458][ T2329] ntfs: (device loop2): parse_options(): Unrecognized mount option . 03:38:07 executing program 3: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) 03:38:07 executing program 2: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@disable_sparse_no='disable_sparse=no'}, {@case_sensitive_no='case_sensitive=no'}, {@errors_continue='errors=continue'}]}) [ 1240.581491][ T2334] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 1240.612484][ T2334] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1240.644054][ T2334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1240.656187][ T2334] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 03:38:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x10}]}, 0x30}}, 0x0) [ 1240.748269][ T2339] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 1240.800235][ T2339] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1240.819788][ T2339] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1240.831109][ T2339] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1240.833629][ T2341] ntfs: (device loop2): parse_options(): Unrecognized mount option . [ 1241.035840][ T2337] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1241.086538][ T2337] CPU: 0 PID: 2337 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1241.096194][ T2337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1241.096194][ T2337] Call Trace: [ 1241.096194][ T2337] dump_stack+0x197/0x210 [ 1241.096194][ T2337] dump_header+0x10b/0x82d [ 1241.096194][ T2337] ? oom_kill_process+0x94/0x420 [ 1241.096194][ T2337] oom_kill_process.cold+0x10/0x15 [ 1241.096194][ T2337] out_of_memory+0x334/0x13c0 [ 1241.096194][ T2337] ? oom_killer_disable+0x280/0x280 [ 1241.096194][ T2337] ? mutex_trylock+0x264/0x2f0 [ 1241.096194][ T2337] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1241.096194][ T2337] __alloc_pages_slowpath+0x222b/0x2920 03:38:08 executing program 3: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) [ 1241.096194][ T2337] ? warn_alloc+0x110/0x110 03:38:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x10}]}, 0x30}}, 0x0) [ 1241.096194][ T2337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1241.366289][ T2347] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 1241.096194][ T2337] ? should_fail+0x1de/0x852 03:38:08 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x19, 0x0, 0x0) [ 1241.096194][ T2337] ? __kasan_check_read+0x11/0x20 [ 1241.096194][ T2337] __alloc_pages_nodemask+0x646/0x910 [ 1241.096194][ T2337] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1241.096194][ T2337] ? find_held_lock+0x130/0x130 [ 1241.096194][ T2337] ? find_held_lock+0x35/0x130 [ 1241.096194][ T2337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:38:08 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x19, 0x0, 0x0) [ 1241.096194][ T2337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1241.096194][ T2337] alloc_pages_vma+0xdd/0x620 [ 1241.096194][ T2337] wp_page_copy+0xb6e/0x1560 [ 1241.096194][ T2337] ? find_held_lock+0x35/0x130 [ 1241.096194][ T2337] ? follow_pfn+0x2a0/0x2a0 [ 1241.096194][ T2337] ? lock_downgrade+0x920/0x920 [ 1241.096194][ T2337] ? vm_normal_page+0x15d/0x3c0 [ 1241.096194][ T2337] ? __pte_alloc_kernel+0x210/0x210 03:38:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0x10}]}, 0x30}}, 0x0) [ 1241.096194][ T2337] ? do_raw_spin_unlock+0x178/0x270 [ 1241.096194][ T2337] do_wp_page+0x543/0x1540 03:38:08 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x19, 0x0, 0x0) [ 1241.096194][ T2337] ? do_raw_spin_lock+0x12a/0x2e0 [ 1241.096194][ T2337] ? lock_acquire+0x190/0x410 [ 1241.096194][ T2337] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1241.096194][ T2337] ? fault_around_bytes_set+0xa0/0xa0 [ 1241.096194][ T2337] __handle_mm_fault+0x327b/0x3da0 [ 1241.096194][ T2337] ? vm_iomap_memory+0x1a0/0x1a0 [ 1241.096194][ T2337] ? handle_mm_fault+0x292/0xa50 [ 1241.096194][ T2337] ? handle_mm_fault+0x7a0/0xa50 [ 1241.096194][ T2337] ? __kasan_check_read+0x11/0x20 [ 1241.096194][ T2337] handle_mm_fault+0x3b2/0xa50 [ 1241.096194][ T2337] __do_page_fault+0x536/0xd80 [ 1241.096194][ T2337] do_page_fault+0x38/0x590 [ 1241.096194][ T2337] do_async_page_fault+0x30/0xa0 [ 1241.096194][ T2337] async_page_fault+0x39/0x40 [ 1241.096194][ T2337] RIP: 0023:0x8055390 [ 1241.096194][ T2337] Code: 5c f8 0c 89 c8 89 da 05 00 00 00 80 83 d2 00 83 fa 00 0f 87 d2 fe ff ff 3d ff ff ff 7e 0f 86 5d ff ff ff e9 c2 fe ff ff 66 90 <89> 04 9e eb ae 8b 74 24 1c c1 e3 03 89 f0 01 d8 39 c6 89 c7 89 44 [ 1241.096194][ T2337] RSP: 002b:00000000ffcb54b0 EFLAGS: 00010246 [ 1241.096194][ T2337] RAX: 00000000817ac479 RBX: 0000000000000479 RCX: 0000000000000000 [ 1241.096194][ T2337] RDX: 00000000817ac479 RSI: 0000000008150000 RDI: 0000000000000000 [ 1241.096194][ T2337] RBP: 00000000817ac47d R08: 0000000000000000 R09: 0000000000000000 [ 1241.096194][ T2337] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1241.096194][ T2337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1241.381001][ T2337] Mem-Info: [ 1241.397670][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1241.411847][ T2337] active_anon:42968 inactive_anon:234 isolated_anon:0 [ 1241.411847][ T2337] active_file:2877 inactive_file:17969 isolated_file:0 [ 1241.411847][ T2337] unevictable:0 dirty:19 writeback:0 unstable:0 [ 1241.411847][ T2337] slab_reclaimable:15657 slab_unreclaimable:60053 [ 1241.411847][ T2337] mapped:39893 shmem:307 pagetables:2701 bounce:0 [ 1241.411847][ T2337] free:145687 free_pcp:237 free_cma:0 [ 1241.419203][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1241.442603][ T2337] Node 0 active_anon:137120kB inactive_anon:896kB active_file:0kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:4kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1241.456111][ T2347] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1241.476356][ T2337] Node 0 DMA free:2832kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:296kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:192kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1241.553526][ T2353] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 1241.560536][ T2337] lowmem_reserve[]: 0 532 532 532 532 [ 1241.560553][ T2337] Node 0 DMA32 free:24380kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136852kB inactive_anon:896kB active_file:4kB inactive_file:24kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9196kB pagetables:4892kB bounce:0kB free_pcp:336kB local_pcp:0kB free_cma:0kB [ 1241.560574][ T2337] lowmem_reserve[]: 0 0 0 0 0 [ 1241.560586][ T2337] Node 0 DMA: 4*4kB (UME) 18*8kB (U) 14*16kB (UME) 11*32kB (UME) 5*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2848kB [ 1241.560629][ T2337] Node 0 DMA32: 1097*4kB (UME) 412*8kB (UME) 312*16kB (UME) 103*32kB (UME) 36*64kB (UME) 19*128kB (UME) 10*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23780kB [ 1241.560703][ T2337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1241.570617][ T2353] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1241.574500][ T2337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1241.589502][ T2353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1241.601870][ T2337] 13530 total pagecache pages [ 1241.601931][ T2337] 0 pages in swap cache [ 1241.601937][ T2337] Swap cache stats: add 0, delete 0, find 0/0 [ 1241.601941][ T2337] Free swap = 0kB [ 1241.601945][ T2337] Total swap = 0kB [ 1241.601950][ T2337] 524155 pages RAM [ 1241.601954][ T2337] 0 pages HighMem/MovableOnly [ 1241.601957][ T2337] 141707 pages reserved [ 1241.601961][ T2337] 0 pages cma reserved [ 1241.601972][ T2337] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14647,uid=0 [ 1241.602194][ T2337] Out of memory: Killed process 14647 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1241.615134][ T2353] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1241.622500][ T1129] oom_reaper: reaped process 14647 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1241.702685][ T2337] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1242.189344][ T2337] CPU: 2 PID: 2337 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1242.203239][ T2337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1242.203239][ T2337] Call Trace: [ 1242.203239][ T2337] dump_stack+0x197/0x210 [ 1242.203239][ T2337] dump_header+0x10b/0x82d [ 1242.203239][ T2337] ? oom_kill_process+0x94/0x420 [ 1242.203239][ T2337] oom_kill_process.cold+0x10/0x15 [ 1242.203239][ T2337] out_of_memory+0x334/0x13c0 [ 1242.203239][ T2337] ? oom_killer_disable+0x280/0x280 [ 1242.203239][ T2337] ? mutex_trylock+0x264/0x2f0 [ 1242.203239][ T2337] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1242.203239][ T2337] __alloc_pages_slowpath+0x222b/0x2920 [ 1242.203239][ T2337] ? warn_alloc+0x110/0x110 [ 1242.203239][ T2337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1242.203239][ T2337] ? should_fail+0x1de/0x852 [ 1242.203239][ T2337] ? __kasan_check_read+0x11/0x20 [ 1242.203239][ T2337] __alloc_pages_nodemask+0x646/0x910 [ 1242.203239][ T2337] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1242.203239][ T2337] ? find_held_lock+0x130/0x130 [ 1242.203239][ T2337] ? find_held_lock+0x35/0x130 [ 1242.203239][ T2337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1242.203239][ T2337] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1242.203239][ T2337] alloc_pages_vma+0xdd/0x620 [ 1242.203239][ T2337] wp_page_copy+0xb6e/0x1560 [ 1242.203239][ T2337] ? find_held_lock+0x35/0x130 [ 1242.203239][ T2337] ? follow_pfn+0x2a0/0x2a0 [ 1242.203239][ T2337] ? lock_downgrade+0x920/0x920 [ 1242.203239][ T2337] ? vm_normal_page+0x15d/0x3c0 [ 1242.203239][ T2337] ? __pte_alloc_kernel+0x210/0x210 [ 1242.203239][ T2337] ? do_raw_spin_unlock+0x178/0x270 [ 1242.203239][ T2337] do_wp_page+0x543/0x1540 [ 1242.203239][ T2337] ? do_raw_spin_lock+0x12a/0x2e0 [ 1242.203239][ T2337] ? lock_acquire+0x190/0x410 [ 1242.203239][ T2337] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1242.203239][ T2337] ? fault_around_bytes_set+0xa0/0xa0 [ 1242.203239][ T2337] __handle_mm_fault+0x327b/0x3da0 [ 1242.203239][ T2337] ? vm_iomap_memory+0x1a0/0x1a0 [ 1242.203239][ T2337] ? handle_mm_fault+0x292/0xa50 [ 1242.203239][ T2337] ? handle_mm_fault+0x7a0/0xa50 [ 1242.203239][ T2337] ? __kasan_check_read+0x11/0x20 [ 1242.203239][ T2337] handle_mm_fault+0x3b2/0xa50 [ 1242.203239][ T2337] __do_page_fault+0x536/0xd80 [ 1242.203239][ T2337] do_page_fault+0x38/0x590 [ 1242.203239][ T2337] do_async_page_fault+0x30/0xa0 [ 1242.203239][ T2337] async_page_fault+0x39/0x40 [ 1242.203239][ T2337] RIP: 0023:0x8055390 [ 1242.203239][ T2337] Code: 5c f8 0c 89 c8 89 da 05 00 00 00 80 83 d2 00 83 fa 00 0f 87 d2 fe ff ff 3d ff ff ff 7e 0f 86 5d ff ff ff e9 c2 fe ff ff 66 90 <89> 04 9e eb ae 8b 74 24 1c c1 e3 03 89 f0 01 d8 39 c6 89 c7 89 44 [ 1242.203239][ T2337] RSP: 002b:00000000ffcb54b0 EFLAGS: 00010246 [ 1242.203239][ T2337] RAX: 00000000817ac479 RBX: 0000000000000479 RCX: 0000000000000000 [ 1242.203239][ T2337] RDX: 00000000817ac479 RSI: 0000000008150000 RDI: 0000000000000000 [ 1242.203239][ T2337] RBP: 00000000817ac47d R08: 0000000000000000 R09: 0000000000000000 [ 1242.203239][ T2337] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1242.203239][ T2337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1242.633703][ T2337] Mem-Info: [ 1242.637943][ T2337] active_anon:42958 inactive_anon:233 isolated_anon:0 [ 1242.637943][ T2337] active_file:2877 inactive_file:17977 isolated_file:0 [ 1242.637943][ T2337] unevictable:0 dirty:9 writeback:0 unstable:0 [ 1242.637943][ T2337] slab_reclaimable:15660 slab_unreclaimable:59492 [ 1242.637943][ T2337] mapped:39890 shmem:307 pagetables:2612 bounce:0 [ 1242.637943][ T2337] free:146628 free_pcp:153 free_cma:0 [ 1242.682569][ T2337] Node 0 active_anon:137120kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1242.718540][ T2337] Node 0 DMA free:3056kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:160kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1242.761606][ T2337] lowmem_reserve[]: 0 532 532 532 532 [ 1242.768814][ T2337] Node 0 DMA32 free:24496kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136852kB inactive_anon:896kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9136kB pagetables:4892kB bounce:0kB free_pcp:612kB local_pcp:220kB free_cma:0kB [ 1242.804228][ T2337] lowmem_reserve[]: 0 0 0 0 0 [ 1242.811355][ T2337] Node 0 DMA: 5*4kB (UE) 23*8kB (UM) 15*16kB (UME) 11*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2972kB [ 1242.829280][ T2337] Node 0 DMA32: 1004*4kB (UME) 527*8kB (UME) 308*16kB (UME) 107*32kB (UME) 36*64kB (UME) 19*128kB (UME) 10*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 24392kB [ 1242.850350][ T2337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1242.862756][ T2337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1242.877066][ T2337] 13532 total pagecache pages [ 1242.882578][ T2337] 0 pages in swap cache [ 1242.887228][ T2337] Swap cache stats: add 0, delete 0, find 0/0 [ 1242.894569][ T2337] Free swap = 0kB [ 1242.899187][ T2337] Total swap = 0kB [ 1242.903379][ T2337] 524155 pages RAM [ 1242.907633][ T2337] 0 pages HighMem/MovableOnly [ 1242.912814][ T2337] 141707 pages reserved [ 1242.918420][ T2337] 0 pages cma reserved [ 1242.923055][ T2337] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14629,uid=0 [ 1242.941332][ T2337] Out of memory: Killed process 14629 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 03:38:10 executing program 2: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={[{@nls={'nls', 0x3d, 'macinuit'}}, {@disable_sparse_no='disable_sparse=no'}, {@case_sensitive_no='case_sensitive=no'}, {@errors_continue='errors=continue'}]}) 03:38:10 executing program 3: r0 = socket$inet(0x2, 0x80001, 0x84) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) 03:38:10 executing program 1: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x19, 0x0, 0x0) 03:38:10 executing program 0: r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r1) socket$key(0xf, 0x3, 0x2) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, 0x0) 03:38:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'veth0_to_hsr\x00', &(0x7f00000001c0)=@ethtool_coalesce={0x13}}) 03:38:10 executing program 0: r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r1) socket$key(0xf, 0x3, 0x2) 03:38:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'veth0_to_hsr\x00', &(0x7f00000001c0)=@ethtool_coalesce={0x13}}) [ 1243.068723][ T2368] ntfs: (device loop2): parse_options(): Unrecognized mount option . 03:38:10 executing program 0: r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r1) socket$key(0xf, 0x3, 0x2) 03:38:10 executing program 0: r0 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xa) setreuid(0x0, r1) socket$key(0xf, 0x3, 0x2) 03:38:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'veth0_to_hsr\x00', &(0x7f00000001c0)=@ethtool_coalesce={0x13}}) 03:38:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000240)={'veth0_to_hsr\x00', &(0x7f00000001c0)=@ethtool_coalesce={0x13}}) 03:38:10 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x40003) 03:38:10 executing program 0: syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip6_tables_names\x00') syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, 0x0) 03:38:10 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) rmdir(&(0x7f00000000c0)='./file0\x00') 03:38:10 executing program 2: r0 = socket$kcm(0x2, 0x2, 0x73) close(r0) 03:38:10 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) 03:38:10 executing program 2: r0 = socket$kcm(0x2, 0x2, 0x73) close(r0) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, 0x0) 03:38:10 executing program 2: r0 = socket$kcm(0x2, 0x2, 0x73) close(r0) 03:38:10 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x0, 0x0, 0x8000, 0x0) [ 1243.767832][ T2407] EXT4-fs (loop0): VFS: Can't find ext4 filesystem 03:38:11 executing program 0: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000140)="1f0000000104fffffd3b54c007110000f30501000b000600000000000300cf", 0x52) 03:38:11 executing program 2: r0 = socket$kcm(0x2, 0x2, 0x73) close(r0) 03:38:11 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) write$FUSE_INTERRUPT(r2, &(0x7f0000000000)={0x10}, 0x10) ioctl$TCXONC(r2, 0x540a, 0x1) [ 1243.960296][ T2463] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1243.986974][ T2463] netlink: 'syz-executor.0': attribute type 6 has an invalid length. [ 1244.007346][ T2463] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1244.022000][ T2533] netlink: 'syz-executor.0': attribute type 6 has an invalid length. 03:38:11 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000600010005010d4da5921d7518001000003f"], 0x16) close(r2) socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 03:38:11 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4, "8e761b12"}, &(0x7f0000000100)=0x28) 03:38:11 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) 03:38:11 executing program 0: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000140)="1f0000000104fffffd3b54c007110000f30501000b000600000000000300cf", 0x52) [ 1244.407083][ T2541] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:11 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4, "8e761b12"}, &(0x7f0000000100)=0x28) [ 1244.420032][ T2541] netlink: 'syz-executor.0': attribute type 6 has an invalid length. 03:38:11 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000600010005010d4da5921d7518001000003f"], 0x16) close(r2) socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 03:38:11 executing program 0: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000140)="1f0000000104fffffd3b54c007110000f30501000b000600000000000300cf", 0x52) 03:38:11 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4, "8e761b12"}, &(0x7f0000000100)=0x28) 03:38:11 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000600010005010d4da5921d7518001000003f"], 0x16) close(r2) socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1244.463588][ T2552] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. 03:38:11 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4, "8e761b12"}, &(0x7f0000000100)=0x28) [ 1244.476019][ T2552] netlink: 'syz-executor.0': attribute type 6 has an invalid length. 03:38:12 executing program 0: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000594000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f0000000140)="1f0000000104fffffd3b54c007110000f30501000b000600000000000300cf", 0x52) 03:38:12 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) 03:38:12 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) 03:38:12 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400ad", 0x7}], 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000600010005010d4da5921d7518001000003f"], 0x16) close(r2) socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0xfef0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1245.256651][ T2567] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 1245.274971][ T2567] netlink: 'syz-executor.0': attribute type 6 has an invalid length. [ 1245.324594][ T2557] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:38:12 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x3f, 0x6d, 0x2, 0x0, 0x0}, 0x26) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000200), &(0x7f0000000180)}, 0x20) [ 1245.338906][ T2557] CPU: 0 PID: 2557 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1245.348386][ T2557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1245.364790][ T2557] Call Trace: [ 1245.364790][ T2557] dump_stack+0x197/0x210 [ 1245.364790][ T2557] dump_header+0x10b/0x82d [ 1245.364790][ T2557] ? oom_kill_process+0x94/0x420 [ 1245.364790][ T2557] oom_kill_process.cold+0x10/0x15 [ 1245.392385][ T2557] out_of_memory+0x334/0x13c0 [ 1245.392385][ T2557] ? oom_killer_disable+0x280/0x280 [ 1245.392385][ T2557] ? mutex_trylock+0x264/0x2f0 [ 1245.392385][ T2557] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1245.392385][ T2557] __alloc_pages_slowpath+0x222b/0x2920 [ 1245.392385][ T2557] ? warn_alloc+0x110/0x110 [ 1245.392385][ T2557] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1245.392385][ T2557] ? should_fail+0x1de/0x852 [ 1245.445402][ T2557] ? __kasan_check_read+0x11/0x20 [ 1245.445402][ T2557] __alloc_pages_nodemask+0x646/0x910 03:38:12 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x3f, 0x6d, 0x2, 0x0, 0x0}, 0x26) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000200), &(0x7f0000000180)}, 0x20) 03:38:12 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) 03:38:12 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x3f, 0x6d, 0x2, 0x0, 0x0}, 0x26) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000200), &(0x7f0000000180)}, 0x20) 03:38:12 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x3f, 0x6d, 0x2, 0x0, 0x0}, 0x26) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, &(0x7f0000000200), &(0x7f0000000180)}, 0x20) 03:38:12 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) [ 1245.445402][ T2557] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1245.466610][ T2557] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1245.472323][ T2557] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1245.474716][ T2557] alloc_pages_vma+0xdd/0x620 [ 1245.484726][ T2557] wp_page_copy+0x226/0x1560 [ 1245.485613][ T2557] ? find_held_lock+0x35/0x130 [ 1245.494769][ T2557] ? follow_pfn+0x2a0/0x2a0 [ 1245.499893][ T2557] ? lock_downgrade+0x920/0x920 [ 1245.505311][ T2557] ? swp_swapcount+0x540/0x540 [ 1245.510164][ T2557] ? do_raw_spin_unlock+0x178/0x270 [ 1245.515930][ T2557] do_wp_page+0x543/0x1540 [ 1245.520491][ T2557] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1245.526264][ T2557] __handle_mm_fault+0x327b/0x3da0 [ 1245.532137][ T2557] ? vm_iomap_memory+0x1a0/0x1a0 [ 1245.537860][ T2557] ? handle_mm_fault+0x292/0xa50 [ 1245.543558][ T2557] ? handle_mm_fault+0x7a0/0xa50 [ 1245.549418][ T2557] ? __kasan_check_read+0x11/0x20 [ 1245.554724][ T2557] handle_mm_fault+0x3b2/0xa50 [ 1245.559757][ T2557] __do_page_fault+0x536/0xd80 [ 1245.564840][ T2557] do_page_fault+0x38/0x590 [ 1245.570050][ T2557] do_async_page_fault+0x30/0xa0 [ 1245.575027][ T2557] async_page_fault+0x39/0x40 [ 1245.580440][ T2557] RIP: 0010:__put_user_4+0x1c/0x30 [ 1245.587496][ T2557] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1245.610712][ T2557] RSP: 0018:ffffc900076dff30 EFLAGS: 00050293 [ 1245.617656][ T2557] RAX: 0000000000007d7e RBX: 00007fffffffeffd RCX: 0000000008873968 [ 1245.625662][ T2557] RDX: dffffc0000000000 RSI: 1ffff1100558a2d3 RDI: ffff88802ac513b0 [ 1245.633680][ T2557] RBP: ffffc900076dff48 R08: 0000000000000001 R09: ffff88802ac51690 [ 1245.643070][ T2557] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1245.652256][ T2557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1245.664200][ T2557] ? schedule_tail+0xd8/0x130 [ 1245.670210][ T2557] ret_from_fork+0x8/0x30 [ 1245.676142][ T2557] RIP: 0023:0xf7f59a39 [ 1245.680720][ T2557] Code: Bad RIP value. [ 1245.685355][ T2557] RSP: 002b:00000000ffcb56e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1245.694763][ T2557] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1245.702966][ T2557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008873968 [ 1245.708786][ T2557] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1245.714936][ T2557] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1245.725200][ T2557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1245.738962][ T2557] Mem-Info: [ 1245.743087][ T2557] active_anon:42948 inactive_anon:233 isolated_anon:0 [ 1245.743087][ T2557] active_file:2880 inactive_file:21033 isolated_file:0 [ 1245.743087][ T2557] unevictable:0 dirty:28 writeback:0 unstable:0 [ 1245.743087][ T2557] slab_reclaimable:15681 slab_unreclaimable:60598 [ 1245.743087][ T2557] mapped:39890 shmem:307 pagetables:2550 bounce:0 [ 1245.743087][ T2557] free:142189 free_pcp:30 free_cma:0 [ 1245.789771][ T2557] Node 0 active_anon:137064kB inactive_anon:896kB active_file:12kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1245.823293][ T2557] Node 0 DMA free:2872kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:196kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1245.857566][ T2557] lowmem_reserve[]: 0 532 532 532 532 [ 1245.863789][ T2557] Node 0 DMA32 free:24016kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136796kB inactive_anon:896kB active_file:12kB inactive_file:12kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9164kB pagetables:4880kB bounce:0kB free_pcp:412kB local_pcp:0kB free_cma:0kB [ 1245.899150][ T2557] lowmem_reserve[]: 0 0 0 0 0 [ 1245.905322][ T2557] Node 0 DMA: 0*4kB 18*8kB (UM) 13*16kB (UME) 11*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2880kB [ 1245.927958][ T2557] Node 0 DMA32: 866*4kB (UME) 483*8kB (UME) 269*16kB (UME) 115*32kB (UME) 45*64kB (UME) 19*128kB (UME) 10*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23696kB [ 1245.952055][ T2557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1245.964465][ T2557] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1245.976592][ T2557] 16597 total pagecache pages [ 1245.981867][ T2557] 0 pages in swap cache [ 1245.987163][ T2557] Swap cache stats: add 0, delete 0, find 0/0 [ 1245.996390][ T2557] Free swap = 0kB [ 1246.000679][ T2557] Total swap = 0kB [ 1246.005352][ T2557] 524155 pages RAM [ 1246.009509][ T2557] 0 pages HighMem/MovableOnly [ 1246.015230][ T2557] 141707 pages reserved [ 1246.020402][ T2557] 0 pages cma reserved [ 1246.025141][ T2557] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14614,uid=0 [ 1246.043503][ T2557] Out of memory: Killed process 14614 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1246.063273][ T1129] oom_reaper: reaped process 14614 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1246.184453][ T2557] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1246.197562][ T2557] CPU: 1 PID: 2557 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1246.207377][ T2557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1246.207377][ T2557] Call Trace: [ 1246.207377][ T2557] dump_stack+0x197/0x210 [ 1246.207377][ T2557] dump_header+0x10b/0x82d [ 1246.207377][ T2557] ? oom_kill_process+0x94/0x420 [ 1246.207377][ T2557] oom_kill_process.cold+0x10/0x15 [ 1246.207377][ T2557] out_of_memory+0x334/0x13c0 [ 1246.207377][ T2557] ? oom_killer_disable+0x280/0x280 [ 1246.207377][ T2557] ? mutex_trylock+0x264/0x2f0 [ 1246.207377][ T2557] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1246.207377][ T2557] __alloc_pages_slowpath+0x222b/0x2920 [ 1246.207377][ T2557] ? warn_alloc+0x110/0x110 [ 1246.207377][ T2557] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1246.207377][ T2557] ? should_fail+0x1de/0x852 [ 1246.207377][ T2557] ? __kasan_check_read+0x11/0x20 [ 1246.207377][ T2557] __alloc_pages_nodemask+0x646/0x910 [ 1246.207377][ T2557] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1246.207377][ T2557] ? alloc_set_pte+0xc12/0x1800 [ 1246.207377][ T2557] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1246.207377][ T2557] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1246.207377][ T2557] alloc_pages_vma+0xdd/0x620 [ 1246.207377][ T2557] wp_page_copy+0x226/0x1560 [ 1246.207377][ T2557] ? find_held_lock+0x35/0x130 [ 1246.207377][ T2557] ? follow_pfn+0x2a0/0x2a0 [ 1246.207377][ T2557] ? lock_downgrade+0x920/0x920 [ 1246.207377][ T2557] ? swp_swapcount+0x540/0x540 [ 1246.207377][ T2557] ? do_raw_spin_unlock+0x178/0x270 [ 1246.207377][ T2557] do_wp_page+0x543/0x1540 [ 1246.207377][ T2557] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1246.207377][ T2557] __handle_mm_fault+0x327b/0x3da0 [ 1246.207377][ T2557] ? vm_iomap_memory+0x1a0/0x1a0 [ 1246.207377][ T2557] ? handle_mm_fault+0x292/0xa50 [ 1246.207377][ T2557] ? handle_mm_fault+0x7a0/0xa50 [ 1246.207377][ T2557] ? __kasan_check_read+0x11/0x20 [ 1246.207377][ T2557] handle_mm_fault+0x3b2/0xa50 [ 1246.207377][ T2557] __do_page_fault+0x536/0xd80 [ 1246.207377][ T2557] do_page_fault+0x38/0x590 [ 1246.207377][ T2557] do_async_page_fault+0x30/0xa0 [ 1246.207377][ T2557] async_page_fault+0x39/0x40 [ 1246.207377][ T2557] RIP: 0023:0x8052e2e [ 1246.207377][ T2557] Code: 8b 00 85 c0 0f 85 4a 01 00 00 83 c5 01 83 c7 70 83 fd 10 75 cc 83 ec 0c 8b 44 24 18 8d 80 10 c6 fa ff 50 e8 64 74 ff ff 89 f8 47 f8 01 89 6f f4 c6 47 11 00 c7 47 fc 00 00 00 00 c7 07 00 00 [ 1246.207377][ T2557] RSP: 002b:00000000ffcb5570 EFLAGS: 00010246 [ 1246.207377][ T2557] RAX: 000000000815af6c RBX: 0000000000000001 RCX: 00000000ffcb56d8 [ 1246.207377][ T2557] RDX: 000000000812b000 RSI: 0000000000000000 RDI: 000000000815af6c [ 1246.207377][ T2557] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1246.207377][ T2557] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1246.207377][ T2557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1246.522042][ T2557] Mem-Info: [ 1246.525519][ T2557] active_anon:42918 inactive_anon:233 isolated_anon:0 [ 1246.525519][ T2557] active_file:2877 inactive_file:21043 isolated_file:0 [ 1246.525519][ T2557] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1246.525519][ T2557] slab_reclaimable:15681 slab_unreclaimable:60212 [ 1246.525519][ T2557] mapped:39903 shmem:307 pagetables:2587 bounce:0 03:38:13 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000086, 0x0, 0x0, 0x0, 0x0) [ 1246.525519][ T2557] free:142942 free_pcp:82 free_cma:0 [ 1246.567075][ T2557] Node 0 active_anon:137144kB inactive_anon:896kB active_file:0kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1246.596932][ T2557] Node 0 DMA free:2856kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:300kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:196kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1246.631657][ T2557] lowmem_reserve[]: 0 532 532 532 532 [ 1246.641707][ T2557] Node 0 DMA32 free:25232kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136844kB inactive_anon:896kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9108kB pagetables:4832kB bounce:0kB free_pcp:800kB local_pcp:292kB free_cma:0kB [ 1246.701723][ T2557] lowmem_reserve[]: 0 0 0 0 0 [ 1246.710058][ T2557] Node 0 DMA: 5*4kB (UM) 16*8kB (UM) 13*16kB (UME) 11*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2884kB [ 1246.731407][ T2557] Node 0 DMA32: 815*4kB (UME) 542*8kB (UME) 308*16kB (UME) 119*32kB (UME) 45*64kB (UME) 19*128kB (UME) 11*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 24972kB [ 1246.767145][ T2557] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1246.781692][ T2557] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1246.797591][ T2557] 16598 total pagecache pages [ 1246.804029][ T2557] 0 pages in swap cache [ 1246.809469][ T2557] Swap cache stats: add 0, delete 0, find 0/0 [ 1246.817046][ T2557] Free swap = 0kB [ 1246.821780][ T2557] Total swap = 0kB [ 1246.826989][ T2557] 524155 pages RAM [ 1246.833283][ T2557] 0 pages HighMem/MovableOnly [ 1246.838883][ T2557] 141707 pages reserved [ 1246.843865][ T2557] 0 pages cma reserved [ 1246.850349][ T2557] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=14602,uid=0 [ 1246.868459][ T2557] Out of memory: Killed process 14602 (syz-executor.3) total-vm:72348kB, anon-rss:140kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1246.889240][ T1129] oom_reaper: reaped process 14602 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:38:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="0203000310000000000000000000000005000600000000000a0000000000000000000000000000000000ffffac1e000100000000000000000200090008000000010000000000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000d6375c30e78057dba7aa1fa8f24ff9597635862c260e8cd7cc56ea4d24469e1a242cccd4929f04f8000000385d157089a1b2512c4f4424ae5fada54b5e561a59d2f4e9e34800eeb3fc45a3659fbd3bc94b4e31f44330059dac8df2a7848a9dbd26aa833d2e076787845b2f81a27414cd8b28ccf048f6b3f2fff81779f0c014cb83fbc0271526fb664c7b39544cbb7536694a9bbac4e8da098e5f08caeed4751ed81b31b288d4696f4e"], 0x80}}, 0x0) 03:38:14 executing program 1: unshare(0x400) r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x0) 03:38:14 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000500)=0x5) 03:38:14 executing program 1: readlink(0x0, 0x0, 0x0) 03:38:14 executing program 1: readlink(0x0, 0x0, 0x0) 03:38:14 executing program 1: readlink(0x0, 0x0, 0x0) 03:38:14 executing program 1: readlink(0x0, 0x0, 0x0) 03:38:14 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000500)=0x5) 03:38:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="0203000310000000000000000000000005000600000000000a0000000000000000000000000000000000ffffac1e000100000000000000000200090008000000010000000000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000d6375c30e78057dba7aa1fa8f24ff9597635862c260e8cd7cc56ea4d24469e1a242cccd4929f04f8000000385d157089a1b2512c4f4424ae5fada54b5e561a59d2f4e9e34800eeb3fc45a3659fbd3bc94b4e31f44330059dac8df2a7848a9dbd26aa833d2e076787845b2f81a27414cd8b28ccf048f6b3f2fff81779f0c014cb83fbc0271526fb664c7b39544cbb7536694a9bbac4e8da098e5f08caeed4751ed81b31b288d4696f4e"], 0x80}}, 0x0) 03:38:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x34, 0x12, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 03:38:14 executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000180)="25bca274769e620a2734fa0095e0612687ecb86a5c8802a9d8aea872943afd874e2f98b579a7086270146d0e0206e73ba8c63cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@nouser_xattr='nouser_xattr'}]}) [ 1247.422179][ T2716] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 03:38:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x34, 0x12, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 1247.422179][ T2716] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1247.422179][ T2716] 03:38:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x34, 0x12, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 1247.446683][ T2716] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) 03:38:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="0203000310000000000000000000000005000600000000000a0000000000000000000000000000000000ffffac1e000100000000000000000200090008000000010000000000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000d6375c30e78057dba7aa1fa8f24ff9597635862c260e8cd7cc56ea4d24469e1a242cccd4929f04f8000000385d157089a1b2512c4f4424ae5fada54b5e561a59d2f4e9e34800eeb3fc45a3659fbd3bc94b4e31f44330059dac8df2a7848a9dbd26aa833d2e076787845b2f81a27414cd8b28ccf048f6b3f2fff81779f0c014cb83fbc0271526fb664c7b39544cbb7536694a9bbac4e8da098e5f08caeed4751ed81b31b288d4696f4e"], 0x80}}, 0x0) 03:38:14 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000500)=0x5) 03:38:14 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x34, 0x12, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 1247.541268][ T2716] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 [ 1247.541268][ T2716] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1247.541268][ T2716] 03:38:14 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000b6dfc8)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="0203000310000000000000000000000005000600000000000a0000000000000000000000000000000000ffffac1e000100000000000000000200090008000000010000000000000002000100000000000000000d0000000005000500000000000a00000000000000fe8000000000000000000000000000000000000000000000d6375c30e78057dba7aa1fa8f24ff9597635862c260e8cd7cc56ea4d24469e1a242cccd4929f04f8000000385d157089a1b2512c4f4424ae5fada54b5e561a59d2f4e9e34800eeb3fc45a3659fbd3bc94b4e31f44330059dac8df2a7848a9dbd26aa833d2e076787845b2f81a27414cd8b28ccf048f6b3f2fff81779f0c014cb83fbc0271526fb664c7b39544cbb7536694a9bbac4e8da098e5f08caeed4751ed81b31b288d4696f4e"], 0x80}}, 0x0) [ 1247.571444][ T2716] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) 03:38:14 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x6f, 0x2) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x8008551d, &(0x7f0000000080)={0x0, 0x1, [{}]}) 03:38:14 executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000180)="25bca274769e620a2734fa0095e0612687ecb86a5c8802a9d8aea872943afd874e2f98b579a7086270146d0e0206e73ba8c63cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@nouser_xattr='nouser_xattr'}]}) 03:38:14 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) 03:38:14 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) migrate_pages(0x0, 0x3, 0x0, &(0x7f0000000500)=0x5) 03:38:14 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:14 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) [ 1247.845172][ T2805] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 [ 1247.845172][ T2805] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1247.845172][ T2805] 03:38:15 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) [ 1247.881924][ T2805] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) 03:38:15 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) 03:38:15 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) 03:38:15 executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000180)="25bca274769e620a2734fa0095e0612687ecb86a5c8802a9d8aea872943afd874e2f98b579a7086270146d0e0206e73ba8c63cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@nouser_xattr='nouser_xattr'}]}) 03:38:15 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) 03:38:15 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:15 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000b00)={'vxcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000b40)={0x1d, r2}, 0x10) setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000), 0x4) [ 1248.087353][ T2880] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 03:38:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1248.087353][ T2880] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1248.087353][ T2880] [ 1248.119913][ T2880] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) 03:38:15 executing program 2: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000240)=@md0='/dev/md0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='squashfs\x00', 0x0, 0x0) 03:38:15 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x1c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:15 executing program 3: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000180)="25bca274769e620a2734fa0095e0612687ecb86a5c8802a9d8aea872943afd874e2f98b579a7086270146d0e0206e73ba8c63cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@nouser_xattr='nouser_xattr'}]}) 03:38:15 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:15 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:15 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='binder\x00', 0x0, 0x0) 03:38:15 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='binder\x00', 0x0, 0x0) 03:38:15 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='binder\x00', 0x0, 0x0) [ 1248.426549][ T3013] EXT4-fs (loop3): Mount option "nouser_xattr" will be removed by 3.5 03:38:15 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) [ 1248.426549][ T3013] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 1248.426549][ T3013] 03:38:15 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='binder\x00', 0x0, 0x0) [ 1248.459293][ T3013] EXT4-fs (loop3): Unsupported filesystem blocksize 0 (1923657432 log_block_size) 03:38:15 executing program 0: setpriority(0x1, 0x0, 0x0) 03:38:15 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:15 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:15 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x28, r1, 0xf01, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) 03:38:15 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) [ 1248.786685][ T3131] syz-executor.2 invoked oom-killer: gfp_mask=0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), order=0, oom_score_adj=0 [ 1248.803097][ T3131] CPU: 3 PID: 3131 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1248.812689][ T3131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1248.812928][ T3131] Call Trace: [ 1248.812928][ T3131] dump_stack+0x197/0x210 [ 1248.812928][ T3131] dump_header+0x10b/0x82d [ 1248.812928][ T3131] oom_kill_process.cold+0x10/0x15 [ 1248.812928][ T3131] out_of_memory+0x334/0x13c0 [ 1248.812928][ T3131] ? oom_killer_disable+0x280/0x280 [ 1248.812928][ T3131] ? mutex_trylock+0x264/0x2f0 [ 1248.812928][ T3131] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1248.812928][ T3131] __alloc_pages_slowpath+0x222b/0x2920 [ 1248.875348][ T3131] ? warn_alloc+0x110/0x110 [ 1248.875348][ T3131] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1248.875348][ T3131] ? should_fail+0x1de/0x852 [ 1248.875348][ T3131] ? __kasan_check_read+0x11/0x20 [ 1248.875348][ T3131] __alloc_pages_nodemask+0x646/0x910 [ 1248.875348][ T3131] ? xas_descend+0x144/0x370 [ 1248.914815][ T3131] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1248.924787][ T3131] ? __kasan_check_read+0x11/0x20 [ 1248.924787][ T3131] ? find_get_entry+0x4a6/0x7a0 [ 1248.924787][ T3131] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1248.924787][ T3131] alloc_pages_current+0x107/0x210 [ 1248.924787][ T3131] __page_cache_alloc+0x29d/0x490 [ 1248.924787][ T3131] pagecache_get_page+0x27e/0x9e0 [ 1248.963535][ T3131] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1248.969468][ T3131] grab_cache_page_write_begin+0x75/0xb0 [ 1248.976616][ T3131] ext4_da_write_begin+0x33b/0xc70 [ 1248.982335][ T3131] ? iov_iter_fault_in_readable+0x367/0x450 [ 1248.984773][ T3131] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1248.984773][ T3131] ? ext4_write_begin+0xdc0/0xdc0 [ 1248.984773][ T3131] ? copyin+0x150/0x150 [ 1248.984773][ T3131] generic_perform_write+0x23b/0x540 [ 1249.020364][ T3131] ? __mnt_drop_write_file+0x31/0x40 [ 1249.024707][ T3131] ? trace_event_raw_event_file_check_and_advance_wb_err+0x4b0/0x4b0 [ 1249.024707][ T3131] ? down_write+0xdf/0x150 [ 1249.024707][ T3131] ? file_modified+0x85/0xa0 [ 1249.024707][ T3131] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1249.055723][ T3131] ext4_buffered_write_iter+0x1fe/0x460 [ 1249.061721][ T3131] ext4_file_write_iter+0x20d/0x1770 [ 1249.064786][ T3131] ? aa_path_link+0x350/0x350 [ 1249.064786][ T3131] ? ext4_dio_supported+0x630/0x630 [ 1249.064786][ T3131] ? __kasan_check_read+0x11/0x20 [ 1249.084832][ T3131] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1249.091196][ T3131] ? iov_iter_init+0xee/0x220 [ 1249.091196][ T3131] new_sync_write+0x4d3/0x770 [ 1249.091196][ T3131] ? new_sync_read+0x800/0x800 [ 1249.091196][ T3131] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 1249.114917][ T3131] ? rcu_read_lock_bh_held+0xb0/0xb0 [ 1249.114917][ T3131] __vfs_write+0xe1/0x110 [ 1249.139063][ T3131] vfs_write+0x268/0x5d0 [ 1249.144734][ T3131] ksys_write+0x14f/0x290 [ 1249.144734][ T3131] ? __ia32_sys_read+0xb0/0xb0 [ 1249.144734][ T3131] ? do_fast_syscall_32+0xd1/0xe16 [ 1249.144734][ T3131] ? entry_SYSENTER_compat+0x70/0x7f [ 1249.144734][ T3131] ? do_fast_syscall_32+0xd1/0xe16 [ 1249.144734][ T3131] __ia32_sys_write+0x71/0xb0 [ 1249.144734][ T3131] do_fast_syscall_32+0x27b/0xe16 [ 1249.144734][ T3131] entry_SYSENTER_compat+0x70/0x7f [ 1249.144734][ T3131] RIP: 0023:0xf7f59a39 [ 1249.144734][ T3131] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1249.220370][ T3131] RSP: 002b:00000000f5d550cc EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 1249.223826][ T3131] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 1249.223826][ T3131] RDX: 000000000000ff33 RSI: 0000000000000000 RDI: 0000000000000000 [ 1249.223826][ T3131] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1249.223826][ T3131] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1249.223826][ T3131] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1249.281061][ T3131] Mem-Info: [ 1249.293034][ T3131] active_anon:42904 inactive_anon:233 isolated_anon:0 [ 1249.293034][ T3131] active_file:2878 inactive_file:21091 isolated_file:0 [ 1249.293034][ T3131] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1249.293034][ T3131] slab_reclaimable:15682 slab_unreclaimable:60523 [ 1249.293034][ T3131] mapped:39890 shmem:308 pagetables:2646 bounce:0 [ 1249.293034][ T3131] free:143565 free_pcp:62 free_cma:0 03:38:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x28, r1, 0xf01, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) [ 1249.308705][ T3240] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1249.310712][ T3240] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1249.501278][ T3131] Node 0 active_anon:137152kB inactive_anon:896kB active_file:0kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1249.549703][ T3131] Node 0 DMA free:2832kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 03:38:16 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) [ 1249.631233][ T3131] lowmem_reserve[]: 0 532 532 532 532 [ 1249.659358][ T3131] Node 0 DMA32 free:23684kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136884kB inactive_anon:896kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9196kB pagetables:4980kB bounce:0kB free_pcp:964kB local_pcp:124kB free_cma:0kB [ 1249.713441][ T3131] lowmem_reserve[]: 0 0 0 0 0 [ 1249.719925][ T3131] Node 0 DMA: 36*4kB (UM) 12*8kB (UM) 7*16kB (UME) 10*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2848kB [ 1249.751862][ T3131] Node 0 DMA32: 1151*4kB (UME) 546*8kB (UME) 192*16kB (UME) 98*32kB (UME) 45*64kB (UME) 19*128kB (UME) 11*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23820kB [ 1249.784196][ T3131] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1249.802966][ T3131] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1249.816956][ T3131] 16687 total pagecache pages [ 1249.825777][ T3131] 0 pages in swap cache [ 1249.831599][ T3131] Swap cache stats: add 0, delete 0, find 0/0 [ 1249.840889][ T3131] Free swap = 0kB [ 1249.846805][ T3131] Total swap = 0kB [ 1249.852419][ T3131] 524155 pages RAM [ 1249.857521][ T3131] 0 pages HighMem/MovableOnly [ 1249.863031][ T3131] 141707 pages reserved [ 1249.868129][ T3131] 0 pages cma reserved [ 1249.873198][ T3131] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=14654,uid=0 [ 1249.891117][ T3131] Out of memory: Killed process 14654 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1249.911388][ T1129] oom_reaper: reaped process 14654 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:38:17 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) [ 1249.948963][ T3129] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1249.966808][ T3129] CPU: 0 PID: 3129 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1249.976562][ T3129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1249.983914][ T3129] Call Trace: [ 1250.009437][ T3129] dump_stack+0x197/0x210 [ 1250.009437][ T3129] dump_header+0x10b/0x82d [ 1250.009437][ T3129] ? oom_kill_process+0x94/0x420 [ 1250.009437][ T3129] oom_kill_process.cold+0x10/0x15 [ 1250.009437][ T3129] out_of_memory+0x334/0x13c0 [ 1250.009437][ T3129] ? oom_killer_disable+0x280/0x280 [ 1250.009437][ T3129] ? mutex_trylock+0x264/0x2f0 [ 1250.009437][ T3129] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1250.009437][ T3129] __alloc_pages_slowpath+0x222b/0x2920 [ 1250.009437][ T3129] ? warn_alloc+0x110/0x110 [ 1250.009437][ T3129] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1250.009437][ T3129] ? should_fail+0x1de/0x852 [ 1250.009437][ T3129] ? __kasan_check_read+0x11/0x20 [ 1250.009437][ T3129] __alloc_pages_nodemask+0x646/0x910 [ 1250.009437][ T3129] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1250.009437][ T3129] ? lock_downgrade+0x920/0x920 [ 1250.009437][ T3129] ? __kasan_check_write+0x14/0x20 [ 1250.009437][ T3129] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1250.009437][ T3129] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1250.009437][ T3129] alloc_pages_vma+0xdd/0x620 [ 1250.009437][ T3129] __handle_mm_fault+0x1ed5/0x3da0 [ 1250.009437][ T3129] ? vm_iomap_memory+0x1a0/0x1a0 [ 1250.009437][ T3129] ? handle_mm_fault+0x292/0xa50 [ 1250.009437][ T3129] ? handle_mm_fault+0x7a0/0xa50 [ 1250.009437][ T3129] ? __kasan_check_read+0x11/0x20 [ 1250.009437][ T3129] handle_mm_fault+0x3b2/0xa50 [ 1250.009437][ T3129] __do_page_fault+0x536/0xd80 [ 1250.009437][ T3129] do_page_fault+0x38/0x590 [ 1250.009437][ T3129] do_async_page_fault+0x30/0xa0 [ 1250.009437][ T3129] async_page_fault+0x39/0x40 [ 1250.009437][ T3129] RIP: 0023:0x80577c6 [ 1250.009437][ T3129] Code: 9d 03 00 83 c4 20 83 f8 ff 89 45 ac 0f 84 f9 02 00 00 8b 45 ac 85 c0 0f 84 bc 02 00 00 8b 5d ac 8b 75 a0 8d 84 33 40 fb ff ff <89> 98 70 02 00 00 89 b0 74 02 00 00 89 c3 89 45 b4 05 8c 00 00 00 [ 1250.009437][ T3129] RSP: 002b:00000000ffcb54e0 EFLAGS: 00010286 [ 1250.009437][ T3129] RAX: 00000000f5d13b40 RBX: 00000000f5cf3000 RCX: 0000000000021000 [ 1250.009437][ T3129] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000021000 [ 1250.009437][ T3129] RBP: 00000000ffcb5558 R08: 0000000000000000 R09: 0000000000000000 [ 1250.009437][ T3129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1250.009437][ T3129] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1250.357572][ T3129] Mem-Info: [ 1250.363806][ T3129] active_anon:42942 inactive_anon:233 isolated_anon:0 [ 1250.363806][ T3129] active_file:2884 inactive_file:21127 isolated_file:0 [ 1250.363806][ T3129] unevictable:0 dirty:22 writeback:0 unstable:0 [ 1250.363806][ T3129] slab_reclaimable:15692 slab_unreclaimable:60772 [ 1250.363806][ T3129] mapped:39903 shmem:307 pagetables:2576 bounce:0 [ 1250.363806][ T3129] free:142932 free_pcp:241 free_cma:0 [ 1250.416545][ T3244] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:38:17 executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x28, r1, 0xf01, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) [ 1250.427653][ T3129] Node 0 active_anon:137220kB inactive_anon:896kB active_file:0kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:8kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1250.469040][ T3129] Node 0 DMA free:2852kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:296kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:164kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1250.508953][ T3129] lowmem_reserve[]: 0 532 532 532 532 [ 1250.520156][ T3129] Node 0 DMA32 free:24716kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136896kB inactive_anon:896kB active_file:0kB inactive_file:32kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9200kB pagetables:4980kB bounce:0kB free_pcp:1324kB local_pcp:520kB free_cma:0kB [ 1250.564297][ T3129] lowmem_reserve[]: 0 0 0 0 0 [ 1250.569995][ T3129] Node 0 DMA: 27*4kB (U) 22*8kB (UM) 7*16kB (UME) 10*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2892kB [ 1250.592571][ T3129] Node 0 DMA32: 1089*4kB (UME) 705*8kB (UME) 222*16kB (UME) 98*32kB (UME) 45*64kB (UME) 19*128kB (UME) 12*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 25580kB [ 1250.598123][ T3252] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 1250.617155][ T3129] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1250.640288][ T3129] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1250.651915][ T3129] 16697 total pagecache pages [ 1250.658414][ T3129] 0 pages in swap cache [ 1250.663234][ T3129] Swap cache stats: add 0, delete 0, find 0/0 [ 1250.670801][ T3129] Free swap = 0kB [ 1250.675332][ T3129] Total swap = 0kB [ 1250.680028][ T3129] 524155 pages RAM [ 1250.684447][ T3129] 0 pages HighMem/MovableOnly [ 1250.690363][ T3129] 141707 pages reserved [ 1250.695583][ T3129] 0 pages cma reserved [ 1250.700393][ T3129] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=14646,uid=0 [ 1250.732494][ T3129] Out of memory: Killed process 14646 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1250.781779][ T1129] oom_reaper: reaped process 14646 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:38:17 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0xc2542, 0x0) write$sndseq(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xff33) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) 03:38:17 executing program 0: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x28, r1, 0xf01, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}]}]}, 0x28}}, 0x0) 03:38:17 executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) [ 1250.850099][ T3259] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:38:18 executing program 3: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:18 executing program 0: openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyprintk\x00', 0x0, 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 03:38:18 executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:18 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0) 03:38:18 executing program 3: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:18 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0) 03:38:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0) 03:38:18 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)={0x18, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}}, 0x0) 03:38:18 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 3: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00#\x7f\x80P=r\xc4\x17I~\x85\xadq\xd6\xde@\xb3\xd5\x9f2R\xa3Z\xd3\x9b\xbd\xa1\xa3/\xc0\x91J\x01!8#\x04\x0f\xc3\xb7\x95\xdc\xaa\x91\xfb\xa1]PVH\xaa\x19\x04\x80\x94\'\xc7\fL\xac\xcf:\x92N\x94\xde\x87\xc4\x9b\x87\xd2\xcc{X\xedVr\xecP\xf9&^I\x9f}3U?\x1a\r\x9d', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000080)='pids.current\x00', 0x0, 0x0) close(r0) socket$kcm(0x10, 0x2, 0x10) socket$kcm(0x10, 0x2, 0x10) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r3 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161) sendmsg$kcm(r3, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0x0) 03:38:18 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x6, 0x0, "e4b80b549026321cd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "e4b80b549026321dd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0x1dacc1cc7595f053) 03:38:18 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x6, 0x0, "e4b80b549026321cd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "e4b80b549026321dd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0x1dacc1cc7595f053) 03:38:18 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x6, 0x0, "e4b80b549026321cd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "e4b80b549026321dd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0x1dacc1cc7595f053) 03:38:18 executing program 2: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) 03:38:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x6, 0x0, "e4b80b549026321cd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0xd8) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000380)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x0, 0x0, "e4b80b549026321dd9e8af965a413c51a8f281ab19f01dea1af56603ae52bb5d8981a539b56de71d901630e949f38ae55a7249cd4b42e375bce9beba0778fb94c809ee5f1273a9a82dc736c48bb798a9"}, 0x1dacc1cc7595f053) 03:38:18 executing program 3: syz_mount_image$cifs(&(0x7f0000000000)='cifs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1000400, 0x0) [ 1251.391905][ T3407] CIFS: Attempting to mount /dev/loop3 [ 1251.401860][ T3407] CIFS VFS: Malformed UNC in devname. 03:38:18 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001d008105e00f80ecdb4cb9f207c825a01c00000007000a000a000200040ada1b40d805000500c50083b8", 0x2e}], 0x1}, 0x0) 03:38:18 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) mmap(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x1, 0x8972, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @empty}, 0x10) connect$inet(r0, &(0x7f00009322c4)={0x2, 0x0, @initdev}, 0x10) [ 1251.479251][ T3534] bridge_slave_1: FDB only supports static addresses [ 1251.507017][ T3407] CIFS: Attempting to mount /dev/loop3 [ 1251.523287][ T3407] CIFS VFS: Malformed UNC in devname. 03:38:18 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001d008105e00f80ecdb4cb9f207c825a01c00000007000a000a000200040ada1b40d805000500c50083b8", 0x2e}], 0x1}, 0x0) 03:38:18 executing program 2: getitimer(0x2, &(0x7f00000001c0)) [ 1251.566927][ T3589] bridge_slave_1: FDB only supports static addresses 03:38:18 executing program 3: syz_mount_image$cifs(&(0x7f0000000000)='cifs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1000400, 0x0) 03:38:18 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001d008105e00f80ecdb4cb9f207c825a01c00000007000a000a000200040ada1b40d805000500c50083b8", 0x2e}], 0x1}, 0x0) [ 1251.645317][ T3668] bridge_slave_1: FDB only supports static addresses 03:38:18 executing program 2: getitimer(0x2, &(0x7f00000001c0)) 03:38:18 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) [ 1251.660675][ T3679] CIFS: Attempting to mount /dev/loop3 03:38:18 executing program 2: getitimer(0x2, &(0x7f00000001c0)) [ 1251.680705][ T3679] CIFS VFS: Malformed UNC in devname. 03:38:18 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 03:38:18 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e0000001d008105e00f80ecdb4cb9f207c825a01c00000007000a000a000200040ada1b40d805000500c50083b8", 0x2e}], 0x1}, 0x0) [ 1251.771891][ T3689] bridge_slave_1: FDB only supports static addresses 03:38:18 executing program 3: syz_mount_image$cifs(&(0x7f0000000000)='cifs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1000400, 0x0) 03:38:18 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) 03:38:18 executing program 2: getitimer(0x2, &(0x7f00000001c0)) 03:38:18 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, 0x0, 0x0) [ 1251.827049][ T3698] CIFS: Attempting to mount /dev/loop3 03:38:18 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r0) [ 1251.840470][ T3698] CIFS VFS: Malformed UNC in devname. 03:38:18 executing program 1: io_setup(0xa, &(0x7f00000004c0)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1a5, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 03:38:19 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x302}, 0x3c) 03:38:19 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r0) 03:38:19 executing program 3: syz_mount_image$cifs(&(0x7f0000000000)='cifs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x1000400, 0x0) 03:38:19 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r0) 03:38:19 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x302}, 0x3c) 03:38:19 executing program 0: r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0), 0x4) close(r0) [ 1252.018378][ T3821] CIFS: Attempting to mount /dev/loop3 [ 1252.028398][ T3821] CIFS VFS: Malformed UNC in devname. 03:38:19 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x302}, 0x3c) 03:38:19 executing program 1: io_setup(0xa, &(0x7f00000004c0)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1a5, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 03:38:19 executing program 0: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000200007041dfffd946f6105000200000a1f0000090028080008000c00e9110000", 0x24}], 0x1}, 0x0) 03:38:19 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x302}, 0x3c) 03:38:19 executing program 0: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000200007041dfffd946f6105000200000a1f0000090028080008000c00e9110000", 0x24}], 0x1}, 0x0) 03:38:19 executing program 2: keyctl$get_persistent(0x11, 0x0, 0x0) 03:38:19 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045009, &(0x7f00000000c0)=0x8) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) 03:38:19 executing program 0: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000200007041dfffd946f6105000200000a1f0000090028080008000c00e9110000", 0x24}], 0x1}, 0x0) 03:38:19 executing program 0: r0 = socket$inet(0x10, 0x80003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="24000000200007041dfffd946f6105000200000a1f0000090028080008000c00e9110000", 0x24}], 0x1}, 0x0) 03:38:19 executing program 1: io_setup(0xa, &(0x7f00000004c0)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1a5, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 03:38:19 executing program 2: keyctl$get_persistent(0x11, 0x0, 0x0) 03:38:19 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000140)={0x0, r1/1000+30000}, 0x8) getsockopt$sock_buf(r0, 0x1, 0x14, 0x0, &(0x7f00000002c0)) 03:38:19 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000140)={0x0, r1/1000+30000}, 0x8) getsockopt$sock_buf(r0, 0x1, 0x14, 0x0, &(0x7f00000002c0)) [ 1252.463480][ T3864] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:38:19 executing program 1: io_setup(0xa, &(0x7f00000004c0)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x1a5, &(0x7f0000000280)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 1252.487545][ T3864] CPU: 1 PID: 3864 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1252.495946][ T3864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1252.495946][ T3864] Call Trace: [ 1252.495946][ T3864] dump_stack+0x197/0x210 [ 1252.495946][ T3864] dump_header+0x10b/0x82d [ 1252.495946][ T3864] ? oom_kill_process+0x94/0x420 [ 1252.495946][ T3864] oom_kill_process.cold+0x10/0x15 [ 1252.495946][ T3864] out_of_memory+0x334/0x13c0 [ 1252.554967][ T3864] ? oom_killer_disable+0x280/0x280 [ 1252.554967][ T3864] ? mutex_trylock+0x264/0x2f0 [ 1252.554967][ T3864] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1252.554967][ T3864] __alloc_pages_slowpath+0x222b/0x2920 [ 1252.554967][ T3864] ? warn_alloc+0x110/0x110 [ 1252.554967][ T3864] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1252.554967][ T3864] ? should_fail+0x1de/0x852 [ 1252.554967][ T3864] ? __kasan_check_read+0x11/0x20 [ 1252.554967][ T3864] __alloc_pages_nodemask+0x646/0x910 [ 1252.554967][ T3864] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1252.554967][ T3864] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1252.554967][ T3864] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1252.554967][ T3864] alloc_pages_vma+0xdd/0x620 [ 1252.554967][ T3864] wp_page_copy+0x226/0x1560 [ 1252.554967][ T3864] ? find_held_lock+0x35/0x130 [ 1252.554967][ T3864] ? follow_pfn+0x2a0/0x2a0 [ 1252.554967][ T3864] ? lock_downgrade+0x920/0x920 [ 1252.554967][ T3864] ? swp_swapcount+0x540/0x540 [ 1252.554967][ T3864] ? do_raw_spin_unlock+0x178/0x270 [ 1252.554967][ T3864] do_wp_page+0x543/0x1540 [ 1252.554967][ T3864] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1252.554967][ T3864] __handle_mm_fault+0x327b/0x3da0 [ 1252.554967][ T3864] ? vm_iomap_memory+0x1a0/0x1a0 [ 1252.554967][ T3864] ? handle_mm_fault+0x292/0xa50 [ 1252.554967][ T3864] ? handle_mm_fault+0x7a0/0xa50 [ 1252.554967][ T3864] ? __kasan_check_read+0x11/0x20 [ 1252.554967][ T3864] handle_mm_fault+0x3b2/0xa50 [ 1252.554967][ T3864] __do_page_fault+0x536/0xd80 [ 1252.554967][ T3864] do_page_fault+0x38/0x590 [ 1252.554967][ T3864] do_async_page_fault+0x30/0xa0 [ 1252.554967][ T3864] async_page_fault+0x39/0x40 [ 1252.554967][ T3864] RIP: 0010:__put_user_4+0x1c/0x30 [ 1252.554967][ T3864] Code: 01 ca c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 c0 1e 02 00 48 8b 9b d0 14 00 00 48 83 eb 03 48 39 d9 73 4a 0f 01 cb <89> 01 31 c0 0f 01 ca c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 1252.554967][ T3864] RSP: 0018:ffffc90004767f30 EFLAGS: 00050293 [ 1252.554967][ T3864] RAX: 0000000000007dba RBX: 00007fffffffeffd RCX: 0000000008873968 [ 1252.554967][ T3864] RDX: dffffc0000000000 RSI: 1ffff1100d808aeb RDI: ffff88806c045470 [ 1252.554967][ T3864] RBP: ffffc90004767f48 R08: 0000000000000001 R09: ffff88806c045750 [ 1252.554967][ T3864] R10: fffffbfff14f33b0 R11: ffffffff8a799d87 R12: 0000000000000000 [ 1252.554967][ T3864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1252.874752][ T3864] ? schedule_tail+0xd8/0x130 [ 1252.874752][ T3864] ret_from_fork+0x8/0x30 [ 1252.874752][ T3864] RIP: 0023:0xf7f59a39 [ 1252.874752][ T3864] Code: Bad RIP value. [ 1252.874752][ T3864] RSP: 002b:00000000ffcb56e0 EFLAGS: 00000246 ORIG_RAX: 0000000000000078 [ 1252.874752][ T3864] RAX: 0000000000000000 RBX: 0000000001200011 RCX: 0000000000000000 [ 1252.874752][ T3864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008873968 [ 1252.874752][ T3864] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1252.874752][ T3864] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1252.874752][ T3864] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1252.989156][ T3864] Mem-Info: [ 1252.992998][ T3864] active_anon:42841 inactive_anon:233 isolated_anon:0 [ 1252.992998][ T3864] active_file:2877 inactive_file:21056 isolated_file:0 [ 1252.992998][ T3864] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1252.992998][ T3864] slab_reclaimable:15686 slab_unreclaimable:60424 [ 1252.992998][ T3864] mapped:39890 shmem:307 pagetables:2533 bounce:0 [ 1252.992998][ T3864] free:143098 free_pcp:35 free_cma:0 [ 1253.055045][ T3864] Node 0 active_anon:137064kB inactive_anon:896kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:12kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1253.093407][ T3864] Node 0 DMA free:2812kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:152kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1253.133082][ T3864] lowmem_reserve[]: 0 532 532 532 532 [ 1253.143133][ T3864] Node 0 DMA32 free:23988kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136796kB inactive_anon:896kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:4kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9196kB pagetables:4880kB bounce:0kB free_pcp:256kB local_pcp:32kB free_cma:0kB [ 1253.188858][ T3864] lowmem_reserve[]: 0 0 0 0 0 [ 1253.200393][ T3864] Node 0 DMA: 17*4kB (UM) 11*8kB (UM) 15*16kB (UME) 8*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2828kB [ 1253.228770][ T3864] Node 0 DMA32: 1187*4kB (UME) 424*8kB (UME) 217*16kB (UME) 99*32kB (UME) 44*64kB (UME) 21*128kB (UME) 12*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23868kB [ 1253.266551][ T3864] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1253.282111][ T3864] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1253.297730][ T3864] 16640 total pagecache pages [ 1253.304317][ T3864] 0 pages in swap cache [ 1253.310617][ T3864] Swap cache stats: add 0, delete 0, find 0/0 [ 1253.319512][ T3864] Free swap = 0kB [ 1253.325361][ T3864] Total swap = 0kB [ 1253.330728][ T3864] 524155 pages RAM [ 1253.337985][ T3864] 0 pages HighMem/MovableOnly [ 1253.346281][ T3864] 141707 pages reserved [ 1253.352496][ T3864] 0 pages cma reserved [ 1253.360149][ T3864] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz2,task=syz-executor.2,pid=14632,uid=0 [ 1253.384432][ T3864] Out of memory: Killed process 14632 (syz-executor.2) total-vm:72348kB, anon-rss:136kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:110592kB oom_score_adj:1000 [ 1253.408753][ T1129] oom_reaper: reaped process 14632 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1253.462294][ T9407] syz-executor.2 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1253.476870][ T9407] CPU: 3 PID: 9407 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1253.486665][ T9407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1253.486665][ T9407] Call Trace: [ 1253.486665][ T9407] dump_stack+0x197/0x210 [ 1253.486665][ T9407] dump_header+0x10b/0x82d [ 1253.486665][ T9407] ? oom_kill_process+0x94/0x420 [ 1253.486665][ T9407] oom_kill_process.cold+0x10/0x15 [ 1253.486665][ T9407] out_of_memory+0x334/0x13c0 [ 1253.486665][ T9407] ? oom_killer_disable+0x280/0x280 [ 1253.486665][ T9407] ? mutex_trylock+0x264/0x2f0 [ 1253.486665][ T9407] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1253.486665][ T9407] __alloc_pages_slowpath+0x222b/0x2920 [ 1253.486665][ T9407] ? warn_alloc+0x110/0x110 [ 1253.486665][ T9407] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1253.486665][ T9407] ? should_fail+0x1de/0x852 [ 1253.486665][ T9407] ? __kasan_check_read+0x11/0x20 [ 1253.486665][ T9407] __alloc_pages_nodemask+0x646/0x910 [ 1253.486665][ T9407] ? cpuacct_charge+0x1db/0x360 [ 1253.486665][ T9407] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1253.486665][ T9407] ? update_curr+0x3e0/0x8d0 [ 1253.486665][ T9407] ? update_curr+0x3e0/0x8d0 [ 1253.486665][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1253.486665][ T9407] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1253.486665][ T9407] alloc_pages_vma+0xdd/0x620 [ 1253.486665][ T9407] wp_page_copy+0x226/0x1560 [ 1253.486665][ T9407] ? find_held_lock+0x35/0x130 [ 1253.486665][ T9407] ? follow_pfn+0x2a0/0x2a0 [ 1253.486665][ T9407] ? lock_downgrade+0x920/0x920 [ 1253.486665][ T9407] ? swp_swapcount+0x540/0x540 [ 1253.486665][ T9407] ? do_raw_spin_unlock+0x178/0x270 [ 1253.486665][ T9407] do_wp_page+0x543/0x1540 [ 1253.486665][ T9407] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1253.486665][ T9407] __handle_mm_fault+0x327b/0x3da0 [ 1253.486665][ T9407] ? vm_iomap_memory+0x1a0/0x1a0 [ 1253.486665][ T9407] ? handle_mm_fault+0x292/0xa50 [ 1253.486665][ T9407] ? handle_mm_fault+0x7a0/0xa50 [ 1253.486665][ T9407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1253.486665][ T9407] ? sync_mm_rss+0xa8/0x1e0 [ 1253.486665][ T9407] handle_mm_fault+0x3b2/0xa50 [ 1253.486665][ T9407] __do_page_fault+0x536/0xd80 [ 1253.486665][ T9407] do_page_fault+0x38/0x590 [ 1253.486665][ T9407] do_async_page_fault+0x30/0xa0 [ 1253.486665][ T9407] async_page_fault+0x39/0x40 [ 1253.486665][ T9407] RIP: 0023:0x808fa5d [ 1253.486665][ T9407] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1253.486665][ T9407] RSP: 002b:00000000ffcb56f0 EFLAGS: 00010246 [ 1253.486665][ T9407] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1253.486665][ T9407] RDX: 00000000ffcb56f0 RSI: 00000000ffcb56f0 RDI: 0000000000007dba [ 1253.486665][ T9407] RBP: 00000000ffcb5738 R08: 0000000000000000 R09: 0000000000000000 [ 1253.486665][ T9407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1253.486665][ T9407] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1253.856643][ T9407] Mem-Info: [ 1253.860345][ T9407] active_anon:42813 inactive_anon:233 isolated_anon:0 [ 1253.860345][ T9407] active_file:2875 inactive_file:21095 isolated_file:0 [ 1253.860345][ T9407] unevictable:0 dirty:6 writeback:11 unstable:0 [ 1253.860345][ T9407] slab_reclaimable:15691 slab_unreclaimable:60722 [ 1253.860345][ T9407] mapped:39903 shmem:307 pagetables:2490 bounce:0 [ 1253.860345][ T9407] free:143184 free_pcp:0 free_cma:0 [ 1253.917759][ T9407] Node 0 active_anon:137152kB inactive_anon:896kB active_file:0kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:4kB writeback:4kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1253.953079][ T9407] Node 0 DMA free:2828kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:156kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1253.988862][ T9407] lowmem_reserve[]: 0 532 532 532 532 [ 1253.996393][ T9407] Node 0 DMA32 free:23024kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136884kB inactive_anon:896kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9140kB pagetables:4892kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1254.035432][ T9407] lowmem_reserve[]: 0 0 0 0 0 [ 1254.042424][ T9407] Node 0 DMA: 17*4kB (UM) 14*8kB (UM) 15*16kB (UME) 8*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2852kB [ 1254.064435][ T9407] Node 0 DMA32: 1252*4kB (UME) 458*8kB (UME) 175*16kB (UME) 93*32kB (UME) 44*64kB (UME) 21*128kB (UME) 12*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23536kB [ 1254.092238][ T9407] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 03:38:21 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000140)={0x0, r1/1000+30000}, 0x8) getsockopt$sock_buf(r0, 0x1, 0x14, 0x0, &(0x7f00000002c0)) 03:38:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:38:21 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000440)=""/204, &(0x7f00000002c0)=0xcc) [ 1254.125162][ T9407] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1254.158759][ T9407] 16649 total pagecache pages [ 1254.174355][ T9407] 0 pages in swap cache [ 1254.188627][ T3875] IPVS: length: 204 != 8 03:38:21 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000140)={0x0, r1/1000+30000}, 0x8) getsockopt$sock_buf(r0, 0x1, 0x14, 0x0, &(0x7f00000002c0)) [ 1254.192025][ T9407] Swap cache stats: add 0, delete 0, find 0/0 [ 1254.231510][ T9407] Free swap = 0kB [ 1254.247514][ T9407] Total swap = 0kB [ 1254.268001][ T9407] 524155 pages RAM [ 1254.283296][ T9407] 0 pages HighMem/MovableOnly [ 1254.296324][ T9407] 141707 pages reserved [ 1254.311635][ T9407] 0 pages cma reserved [ 1254.320960][ T9407] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=13142,uid=0 [ 1254.351058][ T9407] Out of memory: Killed process 13142 (syz-executor.3) total-vm:72348kB, anon-rss:104kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:106496kB oom_score_adj:1000 03:38:21 executing program 2: keyctl$get_persistent(0x11, 0x0, 0x0) 03:38:21 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000440)=""/204, &(0x7f00000002c0)=0xcc) 03:38:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x3}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1254.421351][ T3883] IPVS: length: 204 != 8 03:38:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x3}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:21 executing program 2: keyctl$get_persistent(0x11, 0x0, 0x0) 03:38:21 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000440)=""/204, &(0x7f00000002c0)=0xcc) 03:38:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:38:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x3}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x3}, [@call]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1254.519938][ T3896] IPVS: length: 204 != 8 03:38:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:38:21 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000440)=""/204, &(0x7f00000002c0)=0xcc) 03:38:21 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) [ 1254.563208][ T3903] IPVS: length: 204 != 8 03:38:21 executing program 0: io_setup(0x34aa, &(0x7f0000000000)=0x0) io_getevents(r0, 0x9, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}) 03:38:21 executing program 3: perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:38:21 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 03:38:21 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) [ 1254.628967][ T1715] tipc: TX() has been purged, node left! 03:38:21 executing program 0: io_setup(0x34aa, &(0x7f0000000000)=0x0) io_getevents(r0, 0x9, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}) 03:38:21 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 03:38:21 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000000)=0x80f806766c7df7b9) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r2, 0x0, 0x3, 0x3}, 0x10) 03:38:21 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @dev}}}, 0x108) 03:38:22 executing program 2: timer_create(0x4000000000000003, &(0x7f000004c000)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f000004cffc)) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x7}}, 0x0) 03:38:22 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 03:38:22 executing program 0: io_setup(0x34aa, &(0x7f0000000000)=0x0) io_getevents(r0, 0x9, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}) [ 1255.032977][ T4028] syz-executor.2 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1255.089226][ T4028] CPU: 2 PID: 4028 Comm: syz-executor.2 Not tainted 5.5.0-rc2-syzkaller #0 [ 1255.098475][ T4028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1255.098475][ T4028] Call Trace: [ 1255.098475][ T4028] dump_stack+0x197/0x210 [ 1255.098475][ T4028] dump_header+0x10b/0x82d [ 1255.098475][ T4028] ? oom_kill_process+0x94/0x420 [ 1255.098475][ T4028] oom_kill_process.cold+0x10/0x15 [ 1255.098475][ T4028] out_of_memory+0x334/0x13c0 [ 1255.098475][ T4028] ? oom_killer_disable+0x280/0x280 [ 1255.098475][ T4028] ? mutex_trylock+0x264/0x2f0 [ 1255.098475][ T4028] ? __alloc_pages_slowpath+0xca3/0x2920 03:38:22 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) [ 1255.098475][ T4028] __alloc_pages_slowpath+0x222b/0x2920 03:38:22 executing program 0: io_setup(0x34aa, &(0x7f0000000000)=0x0) io_getevents(r0, 0x9, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}) [ 1255.098475][ T4028] ? warn_alloc+0x110/0x110 [ 1255.098475][ T4028] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1255.098475][ T4028] ? should_fail+0x1de/0x852 [ 1255.098475][ T4028] ? __kasan_check_read+0x11/0x20 [ 1255.098475][ T4028] __alloc_pages_nodemask+0x646/0x910 [ 1255.098475][ T4028] ? __pte_alloc+0x1b5/0x310 [ 1255.098475][ T4028] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1255.098475][ T4028] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1255.134193][ T4028] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1255.134193][ T4028] alloc_pages_vma+0xdd/0x620 [ 1255.134193][ T4028] __handle_mm_fault+0x1ed5/0x3da0 [ 1255.134193][ T4028] ? vm_iomap_memory+0x1a0/0x1a0 [ 1255.134193][ T4028] ? handle_mm_fault+0x292/0xa50 [ 1255.134193][ T4028] ? handle_mm_fault+0x7a0/0xa50 [ 1255.134193][ T4028] ? __kasan_check_read+0x11/0x20 [ 1255.134193][ T4028] handle_mm_fault+0x3b2/0xa50 [ 1255.134193][ T4028] __do_page_fault+0x536/0xd80 [ 1255.134193][ T4028] do_page_fault+0x38/0x590 [ 1255.134193][ T4028] do_async_page_fault+0x30/0xa0 [ 1255.134193][ T4028] async_page_fault+0x39/0x40 [ 1255.134193][ T4028] RIP: 0023:0x80486ca [ 1255.134193][ T4028] Code: 24 28 0b 54 24 2c 09 c2 75 27 ff 74 24 0c ff 74 24 0c 6a 00 6a 04 8b 44 24 40 8b 54 24 44 e8 bd 53 00 00 83 c4 10 8b 7c 24 1c <89> 07 e9 ca 01 00 00 8b 44 24 1c 31 d2 8b 00 ff 74 24 0c ff 74 24 [ 1255.134193][ T4028] RSP: 002b:00000000ffcb54e0 EFLAGS: 00010282 [ 1255.134193][ T4028] RAX: 0000000000000000 RBX: 000000000812b000 RCX: 0000000000000000 [ 1255.134193][ T4028] RDX: 0000000000000000 RSI: 00000000ffcb5670 RDI: 000000002004c000 [ 1255.134193][ T4028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 03:38:22 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000000)=0x80f806766c7df7b9) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r2, 0x0, 0x3, 0x3}, 0x10) [ 1255.134193][ T4028] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 1255.134193][ T4028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1255.141425][ T4028] Mem-Info: [ 1255.157284][ T4028] active_anon:42902 inactive_anon:233 isolated_anon:0 [ 1255.157284][ T4028] active_file:2880 inactive_file:21297 isolated_file:0 [ 1255.157284][ T4028] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1255.157284][ T4028] slab_reclaimable:15666 slab_unreclaimable:60351 [ 1255.157284][ T4028] mapped:39915 shmem:307 pagetables:2480 bounce:0 [ 1255.157284][ T4028] free:142154 free_pcp:466 free_cma:0 [ 1255.182397][ T4028] Node 0 active_anon:137264kB inactive_anon:896kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:0kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1255.202331][ T4028] Node 0 DMA free:2808kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:296kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1255.228845][ T4028] lowmem_reserve[]: 0 532 532 532 532 [ 1255.228862][ T4028] Node 0 DMA32 free:24116kB min:24132kB low:30164kB high:36196kB reserved_highatomic:0KB active_anon:136896kB inactive_anon:896kB active_file:8kB inactive_file:16kB unevictable:0kB writepending:0kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9132kB pagetables:4880kB bounce:0kB free_pcp:1864kB local_pcp:156kB free_cma:0kB [ 1255.228884][ T4028] lowmem_reserve[]: 0 0 0 0 0 [ 1255.228897][ T4028] Node 0 DMA: 27*4kB (UM) 6*8kB (UM) 16*16kB (UME) 8*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2844kB [ 1255.229012][ T4028] Node 0 DMA32: 747*4kB (UME) 606*8kB (UME) 234*16kB (UME) 94*32kB (UME) 44*64kB (UME) 21*128kB (UME) 13*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 23932kB [ 1255.229060][ T4028] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1255.229066][ T4028] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1255.229070][ T4028] 16884 total pagecache pages [ 1255.229075][ T4028] 0 pages in swap cache [ 1255.229080][ T4028] Swap cache stats: add 0, delete 0, find 0/0 [ 1255.229083][ T4028] Free swap = 0kB [ 1255.229086][ T4028] Total swap = 0kB [ 1255.229090][ T4028] 524155 pages RAM [ 1255.229094][ T4028] 0 pages HighMem/MovableOnly [ 1255.229097][ T4028] 141707 pages reserved [ 1255.229100][ T4028] 0 pages cma reserved [ 1255.229108][ T4028] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz2,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=13125,uid=0 [ 1255.262210][ T4028] Out of memory: Killed process 13125 (syz-executor.3) total-vm:72348kB, anon-rss:104kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:106496kB oom_score_adj:1000 03:38:23 executing program 2: timer_create(0x4000000000000003, &(0x7f000004c000)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f000004cffc)) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x7}}, 0x0) 03:38:23 executing program 2: timer_create(0x4000000000000003, &(0x7f000004c000)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f000004cffc)) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x7}}, 0x0) 03:38:23 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 03:38:23 executing program 2: timer_create(0x4000000000000003, &(0x7f000004c000)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f000004cffc)) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x7}}, 0x0) 03:38:23 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 03:38:23 executing program 2: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="02", 0x1, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000580)={r1, r0, r0}, 0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)={'crc32c-generic\x00\x000\x16\xc7\xec\x91\x05\x0e\xbb\x7f\x11\x97\xa9\x1a\xb4\x00'}}) 03:38:23 executing program 2: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="02", 0x1, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000580)={r1, r0, r0}, 0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)={'crc32c-generic\x00\x000\x16\xc7\xec\x91\x05\x0e\xbb\x7f\x11\x97\xa9\x1a\xb4\x00'}}) 03:38:24 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000000)=0x80f806766c7df7b9) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r2, 0x0, 0x3, 0x3}, 0x10) 03:38:24 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x24) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000080), 0x4) 03:38:24 executing program 2: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="02", 0x1, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000580)={r1, r0, r0}, 0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)={'crc32c-generic\x00\x000\x16\xc7\xec\x91\x05\x0e\xbb\x7f\x11\x97\xa9\x1a\xb4\x00'}}) 03:38:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 03:38:24 executing program 2: r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="02", 0x1, 0xfffffffffffffffb) keyctl$dh_compute(0x17, &(0x7f0000000580)={r1, r0, r0}, 0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)={'crc32c-generic\x00\x000\x16\xc7\xec\x91\x05\x0e\xbb\x7f\x11\x97\xa9\x1a\xb4\x00'}}) 03:38:24 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c09, 0x1000) 03:38:24 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x24) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000080), 0x4) 03:38:24 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xe, 0x0, &(0x7f0000000040)) 03:38:25 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000000)=0x80f806766c7df7b9) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000040)={r2, 0x0, 0x3, 0x3}, 0x10) 03:38:25 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x24) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000080), 0x4) 03:38:25 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xe, 0x0, &(0x7f0000000040)) 03:38:25 executing program 0: ioprio_get$pid(0x1, 0xffffffffffffffff) 03:38:25 executing program 0: ioprio_get$pid(0x1, 0xffffffffffffffff) 03:38:25 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xe, 0x0, &(0x7f0000000040)) 03:38:25 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000040)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x24) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000080), 0x4) 03:38:25 executing program 0: ioprio_get$pid(0x1, 0xffffffffffffffff) 03:38:26 executing program 1: syz_mount_image$msdos(&(0x7f0000000540)='msdos\x00', &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)={[{@fat=@errors_remount='errors=remount-ro'}]}) 03:38:26 executing program 0: ioprio_get$pid(0x1, 0xffffffffffffffff) 03:38:26 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xe, 0x0, &(0x7f0000000040)) 03:38:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x4, 0x3, 0x0, 0x0, 0xa}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1258.988510][ T4323] FAT-fs (loop1): bogus number of reserved sectors 03:38:26 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) 03:38:26 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f000012afe4)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 03:38:26 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x4, 0x3, 0x0, 0x0, 0xa}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1259.017638][ T4323] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1259.054987][ T4331] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1259.069462][ T9411] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:38:26 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1259.105053][ T9411] CPU: 2 PID: 9411 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1259.114618][ T9411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1259.139588][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1259.134510][ T9411] Call Trace: [ 1259.134510][ T9411] dump_stack+0x197/0x210 [ 1259.176833][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1259.134510][ T9411] dump_header+0x10b/0x82d [ 1259.134510][ T9411] ? oom_kill_process+0x94/0x420 [ 1259.134510][ T9411] oom_kill_process.cold+0x10/0x15 [ 1259.134510][ T9411] out_of_memory+0x334/0x13c0 [ 1259.134510][ T9411] ? oom_killer_disable+0x280/0x280 [ 1259.134510][ T9411] ? mutex_trylock+0x264/0x2f0 [ 1259.134510][ T9411] ? __alloc_pages_slowpath+0xca3/0x2920 [ 1259.134510][ T9411] __alloc_pages_slowpath+0x222b/0x2920 [ 1259.134510][ T9411] ? warn_alloc+0x110/0x110 [ 1259.134510][ T9411] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1259.134510][ T9411] ? should_fail+0x1de/0x852 [ 1259.134510][ T9411] ? __kasan_check_read+0x11/0x20 [ 1259.134510][ T9411] __alloc_pages_nodemask+0x646/0x910 [ 1259.134510][ T9411] ? __alloc_pages_slowpath+0x2920/0x2920 [ 1259.134510][ T9411] ? activate_task+0x212/0x490 [ 1259.134510][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1259.134510][ T9411] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1259.134510][ T9411] alloc_pages_vma+0xdd/0x620 [ 1259.134510][ T9411] wp_page_copy+0x226/0x1560 [ 1259.134510][ T9411] ? find_held_lock+0x35/0x130 [ 1259.134510][ T9411] ? follow_pfn+0x2a0/0x2a0 [ 1259.134510][ T9411] ? lock_downgrade+0x920/0x920 [ 1259.134510][ T9411] ? swp_swapcount+0x540/0x540 [ 1259.134510][ T9411] ? do_raw_spin_unlock+0x178/0x270 [ 1259.134510][ T9411] do_wp_page+0x543/0x1540 [ 1259.134510][ T9411] ? finish_mkwrite_fault+0x5c0/0x5c0 [ 1259.134510][ T9411] __handle_mm_fault+0x327b/0x3da0 [ 1259.134510][ T9411] ? vm_iomap_memory+0x1a0/0x1a0 [ 1259.134510][ T9411] ? handle_mm_fault+0x292/0xa50 [ 1259.134510][ T9411] ? handle_mm_fault+0x7a0/0xa50 [ 1259.134510][ T9411] ? __kasan_check_read+0x11/0x20 [ 1259.134510][ T9411] handle_mm_fault+0x3b2/0xa50 [ 1259.134510][ T9411] __do_page_fault+0x536/0xd80 [ 1259.134510][ T9411] do_page_fault+0x38/0x590 [ 1259.134510][ T9411] do_async_page_fault+0x30/0xa0 [ 1259.134510][ T9411] async_page_fault+0x39/0x40 [ 1259.134510][ T9411] RIP: 0023:0x808fa5d [ 1259.134510][ T9411] Code: 01 00 00 8d 76 00 8d bc 27 00 00 00 00 8b 45 e4 8b 40 04 85 c0 89 45 e4 74 b1 8b 75 e4 8b 1e 8b 43 08 85 c0 74 04 ff d0 8b 1e ff 4b 14 0f 94 c0 84 c0 74 d8 8b 43 18 85 c0 74 d1 83 c3 14 31 [ 1259.134510][ T9411] RSP: 002b:00000000ffd5da70 EFLAGS: 00010246 [ 1259.134510][ T9411] RAX: 0000000000000000 RBX: 0000000008494bc4 RCX: 0000000000000000 [ 1259.134510][ T9411] RDX: 00000000ffd5da70 RSI: 00000000ffd5da70 RDI: 000000000000369b [ 1259.134510][ T9411] RBP: 00000000ffd5dab8 R08: 0000000000000000 R09: 0000000000000000 [ 1259.134510][ T9411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1259.134510][ T9411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1259.944398][ T9411] Mem-Info: [ 1259.959449][ T9411] active_anon:42800 inactive_anon:232 isolated_anon:0 03:38:27 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1259.959449][ T9411] active_file:2878 inactive_file:21132 isolated_file:0 03:38:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000540)='msdos\x00', &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)={[{@fat=@errors_remount='errors=remount-ro'}]}) [ 1259.959449][ T9411] unevictable:0 dirty:52 writeback:0 unstable:0 03:38:27 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1259.959449][ T9411] slab_reclaimable:15645 slab_unreclaimable:60236 [ 1259.959449][ T9411] mapped:39903 shmem:307 pagetables:2435 bounce:0 03:38:27 executing program 2: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1259.959449][ T9411] free:142673 free_pcp:380 free_cma:0 [ 1260.012845][ T4438] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1260.028956][ T4440] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc 03:38:27 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1260.078557][ T4442] FAT-fs (loop1): bogus number of reserved sectors [ 1260.078567][ T4442] FAT-fs (loop1): Can't find a valid FAT filesystem [ 1260.096452][ T4446] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1260.120251][ T9411] Node 0 active_anon:137088kB inactive_anon:896kB active_file:8kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:75336kB dirty:8kB writeback:0kB shmem:1192kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 69632kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1260.296699][ T9411] Node 0 DMA free:2832kB min:704kB low:880kB high:1056kB reserved_highatomic:0KB active_anon:268kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:128kB pagetables:156kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1260.372782][ T9411] lowmem_reserve[]: 0 532 532 532 532 [ 1260.385936][ T9411] Node 0 DMA32 free:25876kB min:24132kB low:30164kB high:36196kB reserved_highatomic:2048KB active_anon:136820kB inactive_anon:896kB active_file:8kB inactive_file:20kB unevictable:0kB writepending:8kB present:1032192kB managed:548408kB mlocked:0kB kernel_stack:9160kB pagetables:4880kB bounce:0kB free_pcp:1696kB local_pcp:548kB free_cma:0kB [ 1260.443550][ T9411] lowmem_reserve[]: 0 0 0 0 0 [ 1260.443568][ T9411] Node 0 DMA: 20*4kB (UM) 4*8kB (UM) 18*16kB (UME) 8*32kB (UME) 6*64kB (UM) 2*128kB (ME) 0*256kB 3*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 2832kB [ 1260.443614][ T9411] Node 0 DMA32: 771*4kB (UMEH) 665*8kB (UMEH) 272*16kB (UMEH) 97*32kB (UME) 42*64kB (UME) 23*128kB (UME) 14*256kB (UME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 25588kB [ 1260.443663][ T9411] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1260.443669][ T9411] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1260.443673][ T9411] 16690 total pagecache pages 03:38:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x4, 0x3, 0x0, 0x0, 0xa}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:27 executing program 0: r0 = socket$can_j1939(0x1d, 0x2, 0x7) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000200)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000240)={0x1d, r2, 0xfffffffffffffffc}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000280)={&(0x7f0000000080), 0x18, &(0x7f00000001c0)={&(0x7f0000000340)="7feb81", 0x3}}, 0x0) [ 1260.443678][ T9411] 0 pages in swap cache [ 1260.443683][ T9411] Swap cache stats: add 0, delete 0, find 0/0 [ 1260.443687][ T9411] Free swap = 0kB [ 1260.443690][ T9411] Total swap = 0kB 03:38:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x4, 0x3, 0x0, 0x0, 0xa}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1260.443694][ T9411] 524155 pages RAM [ 1260.443697][ T9411] 0 pages HighMem/MovableOnly [ 1260.443701][ T9411] 141707 pages reserved [ 1260.443704][ T9411] 0 pages cma reserved [ 1260.443733][ T9411] oom-kill:constraint=CONSTRAINT_CPUSET,nodemask=(null),cpuset=syz3,mems_allowed=0,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=13093,uid=0 03:38:27 executing program 1: syz_mount_image$msdos(&(0x7f0000000540)='msdos\x00', &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)={[{@fat=@errors_remount='errors=remount-ro'}]}) 03:38:27 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:27 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fstatfs(r1, 0x0) [ 1260.483487][ T9411] Out of memory: Killed process 13093 (syz-executor.3) total-vm:72348kB, anon-rss:104kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:106496kB oom_score_adj:1000 03:38:27 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x7, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x104) [ 1260.533848][ T4448] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1260.539034][ T4450] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1260.590436][ T4455] vcan0: tx drop: invalid sa for name 0xfffffffffffffffc [ 1260.774109][ T4459] FAT-fs (loop1): bogus number of reserved sectors [ 1260.800886][ T4459] FAT-fs (loop1): Can't find a valid FAT filesystem 03:38:27 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x7, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x104) 03:38:28 executing program 1: syz_mount_image$msdos(&(0x7f0000000540)='msdos\x00', &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)={[{@fat=@errors_remount='errors=remount-ro'}]}) 03:38:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fstatfs(r1, 0x0) 03:38:28 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x7, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x104) [ 1261.120501][ T4476] FAT-fs (loop1): bogus number of reserved sectors [ 1261.140084][ T4476] FAT-fs (loop1): Can't find a valid FAT filesystem 03:38:28 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_group_source_req(r0, 0x29, 0x7, &(0x7f0000000540)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x104) 03:38:28 executing program 0: capget(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)) 03:38:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:28 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x23, 0x4, 0x1, 0x0, r0}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) 03:38:28 executing program 0: capget(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)) 03:38:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 1261.376192][ T1715] tipc: TX() has been purged, node left! 03:38:28 executing program 0: capget(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)) 03:38:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fstatfs(r1, 0x0) 03:38:28 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x17, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x4}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:28 executing program 0: capget(&(0x7f0000000080)={0x20071026}, &(0x7f00000000c0)) 03:38:28 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff57a, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fstatfs(r1, 0x0) 03:38:28 executing program 0: kexec_load(0x0, 0x1, &(0x7f0000000800)=[{0x0}], 0xa0000) 03:38:28 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x23, 0x4, 0x1, 0x0, r0}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) 03:38:28 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x5, 0xa, 0x4000000000000800, 0x1}, 0x1d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040), &(0x7f0000001200)=""/4104}, 0x20) 03:38:28 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x5, 0xa, 0x4000000000000800, 0x1}, 0x1d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040), &(0x7f0000001200)=""/4104}, 0x20) 03:38:28 executing program 0: kexec_load(0x0, 0x1, &(0x7f0000000800)=[{0x0}], 0xa0000) 03:38:28 executing program 0: kexec_load(0x0, 0x1, &(0x7f0000000800)=[{0x0}], 0xa0000) 03:38:28 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x23, 0x4, 0x1, 0x0, r0}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) 03:38:28 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x5, 0xa, 0x4000000000000800, 0x1}, 0x1d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040), &(0x7f0000001200)=""/4104}, 0x20) 03:38:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000180)={'veth1_to_hsr\x00', @ifru_ivalue}) [ 1261.604942][ T1715] tipc: TX() has been purged, node left! 03:38:28 executing program 0: kexec_load(0x0, 0x1, &(0x7f0000000800)=[{0x0}], 0xa0000) 03:38:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000180)={'veth1_to_hsr\x00', @ifru_ivalue}) 03:38:28 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0x5, 0xa, 0x4000000000000800, 0x1}, 0x1d) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000000040), &(0x7f00000001c0)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000040), &(0x7f0000001200)=""/4104}, 0x20) 03:38:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000180)={'veth1_to_hsr\x00', @ifru_ivalue}) 03:38:28 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x3c) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0xd, 0x23, 0x4, 0x1, 0x0, r0}, 0x2c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0x0, 0x0}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20) 03:38:28 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000140)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) pwritev(r1, &(0x7f0000000300)=[{&(0x7f0000000200)="45a03bc40db7e5b02ddf3196db1f98a4716b48b9145233977db427975e54a9afc4bfcfaedfda18a9ac45c1d06cac6e48e244cc1eddc2f3539eb66121d188c4ac4d26170968e2d27b8d83", 0x1}], 0x1cf, 0x0) 03:38:28 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 03:38:28 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000180)={'veth1_to_hsr\x00', @ifru_ivalue}) 03:38:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:28 executing program 2: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000020907031dfffd946ff20c0020200a0009000200021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0) 03:38:28 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80) [ 1261.764022][ T4655] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. 03:38:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:28 executing program 2: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000020907031dfffd946ff20c0020200a0009000200021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0) 03:38:28 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80) [ 1261.815128][ T4663] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:29 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80) 03:38:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:29 executing program 2: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000020907031dfffd946ff20c0020200a0009000200021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0) 03:38:29 executing program 1: r0 = socket$vsock_stream(0x28, 0x1, 0x0) sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x80) [ 1261.964477][ T4669] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. 03:38:29 executing program 2: r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)="24000000020907031dfffd946ff20c0020200a0009000200021d8568031baba20400ff7e", 0x24}], 0x14}, 0x0) 03:38:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:29 executing program 1: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) [ 1262.009906][ T4677] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.2'. 03:38:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000b080800418e00000004fcff", 0x58}], 0x1) recvmmsg(r0, &(0x7f0000006080), 0x2eb, 0xc00e, 0x0) 03:38:29 executing program 2: syz_emit_ethernet(0x140, &(0x7f0000000140)={@dev, @empty, [{}], {@generic={0x8100}}}, 0x0) 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000001180)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010003081000414900000004fcff", 0x58}], 0x1) 03:38:29 executing program 2: syz_emit_ethernet(0x140, &(0x7f0000000140)={@dev, @empty, [{}], {@generic={0x8100}}}, 0x0) 03:38:29 executing program 3: creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', 0x0, 0x0, 0x0) 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000001180)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010003081000414900000004fcff", 0x58}], 0x1) 03:38:29 executing program 2: syz_emit_ethernet(0x140, &(0x7f0000000140)={@dev, @empty, [{}], {@generic={0x8100}}}, 0x0) 03:38:29 executing program 1: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000001180)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010003081000414900000004fcff", 0x58}], 0x1) 03:38:29 executing program 3: creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', 0x0, 0x0, 0x0) 03:38:29 executing program 2: syz_emit_ethernet(0x140, &(0x7f0000000140)={@dev, @empty, [{}], {@generic={0x8100}}}, 0x0) 03:38:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000001180)=[{&(0x7f0000000440)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010003081000414900000004fcff", 0x58}], 0x1) 03:38:29 executing program 3: creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', 0x0, 0x0, 0x0) 03:38:29 executing program 1: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 3: creat(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', 0x0, 0x0, 0x0) 03:38:29 executing program 2: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 1: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 0: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 2: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 0: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 03:38:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xd7a}, 0x14) 03:38:29 executing program 2: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 03:38:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xd7a}, 0x14) 03:38:29 executing program 0: r0 = fsopen(&(0x7f00000001c0)='proc\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 03:38:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000780)="ef456744c752b30fe2", 0x9, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 03:38:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xd7a}, 0x14) 03:38:29 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 03:38:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={0x0, 0xd7a}, 0x14) 03:38:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020011000200030000000000000000"], 0x48}}, 0x0) 03:38:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000780)="ef456744c752b30fe2", 0x9, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 03:38:29 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0xffff, 0x4) connect$unix(r0, &(0x7f000066fff4)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) 03:38:29 executing program 1: r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:38:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000780)="ef456744c752b30fe2", 0x9, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 03:38:29 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x1f00000000000000, 0x400000000000c9, 0x0, 0x0) 03:38:29 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x1f00000000000000, 0x400000000000c9, 0x0, 0x0) 03:38:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(des3_ede)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000780)="ef456744c752b30fe2", 0x9, 0x0, 0x0, 0x0) recvfrom(r1, &(0x7f0000000900)=""/4096, 0xffffffffffffff78, 0x0, 0x0, 0x1c4) 03:38:29 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x1f00000000000000, 0x400000000000c9, 0x0, 0x0) 03:38:29 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) 03:38:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020011000200030000000000000000"], 0x48}}, 0x0) 03:38:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x48}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:29 executing program 3: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r0, 0x1f00000000000000, 0x400000000000c9, 0x0, 0x0) 03:38:29 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) 03:38:29 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:38:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020011000200030000000000000000"], 0x48}}, 0x0) 03:38:29 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) 03:38:29 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) 03:38:29 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000002400e577a885ddb05cc582f24186cf0d", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000008000100687462001c00020011000200030000000000000000"], 0x48}}, 0x0) 03:38:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x48}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:29 executing program 2: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x48}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:30 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:38:30 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'veth1_to_team\x00', {0x2, 0x0, @multicast1}}) 03:38:30 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x61, 0x11, 0x48}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000200)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:38:30 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'veth1_to_team\x00', {0x2, 0x0, @multicast1}}) 03:38:30 executing program 2: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'veth1_to_team\x00', {0x2, 0x0, @multicast1}}) 03:38:30 executing program 1: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:38:30 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000000)={'veth1_to_team\x00', {0x2, 0x0, @multicast1}}) 03:38:30 executing program 0: r0 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r0, &(0x7f00000005c0)=""/4096, 0x1000) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:38:30 executing program 1: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 2: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:38:30 executing program 0: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 0: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 0: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 2: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 0: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 1: r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="40000300000000000000000005007c00000000000000280000000000d4e34ba67f6ebd451a22dec4c83108206624ca7a4f9d38e16565a16eb68ca2229428aa5a5282ff43ba0c2b77d868c0757da79288e04d070051f4250c50a90d78c71bda27c729dd5e6ea42093eb3d7f7746e8eefa7eae21bf460be085c86d383a064ea312ba66db4ce4943c4b4d41c97ed370ddb2a3acadc68287b2e940eb689162949f0e102da9edd02e3913d84545"], 0x1c) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x1f0, &(0x7f0000000000)=[{}]}, 0x10) 03:38:30 executing program 3: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="000000000101000000ae89de3c000000eed8cb59843d92ad"], 0x48}}, 0x0) 03:38:30 executing program 3: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 3: r0 = socket(0xa, 0x3, 0x5) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) close(r0) 03:38:30 executing program 2: fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="7d736fa682a480c840"], 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) setresgid(0x0, 0x0, r2) 03:38:30 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xa0d, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, [{0x10, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x3c}}, 0x0) 03:38:30 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}}, &(0x7f0000000580)=""/223, 0x2a, 0xdf, 0x1}, 0x20) 03:38:30 executing program 2: fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="7d736fa682a480c840"], 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) setresgid(0x0, 0x0, r2) 03:38:30 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}}, &(0x7f0000000580)=""/223, 0x2a, 0xdf, 0x1}, 0x20) [ 1263.423271][ T5355] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:38:35 executing program 2: fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="7d736fa682a480c840"], 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) setresgid(0x0, 0x0, r2) 03:38:35 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}}, &(0x7f0000000580)=""/223, 0x2a, 0xdf, 0x1}, 0x20) 03:38:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 03:38:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xa0d, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, [{0x10, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x3c}}, 0x0) [ 1268.117930][ T5367] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:38:35 executing program 2: fsetxattr(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="7d736fa682a480c840"], 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) setresgid(0x0, 0x0, r2) 03:38:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xa0d, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, [{0x10, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x3c}}, 0x0) 03:38:35 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}}, &(0x7f0000000580)=""/223, 0x2a, 0xdf, 0x1}, 0x20) 03:38:35 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000)=0x200c8, 0x28c) [ 1268.186043][ T5373] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:38:35 executing program 3: semctl$SEM_INFO(0x0, 0x0, 0x10, 0x0) 03:38:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0xa0d, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_VFINFO_LIST={0x14, 0x16, [{0x10, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x3c}}, 0x0) 03:38:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="85000000080000005400000000000000950000000000000061c5b44a33af62f7e0f15953e21792308548605267d65903c58912453fcbed72b5b807a467ee2b3ef7aba3f02ec96216c4a615c46a8c1069538611000000000000000000000000000000000000c1c81184fc9eec0e0e25ae34aa95ccd6f12e88818ffaddd67de1f1bd0171e1b010eb3a54062d1a48536e3a8c70358d14379951fbb7fa2a5e8160b6b4b870090adcd954488a314fe1095a834a826cfb8ac504826a65c11c67a64a22efdea9875c2c9809b0e2c7f70a79c1fcf2643ef6db311578df9cdf8d3719dc1ae8604646a7"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x37}, 0x48) 03:38:35 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000)=0x200c8, 0x28c) 03:38:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 03:38:35 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000)=0x200c8, 0x28c) [ 1268.380730][ T5385] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 03:38:35 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000004c0)={[{@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@xino_on='xino=on'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}) 03:38:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="85000000080000005400000000000000950000000000000061c5b44a33af62f7e0f15953e21792308548605267d65903c58912453fcbed72b5b807a467ee2b3ef7aba3f02ec96216c4a615c46a8c1069538611000000000000000000000000000000000000c1c81184fc9eec0e0e25ae34aa95ccd6f12e88818ffaddd67de1f1bd0171e1b010eb3a54062d1a48536e3a8c70358d14379951fbb7fa2a5e8160b6b4b870090adcd954488a314fe1095a834a826cfb8ac504826a65c11c67a64a22efdea9875c2c9809b0e2c7f70a79c1fcf2643ef6db311578df9cdf8d3719dc1ae8604646a7"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x37}, 0x48) 03:38:35 executing program 2: r0 = socket$kcm(0x29, 0x1000000000002, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000000)=0x200c8, 0x28c) 03:38:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="85000000080000005400000000000000950000000000000061c5b44a33af62f7e0f15953e21792308548605267d65903c58912453fcbed72b5b807a467ee2b3ef7aba3f02ec96216c4a615c46a8c1069538611000000000000000000000000000000000000c1c81184fc9eec0e0e25ae34aa95ccd6f12e88818ffaddd67de1f1bd0171e1b010eb3a54062d1a48536e3a8c70358d14379951fbb7fa2a5e8160b6b4b870090adcd954488a314fe1095a834a826cfb8ac504826a65c11c67a64a22efdea9875c2c9809b0e2c7f70a79c1fcf2643ef6db311578df9cdf8d3719dc1ae8604646a7"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x37}, 0x48) [ 1268.450526][ T5393] overlayfs: unrecognized mount option "fscontext=staff_u" or missing value 03:38:35 executing program 2: r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0xc6) 03:38:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 03:38:35 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="85000000080000005400000000000000950000000000000061c5b44a33af62f7e0f15953e21792308548605267d65903c58912453fcbed72b5b807a467ee2b3ef7aba3f02ec96216c4a615c46a8c1069538611000000000000000000000000000000000000c1c81184fc9eec0e0e25ae34aa95ccd6f12e88818ffaddd67de1f1bd0171e1b010eb3a54062d1a48536e3a8c70358d14379951fbb7fa2a5e8160b6b4b870090adcd954488a314fe1095a834a826cfb8ac504826a65c11c67a64a22efdea9875c2c9809b0e2c7f70a79c1fcf2643ef6db311578df9cdf8d3719dc1ae8604646a7"], &(0x7f0000281ffc)='G\xffL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x37}, 0x48) 03:38:35 executing program 2: r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0xc6) 03:38:35 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000004c0)={[{@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@xino_on='xino=on'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}) 03:38:35 executing program 3: r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mISDNtimer\x00', 0x0, 0x0) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) dup3(r0, r1, 0x0) 03:38:35 executing program 2: r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0xc6) 03:38:35 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$unlink(0x9, r0, 0xfffffffffffffffd) 03:38:35 executing program 3: socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) [ 1268.578505][ T5511] overlayfs: unrecognized mount option "fscontext=staff_u" or missing value 03:38:35 executing program 2: r0 = socket(0x10, 0x400000000080803, 0x0) write(r0, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0xc6) 03:38:35 executing program 3: socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) 03:38:35 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000004c0)={[{@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@xino_on='xino=on'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}) [ 1268.636926][ T5527] overlayfs: unrecognized mount option "fscontext=staff_u" or missing value 03:38:35 executing program 3: socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) 03:38:35 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x404c534a, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 03:38:35 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 1: creat(&(0x7f0000000280)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$overlay(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000004c0)={[{@xino_off='xino=off'}, {@redirect_dir={'redirect_dir', 0x3d, './file0'}}, {@xino_on='xino=on'}], [{@fscontext={'fscontext', 0x3d, 'staff_u'}}]}) 03:38:35 executing program 3: socketpair(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$tipc(r0, &(0x7f0000000000)=@name, 0x10) 03:38:35 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x80) listen(r0, 0x400) 03:38:35 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) [ 1268.700063][ T5537] overlayfs: unrecognized mount option "fscontext=staff_u" or missing value 03:38:35 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd5, 0x0, 0x0, 0xa0002000}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 03:38:35 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x80) listen(r0, 0x400) 03:38:35 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x80) listen(r0, 0x400) 03:38:35 executing program 3: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd5, 0x0, 0x0, 0xa0002000}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 03:38:35 executing program 0: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) 03:38:35 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd5, 0x0, 0x0, 0xa0002000}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 03:38:35 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0), 0x8, 0x0) poll(&(0x7f0000000300)=[{r0}], 0x1, 0x1ff) 03:38:35 executing program 2: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x80) listen(r0, 0x400) 03:38:35 executing program 3: waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x4, 0x0) 03:38:36 executing program 3: waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x4, 0x0) 03:38:36 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0xffffffd5, 0x0, 0x0, 0xa0002000}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 03:38:36 executing program 2: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 03:38:36 executing program 3: waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x4, 0x0) 03:38:36 executing program 3: waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x4, 0x0) 03:38:36 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x6, 0x4, 0x200, 0x80000000000004, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d80)={r0, &(0x7f0000000cc0), &(0x7f0000000d40), 0x2f5b68384a7a4cf3}, 0x20) 03:38:36 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x17, &(0x7f0000000080)=@assoc_value, 0xc) 03:38:36 executing program 2: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 03:38:36 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0), 0x8, 0x0) poll(&(0x7f0000000300)=[{r0}], 0x1, 0x1ff) 03:38:36 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x17, &(0x7f0000000080)=@assoc_value, 0xc) 03:38:36 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x6, 0x4, 0x200, 0x80000000000004, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d80)={r0, &(0x7f0000000cc0), &(0x7f0000000d40), 0x2f5b68384a7a4cf3}, 0x20) 03:38:36 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x17, &(0x7f0000000080)=@assoc_value, 0xc) 03:38:36 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x6, 0x4, 0x200, 0x80000000000004, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d80)={r0, &(0x7f0000000cc0), &(0x7f0000000d40), 0x2f5b68384a7a4cf3}, 0x20) 03:38:36 executing program 3: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x17, &(0x7f0000000080)=@assoc_value, 0xc) 03:38:36 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x6, 0x4, 0x200, 0x80000000000004, 0x0, 0x0}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000d80)={r0, &(0x7f0000000cc0), &(0x7f0000000d40), 0x2f5b68384a7a4cf3}, 0x20) 03:38:36 executing program 2: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 03:38:37 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0), 0x8, 0x0) poll(&(0x7f0000000300)=[{r0}], 0x1, 0x1ff) 03:38:37 executing program 3: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 03:38:37 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d25a80648c63940d0324fc60100010400a000000053582c137153e370907018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 03:38:37 executing program 2: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) [ 1269.943966][ T5608] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1269.960001][ T5608] netlink: zone id is out of range [ 1269.972161][ T5608] netlink: zone id is out of range 03:38:37 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d25a80648c63940d0324fc60100010400a000000053582c137153e370907018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1270.006371][ T5614] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1270.018120][ T5614] netlink: zone id is out of range 03:38:37 executing program 3: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) [ 1270.025194][ T5614] netlink: zone id is out of range 03:38:37 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000100)={'security\x00\x00\x00\x00\x00\x00\x00\x00\xc2\b\xa1k\x03\x9d\xdbf\x00', 0x2, [{}, {}]}, 0x48) 03:38:37 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d25a80648c63940d0324fc60100010400a000000053582c137153e370907018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) [ 1270.084109][ T5620] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1270.097231][ T5620] netlink: zone id is out of range [ 1270.103844][ T5620] netlink: zone id is out of range 03:38:37 executing program 0: r0 = signalfd4(0xffffffffffffffff, &(0x7f00000002c0), 0x8, 0x0) poll(&(0x7f0000000300)=[{r0}], 0x1, 0x1ff) 03:38:37 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2e48000035000505d25a80648c63940d0324fc60100010400a000000053582c137153e370907018000f01700d1bd", 0x33fe0}], 0x1}, 0x0) 03:38:37 executing program 3: r0 = socket$nl_xfrm(0x11, 0x3, 0x6) setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000040)=0xfffffffffffffffb, 0x4) r1 = dup2(r0, r0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x7}, 0x4) setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0) 03:38:37 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000100)={'security\x00\x00\x00\x00\x00\x00\x00\x00\xc2\b\xa1k\x03\x9d\xdbf\x00', 0x2, [{}, {}]}, 0x48) 03:38:37 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000100)={'security\x00\x00\x00\x00\x00\x00\x00\x00\xc2\b\xa1k\x03\x9d\xdbf\x00', 0x2, [{}, {}]}, 0x48) [ 1270.480792][ T5625] netlink: 16638 bytes leftover after parsing attributes in process `syz-executor.1'. [ 1270.498095][ T5625] netlink: zone id is out of range 03:38:37 executing program 2: r0 = socket$inet(0x2, 0x80001, 0x0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x41, &(0x7f0000000100)={'security\x00\x00\x00\x00\x00\x00\x00\x00\xc2\b\xa1k\x03\x9d\xdbf\x00', 0x2, [{}, {}]}, 0x48) 03:38:37 executing program 1: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) write(r0, &(0x7f0000000000)="240000005a001f000307f4f9002304000a04f51108004000020100020800038005000000", 0x24) 03:38:37 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000003000190100000000080000000300000004000000140001004c632854a3ab5e95508411f800000000000000096ffc1ed08daa5f90b6c58c7289966973a65b71a22eecad4a205cb2257239b2036983369f48fc3fbf49c0c8e505040080acf00a0a1d45faaf570962ef65581fbc516d29779d1ecb13b50b211aa4a04f9007da1f153388139a714547a2c3c10f0c38e69879e20603c23e3ce777bac8f159c9f01473cef2592110b2ae02ec8c3ea66ce2664a1d0b61b8b476417d5eeb69c2c6a4a278a4ed388fcaeeec883f43428bcf901ac29712da9f88ec170df74726d8eb37c7173de471cee03e8e2400308f0311af6146f11825be140104f4b5c0481acd78b938f6e55b7aa9c508bfd9ab5b9bc1940c4a6f6695958613eae171b97c9752c5c75f11bfab8a8a14f602afc2ae9f859deb7c68023eac0e455a5735b2742624c065bb07ce3639eeb624259596b5fe63b5d5bb4b012dafa4c47b8a6e82"], 0x2c}}, 0x0) 03:38:38 executing program 1: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) write(r0, &(0x7f0000000000)="240000005a001f000307f4f9002304000a04f51108004000020100020800038005000000", 0x24) 03:38:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000003000190100000000080000000300000004000000140001004c632854a3ab5e95508411f800000000000000096ffc1ed08daa5f90b6c58c7289966973a65b71a22eecad4a205cb2257239b2036983369f48fc3fbf49c0c8e505040080acf00a0a1d45faaf570962ef65581fbc516d29779d1ecb13b50b211aa4a04f9007da1f153388139a714547a2c3c10f0c38e69879e20603c23e3ce777bac8f159c9f01473cef2592110b2ae02ec8c3ea66ce2664a1d0b61b8b476417d5eeb69c2c6a4a278a4ed388fcaeeec883f43428bcf901ac29712da9f88ec170df74726d8eb37c7173de471cee03e8e2400308f0311af6146f11825be140104f4b5c0481acd78b938f6e55b7aa9c508bfd9ab5b9bc1940c4a6f6695958613eae171b97c9752c5c75f11bfab8a8a14f602afc2ae9f859deb7c68023eac0e455a5735b2742624c065bb07ce3639eeb624259596b5fe63b5d5bb4b012dafa4c47b8a6e82"], 0x2c}}, 0x0) 03:38:38 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x2, 0x4, 0x0, 0x0, 0x2}, 0x10}}, 0x0) 03:38:38 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0xa, [@struct={0x8, 0x1, 0x0, 0xf, 0x0, 0x7, [{0xc, 0x6, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, &(0x7f0000000300)=""/250, 0x3a, 0xfa, 0x8}, 0x20) 03:38:38 executing program 1: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) write(r0, &(0x7f0000000000)="240000005a001f000307f4f9002304000a04f51108004000020100020800038005000000", 0x24) 03:38:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000003000190100000000080000000300000004000000140001004c632854a3ab5e95508411f800000000000000096ffc1ed08daa5f90b6c58c7289966973a65b71a22eecad4a205cb2257239b2036983369f48fc3fbf49c0c8e505040080acf00a0a1d45faaf570962ef65581fbc516d29779d1ecb13b50b211aa4a04f9007da1f153388139a714547a2c3c10f0c38e69879e20603c23e3ce777bac8f159c9f01473cef2592110b2ae02ec8c3ea66ce2664a1d0b61b8b476417d5eeb69c2c6a4a278a4ed388fcaeeec883f43428bcf901ac29712da9f88ec170df74726d8eb37c7173de471cee03e8e2400308f0311af6146f11825be140104f4b5c0481acd78b938f6e55b7aa9c508bfd9ab5b9bc1940c4a6f6695958613eae171b97c9752c5c75f11bfab8a8a14f602afc2ae9f859deb7c68023eac0e455a5735b2742624c065bb07ce3639eeb624259596b5fe63b5d5bb4b012dafa4c47b8a6e82"], 0x2c}}, 0x0) [ 1271.052472][ T5745] BPF: type_id=12 offset=6 size=2 03:38:38 executing program 1: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) write(r0, &(0x7f0000000000)="240000005a001f000307f4f9002304000a04f51108004000020100020800038005000000", 0x24) 03:38:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="2c0000003000190100000000080000000300000004000000140001004c632854a3ab5e95508411f800000000000000096ffc1ed08daa5f90b6c58c7289966973a65b71a22eecad4a205cb2257239b2036983369f48fc3fbf49c0c8e505040080acf00a0a1d45faaf570962ef65581fbc516d29779d1ecb13b50b211aa4a04f9007da1f153388139a714547a2c3c10f0c38e69879e20603c23e3ce777bac8f159c9f01473cef2592110b2ae02ec8c3ea66ce2664a1d0b61b8b476417d5eeb69c2c6a4a278a4ed388fcaeeec883f43428bcf901ac29712da9f88ec170df74726d8eb37c7173de471cee03e8e2400308f0311af6146f11825be140104f4b5c0481acd78b938f6e55b7aa9c508bfd9ab5b9bc1940c4a6f6695958613eae171b97c9752c5c75f11bfab8a8a14f602afc2ae9f859deb7c68023eac0e455a5735b2742624c065bb07ce3639eeb624259596b5fe63b5d5bb4b012dafa4c47b8a6e82"], 0x2c}}, 0x0) [ 1271.069758][ T5745] BPF: [ 1271.079691][ T5745] BPF:Invalid offset+size [ 1271.095745][ T5745] BPF: [ 1271.095745][ T5745] [ 1271.127574][ T5745] BPF: type_id=12 offset=6 size=2 03:38:38 executing program 1: mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x6, 0x5, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) 03:38:39 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f00000003c0)={0x0, r2}) dup2(r0, r1) 03:38:39 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800030800000000a90300000a0000000000000008000500020000730558dcd8d2476d04795bc3bfc6afb407dcb7d413e47863dabf630881b435845656e6f859b78c01d5ece9a6180e948db06f1ffb80abb4b501000000000c6d757a3cc10ed90ab13edfa687bdd02808a5605d1b73d76ea5497e7de7dbfc83623714f06a048a01228708cc01ec20b742fa91bd1850dec9c8155b51eee5319168b9e19a33f7005590cb04a9d71301028f1e26f000000000000076dc99f93600382b01303c197c9ffa10d6f56c338ff8f6d875051fafaa8a868c88f1379de01931102d0f5e3313643bcafd97333c59ed940143728147eb2aaaf2e02df8000052a375589fcb4720e9b2147c2e659b16e10a1aa84cbb29cff238d1a9296036eb2b373da86586fec4a08912fefc9576d1f8beaa089014ad40ab7ab3bff3dfe0d38b929bffefd9f2308b97166f2637fd6e592d354ef56f3787d6a2541d954ed772472a1ff2bc21061ef544257af24b8148a7a28d7567faf886c4ec4bde2b14731228335c83b2a533cf607f18145046da38d985da9e3dafa4958129e7cd37cb3e135f6bdcedd887268ecdcdb2ba36eab0f14151342f7040765c92d606571f613dc770a38a2af601a5f2fcfe257cfad1d901ff93bc44a935317610d09e6026bb925b59b9603f59d64c703dc03b6f6a6e84dafe6b3a8b7177365d45c10b0dde11806f22523658b13ccb2335f3dd951b74a540e2fa87e85f62d83a39b44962eef9fec35ac41bfda56fdee962e6a86be26ee158bbd5b2b46587fb66181b5b7343cd7c6b5c2ff9ebd9d005f11121321d310d99de474a554434534b62cd8f24eb0a042db9bd206c924edcebb178abc33e88d57b00000000000000b2f3f0d6d9387cd537c070ba55d943a3f06084e5bed09ca4fc8ab03bc741c35d070a3e7aefa488484ec01e3e570e09e411004de750cd1226cf92300ccce7806913b15babf9a4a37d3a00000000000000000000000000000000000000b13c8bfe3a0eba1c5130c51700a2a6721a178b8cb2439d6aab4d87c44a8b1d3adff169bbf0d6a03e0624cd2b5e73b9a365d3e03f5f463d2579c1e507b9586939b0ee3587249b34fae46f651a421034454cf67a4575766f9923b885024fbab75eafd86eb405e4570f705b9e6ad855e18c2989fda438da88fd23caf1797ef6c8c8fbf1eb9b5b9d35a254eb717c4761711a661f6d99075f476b3a53ecdc176a95c1b98380f671efb107394f3845f55d942ae2831a80a074a5c2e2c86078358c9df08ae02c78289922517a5bfcb9962c22a24ac99549455551e500004a", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:38:39 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800030800000000a90300000a0000000000000008000500020000730558dcd8d2476d04795bc3bfc6afb407dcb7d413e47863dabf630881b435845656e6f859b78c01d5ece9a6180e948db06f1ffb80abb4b501000000000c6d757a3cc10ed90ab13edfa687bdd02808a5605d1b73d76ea5497e7de7dbfc83623714f06a048a01228708cc01ec20b742fa91bd1850dec9c8155b51eee5319168b9e19a33f7005590cb04a9d71301028f1e26f000000000000076dc99f93600382b01303c197c9ffa10d6f56c338ff8f6d875051fafaa8a868c88f1379de01931102d0f5e3313643bcafd97333c59ed940143728147eb2aaaf2e02df8000052a375589fcb4720e9b2147c2e659b16e10a1aa84cbb29cff238d1a9296036eb2b373da86586fec4a08912fefc9576d1f8beaa089014ad40ab7ab3bff3dfe0d38b929bffefd9f2308b97166f2637fd6e592d354ef56f3787d6a2541d954ed772472a1ff2bc21061ef544257af24b8148a7a28d7567faf886c4ec4bde2b14731228335c83b2a533cf607f18145046da38d985da9e3dafa4958129e7cd37cb3e135f6bdcedd887268ecdcdb2ba36eab0f14151342f7040765c92d606571f613dc770a38a2af601a5f2fcfe257cfad1d901ff93bc44a935317610d09e6026bb925b59b9603f59d64c703dc03b6f6a6e84dafe6b3a8b7177365d45c10b0dde11806f22523658b13ccb2335f3dd951b74a540e2fa87e85f62d83a39b44962eef9fec35ac41bfda56fdee962e6a86be26ee158bbd5b2b46587fb66181b5b7343cd7c6b5c2ff9ebd9d005f11121321d310d99de474a554434534b62cd8f24eb0a042db9bd206c924edcebb178abc33e88d57b00000000000000b2f3f0d6d9387cd537c070ba55d943a3f06084e5bed09ca4fc8ab03bc741c35d070a3e7aefa488484ec01e3e570e09e411004de750cd1226cf92300ccce7806913b15babf9a4a37d3a00000000000000000000000000000000000000b13c8bfe3a0eba1c5130c51700a2a6721a178b8cb2439d6aab4d87c44a8b1d3adff169bbf0d6a03e0624cd2b5e73b9a365d3e03f5f463d2579c1e507b9586939b0ee3587249b34fae46f651a421034454cf67a4575766f9923b885024fbab75eafd86eb405e4570f705b9e6ad855e18c2989fda438da88fd23caf1797ef6c8c8fbf1eb9b5b9d35a254eb717c4761711a661f6d99075f476b3a53ecdc176a95c1b98380f671efb107394f3845f55d942ae2831a80a074a5c2e2c86078358c9df08ae02c78289922517a5bfcb9962c22a24ac99549455551e500004a", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:38:39 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x40000000000011e, 0x0) 03:38:39 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800030800000000a90300000a0000000000000008000500020000730558dcd8d2476d04795bc3bfc6afb407dcb7d413e47863dabf630881b435845656e6f859b78c01d5ece9a6180e948db06f1ffb80abb4b501000000000c6d757a3cc10ed90ab13edfa687bdd02808a5605d1b73d76ea5497e7de7dbfc83623714f06a048a01228708cc01ec20b742fa91bd1850dec9c8155b51eee5319168b9e19a33f7005590cb04a9d71301028f1e26f000000000000076dc99f93600382b01303c197c9ffa10d6f56c338ff8f6d875051fafaa8a868c88f1379de01931102d0f5e3313643bcafd97333c59ed940143728147eb2aaaf2e02df8000052a375589fcb4720e9b2147c2e659b16e10a1aa84cbb29cff238d1a9296036eb2b373da86586fec4a08912fefc9576d1f8beaa089014ad40ab7ab3bff3dfe0d38b929bffefd9f2308b97166f2637fd6e592d354ef56f3787d6a2541d954ed772472a1ff2bc21061ef544257af24b8148a7a28d7567faf886c4ec4bde2b14731228335c83b2a533cf607f18145046da38d985da9e3dafa4958129e7cd37cb3e135f6bdcedd887268ecdcdb2ba36eab0f14151342f7040765c92d606571f613dc770a38a2af601a5f2fcfe257cfad1d901ff93bc44a935317610d09e6026bb925b59b9603f59d64c703dc03b6f6a6e84dafe6b3a8b7177365d45c10b0dde11806f22523658b13ccb2335f3dd951b74a540e2fa87e85f62d83a39b44962eef9fec35ac41bfda56fdee962e6a86be26ee158bbd5b2b46587fb66181b5b7343cd7c6b5c2ff9ebd9d005f11121321d310d99de474a554434534b62cd8f24eb0a042db9bd206c924edcebb178abc33e88d57b00000000000000b2f3f0d6d9387cd537c070ba55d943a3f06084e5bed09ca4fc8ab03bc741c35d070a3e7aefa488484ec01e3e570e09e411004de750cd1226cf92300ccce7806913b15babf9a4a37d3a00000000000000000000000000000000000000b13c8bfe3a0eba1c5130c51700a2a6721a178b8cb2439d6aab4d87c44a8b1d3adff169bbf0d6a03e0624cd2b5e73b9a365d3e03f5f463d2579c1e507b9586939b0ee3587249b34fae46f651a421034454cf67a4575766f9923b885024fbab75eafd86eb405e4570f705b9e6ad855e18c2989fda438da88fd23caf1797ef6c8c8fbf1eb9b5b9d35a254eb717c4761711a661f6d99075f476b3a53ecdc176a95c1b98380f671efb107394f3845f55d942ae2831a80a074a5c2e2c86078358c9df08ae02c78289922517a5bfcb9962c22a24ac99549455551e500004a", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:38:39 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x26dd0ef5ef505b6d, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c0000001400010900000000000000000a0000000e0000001400020000060000000000000000000000000200000000000000da505793517b2fe75887085ce8763ca18a7d67e162120554961074c1d487557fdbb4852e5e1d2058ec9cb206b563c48cdc4cd5e63a8b3971d3e2fcae07827fd5c74be002fdffffffff010600a74d24443db3cbd7e1140320ffffff882d361c7690519e86579645c0678a6780f42f832b3ce00e6382856b67fd2de40cdc2ede29e7dd9e8cdb8a5f82398238698f324c84236fbc9257ff7c7df1ede57466f4ef4e468170d6d9d34f070d0000aaf1bc18fb84bde95686b7a5e8aa3eb18164af8edd3cae76ce90aaff0999b48b2ab16a4279489de3c1a341b6b9b34fd44a151667b9ad03d7f50af8a3a84c0ea2a6f0d4be53e3080a12b1cd1e7f70264cf81b7e7363300da32f12342144a69d7fee131eed1192c12a11685b79607cb30f00058551ce535086010001000000000000002f512806dbb861f18ecc067b8a2299602df886c264c9872a305fc831ea5217983046ae3428af938268e448ebf3a38e0dd0a5411fe78a08f78413ba00f38bd1b302c9fe092afe3e26d7584f2374aae3943b97ec49d2a7fe488b10150133b24862c41c9b4c8175000000000000003f7174c1930a0616c93c370fab5226669c98d24028aa5cbc6aed9500ab65766dc680152d6339adb2e9cbf937731928e8e8643b3dc0ef7d74fb763affbea9df0bb32b0f5e8ebe14f6c9d4d05f2f000000000000f7a5d36b071d3915fdcb07b155d555190591b5e8199871ebd291bd171ba30000000000003701321fb61aeb821599a91ebf1dfcb42ab9858af21746be3f23636934d6dd09a34dfa47401fd90a31ec3f13aabafaca1e0a388b8b95f07cba1ae2af3220b862a5b3932ceb3dba2fe5379f08e531b63223531b8a33646f38318c574b9a5e4f879ef942dcc8529f6c3f1363ec5e0137b9faf32cf7fdf4051a35972e8b209a62"], 0x2c}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x4924924924928de, 0x0) 03:38:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x6, 0x5, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) 03:38:39 executing program 3: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000006800030800000000a90300000a0000000000000008000500020000730558dcd8d2476d04795bc3bfc6afb407dcb7d413e47863dabf630881b435845656e6f859b78c01d5ece9a6180e948db06f1ffb80abb4b501000000000c6d757a3cc10ed90ab13edfa687bdd02808a5605d1b73d76ea5497e7de7dbfc83623714f06a048a01228708cc01ec20b742fa91bd1850dec9c8155b51eee5319168b9e19a33f7005590cb04a9d71301028f1e26f000000000000076dc99f93600382b01303c197c9ffa10d6f56c338ff8f6d875051fafaa8a868c88f1379de01931102d0f5e3313643bcafd97333c59ed940143728147eb2aaaf2e02df8000052a375589fcb4720e9b2147c2e659b16e10a1aa84cbb29cff238d1a9296036eb2b373da86586fec4a08912fefc9576d1f8beaa089014ad40ab7ab3bff3dfe0d38b929bffefd9f2308b97166f2637fd6e592d354ef56f3787d6a2541d954ed772472a1ff2bc21061ef544257af24b8148a7a28d7567faf886c4ec4bde2b14731228335c83b2a533cf607f18145046da38d985da9e3dafa4958129e7cd37cb3e135f6bdcedd887268ecdcdb2ba36eab0f14151342f7040765c92d606571f613dc770a38a2af601a5f2fcfe257cfad1d901ff93bc44a935317610d09e6026bb925b59b9603f59d64c703dc03b6f6a6e84dafe6b3a8b7177365d45c10b0dde11806f22523658b13ccb2335f3dd951b74a540e2fa87e85f62d83a39b44962eef9fec35ac41bfda56fdee962e6a86be26ee158bbd5b2b46587fb66181b5b7343cd7c6b5c2ff9ebd9d005f11121321d310d99de474a554434534b62cd8f24eb0a042db9bd206c924edcebb178abc33e88d57b00000000000000b2f3f0d6d9387cd537c070ba55d943a3f06084e5bed09ca4fc8ab03bc741c35d070a3e7aefa488484ec01e3e570e09e411004de750cd1226cf92300ccce7806913b15babf9a4a37d3a00000000000000000000000000000000000000b13c8bfe3a0eba1c5130c51700a2a6721a178b8cb2439d6aab4d87c44a8b1d3adff169bbf0d6a03e0624cd2b5e73b9a365d3e03f5f463d2579c1e507b9586939b0ee3587249b34fae46f651a421034454cf67a4575766f9923b885024fbab75eafd86eb405e4570f705b9e6ad855e18c2989fda438da88fd23caf1797ef6c8c8fbf1eb9b5b9d35a254eb717c4761711a661f6d99075f476b3a53ecdc176a95c1b98380f671efb107394f3845f55d942ae2831a80a074a5c2e2c86078358c9df08ae02c78289922517a5bfcb9962c22a24ac99549455551e500004a", @ANYRES32=0x0], 0x20}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:38:39 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x26dd0ef5ef505b6d, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c0000001400010900000000000000000a0000000e0000001400020000060000000000000000000000000200000000000000da505793517b2fe75887085ce8763ca18a7d67e162120554961074c1d487557fdbb4852e5e1d2058ec9cb206b563c48cdc4cd5e63a8b3971d3e2fcae07827fd5c74be002fdffffffff010600a74d24443db3cbd7e1140320ffffff882d361c7690519e86579645c0678a6780f42f832b3ce00e6382856b67fd2de40cdc2ede29e7dd9e8cdb8a5f82398238698f324c84236fbc9257ff7c7df1ede57466f4ef4e468170d6d9d34f070d0000aaf1bc18fb84bde95686b7a5e8aa3eb18164af8edd3cae76ce90aaff0999b48b2ab16a4279489de3c1a341b6b9b34fd44a151667b9ad03d7f50af8a3a84c0ea2a6f0d4be53e3080a12b1cd1e7f70264cf81b7e7363300da32f12342144a69d7fee131eed1192c12a11685b79607cb30f00058551ce535086010001000000000000002f512806dbb861f18ecc067b8a2299602df886c264c9872a305fc831ea5217983046ae3428af938268e448ebf3a38e0dd0a5411fe78a08f78413ba00f38bd1b302c9fe092afe3e26d7584f2374aae3943b97ec49d2a7fe488b10150133b24862c41c9b4c8175000000000000003f7174c1930a0616c93c370fab5226669c98d24028aa5cbc6aed9500ab65766dc680152d6339adb2e9cbf937731928e8e8643b3dc0ef7d74fb763affbea9df0bb32b0f5e8ebe14f6c9d4d05f2f000000000000f7a5d36b071d3915fdcb07b155d555190591b5e8199871ebd291bd171ba30000000000003701321fb61aeb821599a91ebf1dfcb42ab9858af21746be3f23636934d6dd09a34dfa47401fd90a31ec3f13aabafaca1e0a388b8b95f07cba1ae2af3220b862a5b3932ceb3dba2fe5379f08e531b63223531b8a33646f38318c574b9a5e4f879ef942dcc8529f6c3f1363ec5e0137b9faf32cf7fdf4051a35972e8b209a62"], 0x2c}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x4924924924928de, 0x0) 03:38:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x6, 0x5, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) [ 1272.157969][ T6169] netlink: 'syz-executor.3': attribute type 21 has an invalid length. 03:38:39 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x40000000000011e, 0x0) 03:38:39 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x26dd0ef5ef505b6d, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="2c0000001400010900000000000000000a0000000e0000001400020000060000000000000000000000000200000000000000da505793517b2fe75887085ce8763ca18a7d67e162120554961074c1d487557fdbb4852e5e1d2058ec9cb206b563c48cdc4cd5e63a8b3971d3e2fcae07827fd5c74be002fdffffffff010600a74d24443db3cbd7e1140320ffffff882d361c7690519e86579645c0678a6780f42f832b3ce00e6382856b67fd2de40cdc2ede29e7dd9e8cdb8a5f82398238698f324c84236fbc9257ff7c7df1ede57466f4ef4e468170d6d9d34f070d0000aaf1bc18fb84bde95686b7a5e8aa3eb18164af8edd3cae76ce90aaff0999b48b2ab16a4279489de3c1a341b6b9b34fd44a151667b9ad03d7f50af8a3a84c0ea2a6f0d4be53e3080a12b1cd1e7f70264cf81b7e7363300da32f12342144a69d7fee131eed1192c12a11685b79607cb30f00058551ce535086010001000000000000002f512806dbb861f18ecc067b8a2299602df886c264c9872a305fc831ea5217983046ae3428af938268e448ebf3a38e0dd0a5411fe78a08f78413ba00f38bd1b302c9fe092afe3e26d7584f2374aae3943b97ec49d2a7fe488b10150133b24862c41c9b4c8175000000000000003f7174c1930a0616c93c370fab5226669c98d24028aa5cbc6aed9500ab65766dc680152d6339adb2e9cbf937731928e8e8643b3dc0ef7d74fb763affbea9df0bb32b0f5e8ebe14f6c9d4d05f2f000000000000f7a5d36b071d3915fdcb07b155d555190591b5e8199871ebd291bd171ba30000000000003701321fb61aeb821599a91ebf1dfcb42ab9858af21746be3f23636934d6dd09a34dfa47401fd90a31ec3f13aabafaca1e0a388b8b95f07cba1ae2af3220b862a5b3932ceb3dba2fe5379f08e531b63223531b8a33646f38318c574b9a5e4f879ef942dcc8529f6c3f1363ec5e0137b9faf32cf7fdf4051a35972e8b209a62"], 0x2c}}, 0x0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x4924924924928de, 0x0) 03:38:39 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008105e00f80ecdb4cb9040a1d65ef0b007c02e8fe55a10a001600ac14142603000e12050000000000812fa800150003000300e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:38:39 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x18}, [@ldst={0x6, 0x5, 0x3}]}, &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffffb}, 0x48) 03:38:39 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008105e00f80ecdb4cb9040a1d65ef0b007c02e8fe55a10a001600ac14142603000e12050000000000812fa800150003000300e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) [ 1272.202396][ T6173] netlink: 'syz-executor.3': attribute type 21 has an invalid length. 03:38:39 executing program 1: r0 = socket$inet6(0xa, 0x800000003, 0xff) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r1 = dup(r0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000180)='./bus\x00', 0x0) io_setup(0x83, &(0x7f00000003c0)=0x0) io_submit(r4, 0x4110, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x10000}]) sendfile(r1, r2, 0x0, 0x8000fffffffe) 03:38:39 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008105e00f80ecdb4cb9040a1d65ef0b007c02e8fe55a10a001600ac14142603000e12050000000000812fa800150003000300e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:38:39 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x40000000000011e, 0x0) 03:38:39 executing program 0: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000012c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@ptr={0x0, 0x0, 0x0, 0xa}]}}, &(0x7f00000002c0)=""/4088, 0x26, 0xff8, 0x1}, 0x20) [ 1272.247135][ T6178] netlink: 'syz-executor.3': attribute type 21 has an invalid length. 03:38:39 executing program 0: r0 = socket$inet(0x2, 0x200000001, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@dev, @rand_addr, 0x0, 0x4000000000000019}, 0x10) 03:38:39 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008105e00f80ecdb4cb9040a1d65ef0b007c02e8fe55a10a001600ac14142603000e12050000000000812fa800150003000300e558f030035c3b61c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:38:39 executing program 0: r0 = socket$inet(0x2, 0x200000001, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@dev, @rand_addr, 0x0, 0x4000000000000019}, 0x10) [ 1272.300204][ T6285] netlink: 'syz-executor.3': attribute type 21 has an invalid length. 03:38:39 executing program 2: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x6}}, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmmsg(r0, &(0x7f0000000180), 0x40000000000011e, 0x0) 03:38:39 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x73) recvmsg$kcm(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x40) 03:38:39 executing program 0: r0 = socket$inet(0x2, 0x200000001, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@dev, @rand_addr, 0x0, 0x4000000000000019}, 0x10) 03:38:39 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000500)="a0", 0x1, 0xfffffffffffffffd) keyctl$search(0xa, r0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0) 03:38:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 03:38:39 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x73) recvmsg$kcm(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x40) 03:38:39 executing program 0: r0 = socket$inet(0x2, 0x200000001, 0x0) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)={@dev, @rand_addr, 0x0, 0x4000000000000019}, 0x10) 03:38:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 03:38:39 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000500)="a0", 0x1, 0xfffffffffffffffd) keyctl$search(0xa, r0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0) 03:38:39 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x73) recvmsg$kcm(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x40) 03:38:39 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$unix(r0, &(0x7f00000014c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 03:38:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 03:38:39 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x73) recvmsg$kcm(r0, &(0x7f0000000c00)={0x0, 0x0, 0x0}, 0x40) 03:38:39 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$unix(r0, &(0x7f00000014c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 03:38:39 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000500)="a0", 0x1, 0xfffffffffffffffd) keyctl$search(0xa, r0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0) 03:38:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'\x00', {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}) 03:38:39 executing program 1: r0 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x2}, &(0x7f0000000500)="a0", 0x1, 0xfffffffffffffffd) keyctl$search(0xa, r0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0) 03:38:39 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$unix(r0, &(0x7f00000014c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) 03:38:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r4}, 0x18) bind$can_j1939(r2, &(0x7f0000000000)={0x1d, r1}, 0x18) [ 1272.562136][ T6326] kasan: CONFIG_KASAN_INLINE enabled 03:38:39 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$unix(r0, &(0x7f00000014c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) [ 1272.570804][ T6326] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1272.570804][ T6326] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1272.570804][ T6326] CPU: 3 PID: 6326 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1272.570804][ T6326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1272.570804][ T6326] RIP: 0010:__lock_acquire+0x1254/0x4a00 [ 1272.570804][ T6326] Code: 00 0f 85 96 24 00 00 48 81 c4 f0 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 0b 28 00 00 49 81 3e 60 89 bb 8a 0f 84 5f ee ff [ 1272.570804][ T6326] RSP: 0018:ffffc90002457b38 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1272.570804][ T6326] RDX: 0000000000000218 RSI: 0000000000000000 RDI: 0000000000000001 [ 1272.570804][ T6326] RBP: ffffc90002457c50 R08: 0000000000000001 R09: 0000000000000001 [ 1272.570804][ T6326] R10: fffffbfff14f33b0 R11: ffff88801ed6c4c0 R12: 00000000000010c0 [ 1272.570804][ T6326] R13: 0000000000000000 R14: 00000000000010c0 R15: 0000000000000000 [ 1272.570804][ T6326] FS: 0000000000000000(0000) GS:ffff88802d300000(0063) knlGS:00000000f5d17b40 [ 1272.570804][ T6326] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1272.570804][ T6326] CR2: 000000002f421000 CR3: 0000000022514000 CR4: 0000000000340ee0 [ 1272.570804][ T6326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1272.570804][ T6326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1272.570804][ T6326] Call Trace: [ 1272.570804][ T6326] ? __kasan_check_read+0x11/0x20 [ 1272.570804][ T6326] ? __lock_acquire+0x16f2/0x4a00 [ 1272.570804][ T6326] ? rwlock_bug.part.0+0x90/0x90 [ 1272.570804][ T6326] ? lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? mark_held_locks+0xf0/0xf0 [ 1272.570804][ T6326] lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] _raw_spin_lock_bh+0x33/0x50 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] ? lock_sock_nested+0xe2/0x120 [ 1272.570804][ T6326] j1939_sk_bind+0x2ea/0x8f0 [ 1272.570804][ T6326] __sys_bind+0x239/0x290 [ 1272.570804][ T6326] ? __ia32_sys_socketpair+0xf0/0xf0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? put_old_timespec32+0x113/0x200 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] ? entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] __ia32_sys_bind+0x72/0xb0 [ 1272.570804][ T6326] do_fast_syscall_32+0x27b/0xe16 [ 1272.570804][ T6326] entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] RIP: 0023:0xf7f3ca39 [ 1272.570804][ T6326] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1272.570804][ T6326] RSP: 002b:00000000f5d170cc EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 1272.570804][ T6326] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 1272.570804][ T6326] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 1272.570804][ T6326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1272.570804][ T6326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1272.570804][ T6326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1272.570804][ T6326] Modules linked in: [ 1272.570804][ T6326] ------------[ cut here ]------------ [ 1272.570804][ T6326] WARNING: CPU: 3 PID: 6326 at kernel/locking/mutex.c:1419 mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] Kernel panic - not syncing: panic_on_warn set ... [ 1272.570804][ T6326] ------------[ cut here ]------------ [ 1272.570804][ T6326] WARNING: CPU: 3 PID: 6326 at kernel/locking/mutex.c:1419 mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] Modules linked in: [ 1272.570804][ T6326] CPU: 3 PID: 6326 Comm: syz-executor.3 Not tainted 5.5.0-rc2-syzkaller #0 [ 1272.570804][ T6326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1272.570804][ T6326] RIP: 0010:mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] Code: c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 e8 ac 43 93 f9 58 48 8d 65 d8 b8 01 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e9 0c fe ff ff 48 c7 c7 20 c5 63 8b 48 89 4d d0 e8 20 fd ea [ 1272.570804][ T6326] RSP: 0018:ffffc900024573e8 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: 0000000080000202 RBX: 1ffff9200048ae85 RCX: 0000000000000004 [ 1272.570804][ T6326] RDX: 000000000001d619 RSI: ffffffff816c1c25 RDI: ffffffff899c3be0 [ 1272.570804][ T6326] RBP: ffffc90002457418 R08: 0000000000000002 R09: fffffbfff1333ad5 [ 1272.570804][ T6326] R10: fffffbfff1333ad4 R11: ffffffff8999d6a3 R12: ffffffff8b63c520 [ 1272.570804][ T6326] R13: 0000000000000000 R14: ffffffff87c7c900 R15: ffffffff899c3be0 [ 1272.570804][ T6326] FS: 0000000000000000(0000) GS:ffff88802d300000(0063) knlGS:00000000f5d17b40 [ 1272.570804][ T6326] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1272.570804][ T6326] CR2: 000000002f421000 CR3: 0000000022514000 CR4: 0000000000340ee0 [ 1272.570804][ T6326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1272.570804][ T6326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1272.570804][ T6326] Call Trace: [ 1272.570804][ T6326] ? mutex_trylock+0x250/0x2f0 [ 1272.570804][ T6326] __crash_kexec+0x91/0x200 [ 1272.570804][ T6326] ? kexec_crash_loaded+0x20/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_off+0x62/0x240 [ 1272.570804][ T6326] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 1272.570804][ T6326] ? __printk_safe_flush+0x31e/0x3a0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? find_next_bit+0x107/0x130 [ 1272.570804][ T6326] ? cpumask_next+0x41/0x50 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? printk_safe_flush+0xf2/0x140 [ 1272.570804][ T6326] ? mutex_trylock+0x250/0x2f0 [ 1272.570804][ T6326] panic+0x308/0x75c [ 1272.570804][ T6326] ? add_taint.cold+0x16/0x16 [ 1272.570804][ T6326] ? printk+0xba/0xed [ 1272.570804][ T6326] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1272.570804][ T6326] ? __warn.cold+0x14/0x3e [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] __warn.cold+0x2f/0x3e [ 1272.570804][ T6326] ? report_bug.cold+0x63/0xb2 [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] report_bug+0x289/0x300 [ 1272.570804][ T6326] do_error_trap+0x11b/0x200 [ 1272.570804][ T6326] do_invalid_op+0x37/0x50 [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] invalid_op+0x23/0x30 [ 1272.570804][ T6326] RIP: 0010:mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] Code: c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 e8 ac 43 93 f9 58 48 8d 65 d8 b8 01 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e9 0c fe ff ff 48 c7 c7 20 c5 63 8b 48 89 4d d0 e8 20 fd ea [ 1272.570804][ T6326] RSP: 0018:ffffc90002457820 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: 0000000080000201 RBX: 1ffff9200048af0c RCX: 0000000000000004 [ 1272.570804][ T6326] RDX: 0000000000019d70 RSI: ffffffff816c1c25 RDI: ffffffff899c3be0 [ 1272.570804][ T6326] RBP: ffffc90002457850 R08: 0000000000000001 R09: fffffbfff1333ad5 [ 1272.570804][ T6326] R10: fffffbfff1333ad4 R11: ffffffff8999d6a3 R12: ffffffff8b63c520 [ 1272.570804][ T6326] R13: ffffc90002457a88 R14: ffffffff899629c0 R15: ffffffff899c3be0 [ 1272.570804][ T6326] ? __crash_kexec+0x85/0x200 [ 1272.570804][ T6326] __crash_kexec+0x91/0x200 [ 1272.570804][ T6326] ? kexec_crash_loaded+0x20/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_off+0x62/0x240 [ 1272.570804][ T6326] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 1272.570804][ T6326] ? __printk_safe_flush+0x31e/0x3a0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? find_next_bit+0x107/0x130 [ 1272.570804][ T6326] ? cpumask_next+0x41/0x50 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? printk_safe_flush+0xf2/0x140 [ 1272.570804][ T6326] crash_kexec+0x78/0xe0 [ 1272.570804][ T6326] oops_end+0xaa/0xf0 [ 1272.570804][ T6326] die+0x3e/0x48 [ 1272.570804][ T6326] do_general_protection+0x15d/0x370 [ 1272.570804][ T6326] general_protection+0x2d/0x40 [ 1272.570804][ T6326] RIP: 0010:__lock_acquire+0x1254/0x4a00 [ 1272.570804][ T6326] Code: 00 0f 85 96 24 00 00 48 81 c4 f0 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 0b 28 00 00 49 81 3e 60 89 bb 8a 0f 84 5f ee ff [ 1272.570804][ T6326] RSP: 0018:ffffc90002457b38 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1272.570804][ T6326] RDX: 0000000000000218 RSI: 0000000000000000 RDI: 0000000000000001 [ 1272.570804][ T6326] RBP: ffffc90002457c50 R08: 0000000000000001 R09: 0000000000000001 [ 1272.570804][ T6326] R10: fffffbfff14f33b0 R11: ffff88801ed6c4c0 R12: 00000000000010c0 [ 1272.570804][ T6326] R13: 0000000000000000 R14: 00000000000010c0 R15: 0000000000000000 [ 1272.570804][ T6326] ? __kasan_check_read+0x11/0x20 [ 1272.570804][ T6326] ? __lock_acquire+0x16f2/0x4a00 [ 1272.570804][ T6326] ? rwlock_bug.part.0+0x90/0x90 [ 1272.570804][ T6326] ? lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? mark_held_locks+0xf0/0xf0 [ 1272.570804][ T6326] lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] _raw_spin_lock_bh+0x33/0x50 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] ? lock_sock_nested+0xe2/0x120 [ 1272.570804][ T6326] j1939_sk_bind+0x2ea/0x8f0 [ 1272.570804][ T6326] __sys_bind+0x239/0x290 [ 1272.570804][ T6326] ? __ia32_sys_socketpair+0xf0/0xf0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? put_old_timespec32+0x113/0x200 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] ? entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] __ia32_sys_bind+0x72/0xb0 [ 1272.570804][ T6326] do_fast_syscall_32+0x27b/0xe16 [ 1272.570804][ T6326] entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] RIP: 0023:0xf7f3ca39 [ 1272.570804][ T6326] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1272.570804][ T6326] RSP: 002b:00000000f5d170cc EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 1272.570804][ T6326] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 1272.570804][ T6326] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 1272.570804][ T6326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1272.570804][ T6326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1272.570804][ T6326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1272.570804][ T6326] irq event stamp: 118 [ 1272.570804][ T6326] hardirqs last enabled at (117): [] __local_bh_enable_ip+0x15a/0x270 [ 1272.570804][ T6326] hardirqs last disabled at (115): [] __local_bh_enable_ip+0x11a/0x270 [ 1272.570804][ T6326] softirqs last enabled at (116): [] lock_sock_nested+0x9a/0x120 [ 1272.570804][ T6326] softirqs last disabled at (118): [] j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] ---[ end trace c8737570c2ea0474 ]--- [ 1272.570804][ T6326] ------------[ cut here ]------------ [ 1272.570804][ T6326] WARNING: CPU: 3 PID: 6326 at kernel/locking/mutex.c:737 mutex_unlock+0x1d/0x30 [ 1272.570804][ T6326] Modules linked in: [ 1272.570804][ T6326] CPU: 3 PID: 6326 Comm: syz-executor.3 Tainted: G W 5.5.0-rc2-syzkaller #0 [ 1272.570804][ T6326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 1272.570804][ T6326] RIP: 0010:mutex_unlock+0x1d/0x30 [ 1272.570804][ T6326] Code: 4c 89 ff e8 75 08 eb f9 e9 8c fb ff ff 55 65 8b 05 70 60 3a 78 a9 00 ff 1f 00 48 89 e5 75 0b 48 8b 75 08 e8 45 f9 ff ff 5d c3 <0f> 0b 48 8b 75 08 e8 38 f9 ff ff 5d c3 66 0f 1f 44 00 00 48 b8 00 [ 1272.570804][ T6326] RSP: 0018:ffffc90002457418 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: 0000000080000202 RBX: 1ffff9200048ae85 RCX: ffffc90023a1e000 [ 1272.570804][ T6326] RDX: 0000000000040000 RSI: ffffffff816c1c9f RDI: ffffffff899c3be0 [ 1272.570804][ T6326] RBP: ffffc90002457418 R08: ffff88801ed6c4c0 R09: 0000000000000000 [ 1272.570804][ T6326] R10: fffffbfff133877c R11: ffffffff899c3be7 R12: 0000000000000001 [ 1272.570804][ T6326] R13: 0000000000000000 R14: ffffffff87c7c900 R15: 000000000000058b [ 1272.570804][ T6326] FS: 0000000000000000(0000) GS:ffff88802d300000(0063) knlGS:00000000f5d17b40 [ 1272.570804][ T6326] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 1272.570804][ T6326] CR2: 000000002f421000 CR3: 0000000022514000 CR4: 0000000000340ee0 [ 1272.570804][ T6326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1272.570804][ T6326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1272.570804][ T6326] Call Trace: [ 1272.570804][ T6326] __crash_kexec+0x10b/0x200 [ 1272.570804][ T6326] ? kexec_crash_loaded+0x20/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_off+0x62/0x240 [ 1272.570804][ T6326] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 1272.570804][ T6326] ? __printk_safe_flush+0x31e/0x3a0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? find_next_bit+0x107/0x130 [ 1272.570804][ T6326] ? cpumask_next+0x41/0x50 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? printk_safe_flush+0xf2/0x140 [ 1272.570804][ T6326] ? mutex_trylock+0x250/0x2f0 [ 1272.570804][ T6326] panic+0x308/0x75c [ 1272.570804][ T6326] ? add_taint.cold+0x16/0x16 [ 1272.570804][ T6326] ? printk+0xba/0xed [ 1272.570804][ T6326] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 1272.570804][ T6326] ? __warn.cold+0x14/0x3e [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] __warn.cold+0x2f/0x3e [ 1272.570804][ T6326] ? report_bug.cold+0x63/0xb2 [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] report_bug+0x289/0x300 [ 1272.570804][ T6326] do_error_trap+0x11b/0x200 [ 1272.570804][ T6326] do_invalid_op+0x37/0x50 [ 1272.570804][ T6326] ? mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] invalid_op+0x23/0x30 [ 1272.570804][ T6326] RIP: 0010:mutex_trylock+0x279/0x2f0 [ 1272.570804][ T6326] Code: c9 41 b8 01 00 00 00 31 c9 ba 01 00 00 00 31 f6 e8 ac 43 93 f9 58 48 8d 65 d8 b8 01 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e9 0c fe ff ff 48 c7 c7 20 c5 63 8b 48 89 4d d0 e8 20 fd ea [ 1272.570804][ T6326] RSP: 0018:ffffc90002457820 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: 0000000080000201 RBX: 1ffff9200048af0c RCX: 0000000000000004 [ 1272.570804][ T6326] RDX: 0000000000019d70 RSI: ffffffff816c1c25 RDI: ffffffff899c3be0 [ 1272.570804][ T6326] RBP: ffffc90002457850 R08: 0000000000000001 R09: fffffbfff1333ad5 [ 1272.570804][ T6326] R10: fffffbfff1333ad4 R11: ffffffff8999d6a3 R12: ffffffff8b63c520 [ 1272.570804][ T6326] R13: ffffc90002457a88 R14: ffffffff899629c0 R15: ffffffff899c3be0 [ 1272.570804][ T6326] ? __crash_kexec+0x85/0x200 [ 1272.570804][ T6326] __crash_kexec+0x91/0x200 [ 1272.570804][ T6326] ? kexec_crash_loaded+0x20/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_off+0x62/0x240 [ 1272.570804][ T6326] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 1272.570804][ T6326] ? __printk_safe_flush+0x31e/0x3a0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? find_next_bit+0x107/0x130 [ 1272.570804][ T6326] ? cpumask_next+0x41/0x50 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? printk_safe_flush+0xf2/0x140 [ 1272.570804][ T6326] crash_kexec+0x78/0xe0 [ 1272.570804][ T6326] oops_end+0xaa/0xf0 [ 1272.570804][ T6326] die+0x3e/0x48 [ 1272.570804][ T6326] do_general_protection+0x15d/0x370 [ 1272.570804][ T6326] general_protection+0x2d/0x40 [ 1272.570804][ T6326] RIP: 0010:__lock_acquire+0x1254/0x4a00 [ 1272.570804][ T6326] Code: 00 0f 85 96 24 00 00 48 81 c4 f0 00 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 0b 28 00 00 49 81 3e 60 89 bb 8a 0f 84 5f ee ff [ 1272.570804][ T6326] RSP: 0018:ffffc90002457b38 EFLAGS: 00010006 [ 1272.570804][ T6326] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1272.570804][ T6326] RDX: 0000000000000218 RSI: 0000000000000000 RDI: 0000000000000001 [ 1272.570804][ T6326] RBP: ffffc90002457c50 R08: 0000000000000001 R09: 0000000000000001 [ 1272.570804][ T6326] R10: fffffbfff14f33b0 R11: ffff88801ed6c4c0 R12: 00000000000010c0 [ 1272.570804][ T6326] R13: 0000000000000000 R14: 00000000000010c0 R15: 0000000000000000 [ 1272.570804][ T6326] ? __kasan_check_read+0x11/0x20 [ 1272.570804][ T6326] ? __lock_acquire+0x16f2/0x4a00 [ 1272.570804][ T6326] ? rwlock_bug.part.0+0x90/0x90 [ 1272.570804][ T6326] ? lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? mark_held_locks+0xf0/0xf0 [ 1272.570804][ T6326] lock_acquire+0x190/0x410 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] _raw_spin_lock_bh+0x33/0x50 [ 1272.570804][ T6326] ? j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] j1939_jsk_del+0x32/0x210 [ 1272.570804][ T6326] ? lock_sock_nested+0xe2/0x120 [ 1272.570804][ T6326] j1939_sk_bind+0x2ea/0x8f0 [ 1272.570804][ T6326] __sys_bind+0x239/0x290 [ 1272.570804][ T6326] ? __ia32_sys_socketpair+0xf0/0xf0 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1272.570804][ T6326] ? put_old_timespec32+0x113/0x200 [ 1272.570804][ T6326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1272.570804][ T6326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] ? entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] ? do_fast_syscall_32+0xd1/0xe16 [ 1272.570804][ T6326] __ia32_sys_bind+0x72/0xb0 [ 1272.570804][ T6326] do_fast_syscall_32+0x27b/0xe16 [ 1272.570804][ T6326] entry_SYSENTER_compat+0x70/0x7f [ 1272.570804][ T6326] RIP: 0023:0xf7f3ca39 [ 1272.570804][ T6326] Code: 00 00 00 89 d3 5b 5e 5f 5d c3 b8 80 96 98 00 eb c4 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 1272.570804][ T6326] RSP: 002b:00000000f5d170cc EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 1272.570804][ T6326] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000000 [ 1272.570804][ T6326] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 1272.570804][ T6326] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1275.550341][ T6326] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1275.550341][ T6326] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1275.550341][ T6326] irq event stamp: 118 [ 1275.550341][ T6326] hardirqs last enabled at (117): [] __local_bh_enable_ip+0x15a/0x270 [ 1275.550341][ T6326] hardirqs last disabled at (115): [] __local_bh_enable_ip+0x11a/0x270 [ 1275.550341][ T6326] softirqs last enabled at (116): [] lock_sock_nested+0x9a/0x120 [ 1275.550341][ T6326] softirqs last disabled at (118): [] j1939_jsk_del+0x32/0x210 [ 1275.550341][ T6326] ---[ end trace c8737570c2ea0475 ]--- [ 1275.550341][ T6326] Kernel Offset: disabled [ 1275.550341][ T6326] Rebooting in 86400 seconds..