000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x700000000000000}], 0x0, 0x500) 15:01:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3169.358252] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3169.358282] CPU: 0 PID: 15336 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 15:01:59 executing program 2: syz_open_dev$tty1(0xc, 0x4, 0x1) [ 3169.358291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3169.358295] Call Trace: [ 3169.358316] dump_stack+0x197/0x210 [ 3169.358335] dump_header+0x15e/0xa55 [ 3169.358352] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3169.358365] ? ___ratelimit+0x60/0x595 [ 3169.358378] ? do_raw_spin_unlock+0x181/0x270 [ 3169.358395] oom_kill_process.cold+0x10/0x6ef [ 3169.358417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3169.358438] ? task_will_free_mem+0x139/0x6e0 [ 3169.358459] out_of_memory+0x362/0x1330 [ 3169.358479] ? lock_downgrade+0x880/0x880 [ 3169.358495] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3169.358511] ? oom_killer_disable+0x280/0x280 [ 3169.358525] ? find_held_lock+0x35/0x130 [ 3169.358553] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3169.358570] ? memcg_event_wake+0x230/0x230 [ 3169.358595] ? do_raw_spin_unlock+0x181/0x270 [ 3169.358611] ? _raw_spin_unlock+0x2d/0x50 [ 3169.358628] try_charge+0xec5/0x1490 [ 3169.358653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3169.358674] ? lock_downgrade+0x880/0x880 [ 3169.358693] ? kasan_check_read+0x11/0x20 [ 3169.358716] memcg_kmem_charge_memcg+0x83/0x170 [ 3169.358733] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3169.358754] ? __isolate_free_page+0x4c0/0x4c0 [ 3169.358772] memcg_kmem_charge+0x13b/0x370 [ 3169.358792] __alloc_pages_nodemask+0x3c3/0x750 [ 3169.358814] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3169.358836] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3169.358852] ? trace_hardirqs_on+0x67/0x220 [ 3169.358876] copy_process.part.0+0x3e0/0x7a30 [ 3169.358892] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3169.358909] ? delayacct_end+0x5c/0x100 [ 3169.358929] ? __delayacct_freepages_end+0xe0/0x140 [ 3169.358948] ? __lock_acquire+0x6ee/0x49c0 [ 3169.358975] ? __cleanup_sighand+0x70/0x70 [ 3169.358995] ? mark_held_locks+0x100/0x100 [ 3169.359026] _do_fork+0x257/0xfd0 [ 3169.359047] ? fork_idle+0x1d0/0x1d0 [ 3169.359071] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3169.359086] ? kasan_check_read+0x11/0x20 [ 3169.359104] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3169.359119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3169.359133] ? do_syscall_64+0x26/0x620 [ 3169.359147] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3169.359162] ? do_syscall_64+0x26/0x620 [ 3169.359182] __x64_sys_clone+0xbf/0x150 [ 3169.359202] do_syscall_64+0xfd/0x620 [ 3169.359219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3169.359230] RIP: 0033:0x45d919 [ 3169.359242] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3169.359250] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3169.359262] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3169.359271] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3169.359279] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3169.359287] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3169.359295] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c [ 3169.359382] Task in /syz0 killed as a result of limit of /syz0 [ 3169.359406] memory: usage 307188kB, limit 307200kB, failcnt 991 [ 3169.359415] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3169.359423] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3169.359429] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB 15:01:59 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x551, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:01:59 executing program 2: syz_open_dev$tty1(0xc, 0x4, 0x1) 15:01:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x900000000000000}], 0x0, 0x500) 15:01:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x2d00000000000000) [ 3169.359497] Memory cgroup out of memory: Kill process 15336 (syz-executor.0) score 1103 or sacrifice child [ 3169.359549] Killed process 15336 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3169.360148] oom_reaper: reaped process 15336 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 3169.497667] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3169.578499] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:01:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:01:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000046, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x0, 0x500) [ 3169.960477] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:01:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xa00000000000000}], 0x0, 0x500) 15:01:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:01:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3170.099959] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 3170.137110] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3170.216748] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3170.229348] CPU: 0 PID: 15449 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3170.237188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3170.246552] Call Trace: [ 3170.249165] dump_stack+0x197/0x210 [ 3170.252814] dump_header+0x15e/0xa55 [ 3170.256552] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3170.261669] ? ___ratelimit+0x60/0x595 [ 3170.265567] ? do_raw_spin_unlock+0x181/0x270 [ 3170.270079] oom_kill_process.cold+0x10/0x6ef [ 3170.274593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3170.280143] ? task_will_free_mem+0x139/0x6e0 [ 3170.284665] out_of_memory+0x362/0x1330 [ 3170.288656] ? lock_downgrade+0x880/0x880 [ 3170.292820] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3170.297939] ? oom_killer_disable+0x280/0x280 [ 3170.302445] ? find_held_lock+0x35/0x130 [ 3170.306532] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3170.311391] ? memcg_event_wake+0x230/0x230 [ 3170.315732] ? do_raw_spin_unlock+0x181/0x270 [ 3170.320242] ? _raw_spin_unlock+0x2d/0x50 [ 3170.324544] try_charge+0xec5/0x1490 [ 3170.328288] ? lock_downgrade+0x880/0x880 [ 3170.332471] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3170.337447] ? rcu_read_unlock+0x33/0x60 [ 3170.341530] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3170.346391] ? __pte_alloc+0x1bf/0x360 [ 3170.350303] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3170.356396] mem_cgroup_try_charge+0x259/0x6b0 [ 3170.361010] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3170.366047] __handle_mm_fault+0x1e50/0x3f80 [ 3170.370597] ? copy_page_range+0x2030/0x2030 [ 3170.375164] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3170.379856] handle_mm_fault+0x1b5/0x690 [ 3170.383938] __do_page_fault+0x62a/0xe90 [ 3170.388030] ? vmalloc_fault+0x740/0x740 [ 3170.392111] ? trace_hardirqs_off_caller+0x65/0x220 [ 3170.397146] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3170.402096] ? page_fault+0x8/0x30 [ 3170.405657] do_page_fault+0x71/0x57d [ 3170.409492] ? page_fault+0x8/0x30 [ 3170.413045] page_fault+0x1e/0x30 [ 3170.416510] RIP: 0033:0x400644 [ 3170.419711] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 3170.438617] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3170.443987] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 3170.451263] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3170.458542] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3170.465824] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3170.473113] R13: 00007ffd6c54cf20 R14: 0000000000760008 R15: 00007ffd6c54cf30 15:02:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x1e26000000000000}], 0x0, 0x500) [ 3170.516063] Task in /syz0 killed as a result of limit of /syz0 [ 3170.529353] memory: usage 307200kB, limit 307200kB, failcnt 1031 [ 3170.543976] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3170.572016] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3170.585296] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3170.642647] Memory cgroup out of memory: Kill process 15449 (syz-executor.0) score 1103 or sacrifice child [ 3170.662823] Killed process 15449 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3170.666557] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3170.686591] oom_reaper: reaped process 15449 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:00 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3170.874806] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3170.902748] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3170.917942] CPU: 0 PID: 15480 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3170.925785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3170.935157] Call Trace: [ 3170.937764] dump_stack+0x197/0x210 [ 3170.942622] dump_header+0x15e/0xa55 [ 3170.946344] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3170.951462] ? ___ratelimit+0x60/0x595 [ 3170.955357] ? do_raw_spin_unlock+0x181/0x270 [ 3170.959864] oom_kill_process.cold+0x10/0x6ef [ 3170.964372] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3170.969931] ? task_will_free_mem+0x139/0x6e0 [ 3170.974468] out_of_memory+0x362/0x1330 [ 3170.978471] ? lock_downgrade+0x880/0x880 [ 3170.982628] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3170.987740] ? oom_killer_disable+0x280/0x280 [ 3170.992244] ? find_held_lock+0x35/0x130 [ 3170.996340] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3171.001206] ? memcg_event_wake+0x230/0x230 [ 3171.005545] ? do_raw_spin_unlock+0x181/0x270 [ 3171.010131] ? _raw_spin_unlock+0x2d/0x50 [ 3171.014346] try_charge+0xec5/0x1490 [ 3171.018079] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3171.022937] ? lock_downgrade+0x880/0x880 [ 3171.027098] ? kasan_check_read+0x11/0x20 [ 3171.031261] memcg_kmem_charge_memcg+0x83/0x170 [ 3171.035954] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3171.040492] ? __isolate_free_page+0x4c0/0x4c0 [ 3171.045104] memcg_kmem_charge+0x13b/0x370 [ 3171.049362] __alloc_pages_nodemask+0x3c3/0x750 [ 3171.054058] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3171.059104] ? trace_hardirqs_on+0x67/0x220 [ 3171.063449] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3171.068491] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3171.074043] alloc_pages_current+0x107/0x210 [ 3171.078475] pte_alloc_one+0x1b/0x1a0 [ 3171.082283] __pte_alloc+0x2a/0x360 [ 3171.085921] __handle_mm_fault+0x340b/0x3f80 [ 3171.090338] ? copy_page_range+0x2030/0x2030 [ 3171.094778] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3171.099474] handle_mm_fault+0x1b5/0x690 [ 3171.103550] __do_page_fault+0x62a/0xe90 [ 3171.107615] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3171.113513] ? vmalloc_fault+0x740/0x740 [ 3171.117591] ? trace_hardirqs_off_caller+0x65/0x220 [ 3171.122628] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3171.127583] ? page_fault+0x8/0x30 [ 3171.131150] do_page_fault+0x71/0x57d [ 3171.135331] ? page_fault+0x8/0x30 [ 3171.139586] page_fault+0x1e/0x30 [ 3171.143054] RIP: 0033:0x40e0fc [ 3171.146262] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 51 ff ff <83> 05 01 1f 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 3171.165173] RSP: 002b:00007ffd6c54cd40 EFLAGS: 00010217 [ 3171.170635] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045af49 [ 3171.177907] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 3171.185179] RBP: 000000000075bf2c R08: 00007fe841ccf700 R09: ffffffffffffffff [ 3171.192456] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 3171.199730] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 3171.210380] Task in /syz0 killed as a result of limit of /syz0 [ 3171.216817] memory: usage 307200kB, limit 307200kB, failcnt 1041 [ 3171.223211] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3171.230269] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3171.236593] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3171.257139] Memory cgroup out of memory: Kill process 15480 (syz-executor.0) score 1103 or sacrifice child [ 3171.267267] Killed process 15480 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:02:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x552, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000046, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x0, 0x500) 15:02:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x2000000000000000}], 0x0, 0x500) [ 3171.301635] oom_reaper: reaped process 15480 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 3171.424522] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3171.432731] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing 15:02:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x2e00000000000000) 15:02:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b60, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x2200000000000000}], 0x0, 0x500) 15:02:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3172.063205] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:02:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x553, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000012, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x0, 0x500) [ 3172.148151] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3172.170437] CPU: 0 PID: 15492 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3172.178283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3172.187647] Call Trace: [ 3172.190256] dump_stack+0x197/0x210 [ 3172.193910] dump_header+0x15e/0xa55 [ 3172.197645] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3172.202783] ? ___ratelimit+0x60/0x595 [ 3172.206790] ? do_raw_spin_unlock+0x181/0x270 [ 3172.211319] oom_kill_process.cold+0x10/0x6ef [ 3172.215838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3172.221394] ? task_will_free_mem+0x139/0x6e0 [ 3172.225915] out_of_memory+0x362/0x1330 [ 3172.229922] ? lock_downgrade+0x880/0x880 [ 3172.234094] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3172.239215] ? oom_killer_disable+0x280/0x280 [ 3172.243727] ? find_held_lock+0x35/0x130 [ 3172.247846] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3172.252708] ? memcg_event_wake+0x230/0x230 [ 3172.257054] ? do_raw_spin_unlock+0x181/0x270 [ 3172.259826] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 3172.261559] ? _raw_spin_unlock+0x2d/0x50 [ 3172.261580] try_charge+0xec5/0x1490 [ 3172.261598] ? lock_downgrade+0x880/0x880 [ 3172.261619] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3172.261638] ? rcu_read_unlock+0x33/0x60 [ 3172.288855] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3172.293720] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3172.299808] mem_cgroup_try_charge+0x259/0x6b0 [ 3172.304421] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3172.309371] wp_page_copy+0x430/0x16a0 [ 3172.313283] ? follow_pfn+0x2a0/0x2a0 [ 3172.317103] ? do_raw_spin_unlock+0x181/0x270 [ 3172.321703] do_wp_page+0x57d/0x10b0 [ 3172.325867] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3172.330548] ? kasan_check_write+0x14/0x20 [ 3172.334821] ? do_raw_spin_lock+0xd7/0x250 [ 3172.339074] __handle_mm_fault+0x2305/0x3f80 [ 3172.343498] ? copy_page_range+0x2030/0x2030 [ 3172.347939] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3172.352622] handle_mm_fault+0x1b5/0x690 [ 3172.356826] __do_page_fault+0x62a/0xe90 [ 3172.360919] ? vmalloc_fault+0x740/0x740 [ 3172.364995] ? trace_hardirqs_off_caller+0x65/0x220 [ 3172.370138] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3172.375092] ? page_fault+0x8/0x30 [ 3172.378657] do_page_fault+0x71/0x57d [ 3172.382468] ? page_fault+0x8/0x30 [ 3172.386020] page_fault+0x1e/0x30 [ 3172.389480] RIP: 0033:0x432026 [ 3172.392684] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 c6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 51 64 00 85 c0 0f 84 [ 3172.411591] RSP: 002b:00007ffd6c54cb30 EFLAGS: 00010206 [ 3172.416971] RAX: 00000000000205b1 RBX: 000000000071c640 RCX: 0000000000000121 [ 3172.424248] RDX: 00000000024db930 RSI: 00000000024dba50 RDI: 0000000000000000 [ 3172.431611] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 3172.438891] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071c698 15:02:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3172.446164] R13: 000000000071c698 R14: 0000000000000000 R15: 0000000000002710 [ 3172.456909] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x2300000000000000}], 0x0, 0x500) [ 3172.588125] Task in /syz0 killed as a result of limit of /syz0 [ 3172.616858] memory: usage 307192kB, limit 307200kB, failcnt 1072 15:02:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3172.768855] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3172.877256] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3172.892340] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3172.906520] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3172.944815] Memory cgroup out of memory: Kill process 15492 (syz-executor.0) score 1103 or sacrifice child [ 3172.968906] Killed process 15492 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3172.994904] oom_reaper: reaped process 15492 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x2f00000000000000) 15:02:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x2a04000000000000}], 0x0, 0x500) 15:02:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x554, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3173.889976] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3173.929083] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3173.939227] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3173.951845] CPU: 0 PID: 15521 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3173.959681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3173.969044] Call Trace: [ 3173.971667] dump_stack+0x197/0x210 [ 3173.975321] dump_header+0x15e/0xa55 [ 3173.979058] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3173.984176] ? ___ratelimit+0x60/0x595 [ 3173.988073] ? do_raw_spin_unlock+0x181/0x270 [ 3173.992586] oom_kill_process.cold+0x10/0x6ef [ 3173.997098] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3174.002771] ? task_will_free_mem+0x139/0x6e0 [ 3174.007294] out_of_memory+0x362/0x1330 [ 3174.011289] ? lock_downgrade+0x880/0x880 [ 3174.015490] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3174.020613] ? oom_killer_disable+0x280/0x280 [ 3174.025122] ? find_held_lock+0x35/0x130 [ 3174.029208] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3174.034061] ? memcg_event_wake+0x230/0x230 [ 3174.038399] ? do_raw_spin_unlock+0x181/0x270 [ 3174.042908] ? _raw_spin_unlock+0x2d/0x50 [ 3174.047066] try_charge+0xec5/0x1490 [ 3174.050803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3174.056179] ? lock_downgrade+0x880/0x880 [ 3174.060337] ? kasan_check_read+0x11/0x20 [ 3174.064502] memcg_kmem_charge_memcg+0x83/0x170 [ 3174.069181] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3174.073689] ? __isolate_free_page+0x4c0/0x4c0 [ 3174.078291] memcg_kmem_charge+0x13b/0x370 [ 3174.082542] __alloc_pages_nodemask+0x3c3/0x750 [ 3174.087227] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3174.092258] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3174.097826] alloc_pages_current+0x107/0x210 [ 3174.102252] pte_alloc_one+0x1b/0x1a0 [ 3174.106070] __pte_alloc+0x2a/0x360 [ 3174.109726] __handle_mm_fault+0x340b/0x3f80 [ 3174.114171] ? copy_page_range+0x2030/0x2030 [ 3174.118607] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3174.123314] handle_mm_fault+0x1b5/0x690 [ 3174.127402] __do_page_fault+0x62a/0xe90 [ 3174.131498] ? vmalloc_fault+0x740/0x740 [ 3174.135730] ? trace_hardirqs_off_caller+0x65/0x220 [ 3174.141469] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3174.146410] ? page_fault+0x8/0x30 [ 3174.149987] do_page_fault+0x71/0x57d [ 3174.153800] ? page_fault+0x8/0x30 [ 3174.157360] page_fault+0x1e/0x30 [ 3174.160815] RIP: 0033:0x400644 [ 3174.164017] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 3174.183011] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3174.188381] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 3174.195656] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3174.202942] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3174.210318] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3174.217596] R13: 00007ffd6c54cf20 R14: 0000000000760008 R15: 00007ffd6c54cf30 15:02:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3174.248345] Task in /syz0 killed as a result of limit of /syz0 [ 3174.256294] memory: usage 307200kB, limit 307200kB, failcnt 1100 [ 3174.278178] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3174.285137] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:02:04 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x2c00000000000000}], 0x0, 0x500) [ 3174.308095] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3174.366396] Memory cgroup out of memory: Kill process 15521 (syz-executor.0) score 1103 or sacrifice child 15:02:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3174.410651] Killed process 15521 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3174.446273] oom_reaper: reaped process 15521 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 3174.475143] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:05 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3000000000000000) 15:02:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x3f00000000000000}], 0x0, 0x500) 15:02:05 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x555, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3175.544807] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:02:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3175.623764] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3175.648146] CPU: 1 PID: 15550 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3175.655985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3175.665349] Call Trace: [ 3175.667953] dump_stack+0x197/0x210 [ 3175.671597] dump_header+0x15e/0xa55 [ 3175.675329] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3175.680454] ? ___ratelimit+0x60/0x595 [ 3175.684361] ? do_raw_spin_unlock+0x181/0x270 [ 3175.688876] oom_kill_process.cold+0x10/0x6ef [ 3175.693387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3175.698938] ? task_will_free_mem+0x139/0x6e0 [ 3175.703459] out_of_memory+0x362/0x1330 [ 3175.707454] ? lock_downgrade+0x880/0x880 [ 3175.711659] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3175.716790] ? oom_killer_disable+0x280/0x280 15:02:05 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3175.721308] ? find_held_lock+0x35/0x130 [ 3175.725398] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3175.730268] ? memcg_event_wake+0x230/0x230 [ 3175.734616] ? do_raw_spin_unlock+0x181/0x270 [ 3175.739133] ? _raw_spin_unlock+0x2d/0x50 [ 3175.743302] try_charge+0xec5/0x1490 [ 3175.747031] ? lock_downgrade+0x880/0x880 [ 3175.751206] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3175.756066] ? rcu_read_unlock+0x33/0x60 [ 3175.760151] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3175.765013] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 15:02:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3175.771096] mem_cgroup_try_charge+0x259/0x6b0 [ 3175.775803] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3175.780764] __handle_mm_fault+0x1e50/0x3f80 [ 3175.785206] ? copy_page_range+0x2030/0x2030 [ 3175.789649] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3175.794330] handle_mm_fault+0x1b5/0x690 [ 3175.798408] __do_page_fault+0x62a/0xe90 [ 3175.802666] ? vmalloc_fault+0x740/0x740 [ 3175.806830] ? trace_hardirqs_off_caller+0x65/0x220 [ 3175.811859] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3175.816799] ? page_fault+0x8/0x30 [ 3175.820363] do_page_fault+0x71/0x57d 15:02:05 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3175.824182] ? page_fault+0x8/0x30 [ 3175.827739] page_fault+0x1e/0x30 [ 3175.831195] RIP: 0033:0x41273f [ 3175.834396] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3175.853306] RSP: 002b:00007ffd6c54cc50 EFLAGS: 00010206 [ 3175.858682] RAX: 00007fe841caf000 RBX: 0000000000020000 RCX: 000000000045af9a [ 3175.866016] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3175.873300] RBP: 00007ffd6c54cd30 R08: ffffffffffffffff R09: 0000000000000000 [ 3175.880581] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd6c54ce20 [ 3175.887868] R13: 00007fe841ccf700 R14: 0000000000000000 R15: 000000000075bf2c [ 3175.896734] Task in /syz0 killed as a result of limit of /syz0 [ 3175.896851] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3175.902986] memory: usage 307200kB, limit 307200kB, failcnt 1132 [ 3175.902997] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:02:05 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3175.903006] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3175.903013] Memory cgroup stats for /syz0: cache:8KB rss:200KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:92KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3175.903092] Memory cgroup out of memory: Kill process 15550 (syz-executor.0) score 1103 or sacrifice child [ 3175.903152] Killed process 15550 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3175.903862] oom_reaper: reaped process 15550 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4000000000000000}], 0x0, 0x500) [ 3176.185453] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3100000000000000) 15:02:06 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:06 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4204000000000000}], 0x0, 0x500) 15:02:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x556, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:06 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3177.220659] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:02:06 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3177.284210] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3177.302668] CPU: 1 PID: 15580 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3177.306631] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3177.310495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3177.310501] Call Trace: [ 3177.310524] dump_stack+0x197/0x210 [ 3177.310545] dump_header+0x15e/0xa55 [ 3177.310562] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3177.310577] ? ___ratelimit+0x60/0x595 [ 3177.310591] ? do_raw_spin_unlock+0x181/0x270 [ 3177.310610] oom_kill_process.cold+0x10/0x6ef [ 3177.310630] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3177.310644] ? task_will_free_mem+0x139/0x6e0 [ 3177.310666] out_of_memory+0x362/0x1330 [ 3177.310685] ? lock_downgrade+0x880/0x880 [ 3177.310703] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3177.310718] ? oom_killer_disable+0x280/0x280 [ 3177.310732] ? find_held_lock+0x35/0x130 [ 3177.310759] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3177.310775] ? memcg_event_wake+0x230/0x230 [ 3177.310794] ? do_raw_spin_unlock+0x181/0x270 [ 3177.310810] ? _raw_spin_unlock+0x2d/0x50 [ 3177.310826] try_charge+0xec5/0x1490 [ 3177.310842] ? lock_downgrade+0x880/0x880 [ 3177.310865] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3177.310880] ? rcu_read_unlock+0x33/0x60 [ 3177.310893] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3177.310905] ? __pte_alloc+0x1bf/0x360 [ 3177.310923] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3177.310951] mem_cgroup_try_charge+0x259/0x6b0 [ 3177.441843] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3177.446792] __handle_mm_fault+0x1e50/0x3f80 [ 3177.451217] ? copy_page_range+0x2030/0x2030 [ 3177.455655] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3177.460339] handle_mm_fault+0x1b5/0x690 [ 3177.464418] __do_page_fault+0x62a/0xe90 [ 3177.468502] ? vmalloc_fault+0x740/0x740 [ 3177.472575] ? trace_hardirqs_off_caller+0x65/0x220 [ 3177.477604] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3177.482545] ? page_fault+0x8/0x30 [ 3177.486105] do_page_fault+0x71/0x57d [ 3177.489927] ? page_fault+0x8/0x30 [ 3177.493479] page_fault+0x1e/0x30 [ 3177.496938] RIP: 0033:0x400644 [ 3177.500138] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 3177.519151] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3177.524525] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 15:02:07 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:07 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x557, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3177.531801] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3177.539164] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3177.546444] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3177.553731] R13: 00007ffd6c54cf20 R14: 0000000000760008 R15: 00007ffd6c54cf30 15:02:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4304000000000000}], 0x0, 0x500) [ 3177.786359] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3177.868972] Task in /syz0 killed as a result of limit of /syz0 [ 3177.875023] memory: usage 307200kB, limit 307200kB, failcnt 1159 [ 3178.068048] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3178.074882] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3178.098093] Memory cgroup stats for /syz0: cache:8KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3178.130377] Memory cgroup out of memory: Kill process 15580 (syz-executor.0) score 1103 or sacrifice child [ 3178.151569] Killed process 15580 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3178.168900] oom_reaper: reaped process 15580 (syz-executor.0), now anon-rss:0kB, file-rss:33984kB, shmem-rss:0kB 15:02:08 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3300000000000000) 15:02:08 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:08 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4404000000000000}], 0x0, 0x500) 15:02:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:08 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x558, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3179.046138] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3179.108509] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3179.114160] CPU: 1 PID: 15611 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3179.121998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3179.131557] Call Trace: [ 3179.134258] dump_stack+0x197/0x210 [ 3179.137912] dump_header+0x15e/0xa55 [ 3179.139638] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3179.141641] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3179.141659] ? ___ratelimit+0x60/0x595 15:02:08 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3179.141673] ? do_raw_spin_unlock+0x181/0x270 [ 3179.141693] oom_kill_process.cold+0x10/0x6ef [ 3179.141713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3179.141730] ? task_will_free_mem+0x139/0x6e0 [ 3179.178162] out_of_memory+0x362/0x1330 [ 3179.182178] ? lock_downgrade+0x880/0x880 [ 3179.186355] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3179.191484] ? oom_killer_disable+0x280/0x280 [ 3179.196010] ? find_held_lock+0x35/0x130 [ 3179.200105] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3179.204990] ? memcg_event_wake+0x230/0x230 [ 3179.209332] ? do_raw_spin_unlock+0x181/0x270 [ 3179.213955] ? _raw_spin_unlock+0x2d/0x50 [ 3179.218558] try_charge+0xec5/0x1490 [ 3179.222570] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3179.227444] ? lock_downgrade+0x880/0x880 [ 3179.231610] ? kasan_check_read+0x11/0x20 [ 3179.235775] memcg_kmem_charge_memcg+0x83/0x170 [ 3179.240469] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3179.245107] ? __isolate_free_page+0x4c0/0x4c0 [ 3179.249774] memcg_kmem_charge+0x13b/0x370 [ 3179.254036] __alloc_pages_nodemask+0x3c3/0x750 [ 3179.258742] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3179.263784] ? __lock_is_held+0xb6/0x140 [ 3179.267864] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3179.272899] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3179.278477] alloc_pages_current+0x107/0x210 [ 3179.282911] pte_alloc_one+0x1b/0x1a0 [ 3179.286748] __pte_alloc+0x2a/0x360 [ 3179.290400] __handle_mm_fault+0x340b/0x3f80 [ 3179.294824] ? copy_page_range+0x2030/0x2030 [ 3179.299276] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3179.303976] handle_mm_fault+0x1b5/0x690 15:02:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x559, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3179.308174] __do_page_fault+0x62a/0xe90 [ 3179.312258] ? vmalloc_fault+0x740/0x740 [ 3179.316334] ? trace_hardirqs_off_caller+0x65/0x220 [ 3179.321389] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3179.326337] ? page_fault+0x8/0x30 [ 3179.329902] do_page_fault+0x71/0x57d [ 3179.333721] ? page_fault+0x8/0x30 [ 3179.337397] page_fault+0x1e/0x30 [ 3179.340863] RIP: 0033:0x40e0fc [ 3179.344070] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 51 ff ff <83> 05 01 1f 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 3179.362986] RSP: 002b:00007ffd6c54cd40 EFLAGS: 00010217 [ 3179.368384] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045af49 [ 3179.375680] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 3179.382973] RBP: 000000000075bf2c R08: 00007fe841ccf700 R09: ffffffffffffffff [ 3179.390258] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 3179.397539] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 15:02:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4504000000000000}], 0x0, 0x500) 15:02:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3179.477721] Task in /syz0 killed as a result of limit of /syz0 [ 3179.484030] memory: usage 307200kB, limit 307200kB, failcnt 1167 [ 3179.490696] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3179.498082] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3179.504408] Memory cgroup stats for /syz0: cache:8KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3179.524781] Memory cgroup out of memory: Kill process 15611 (syz-executor.0) score 1103 or sacrifice child [ 3179.539792] Killed process 15611 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3179.574588] oom_reaper: reaped process 15611 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3179.674750] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3400000000000000) 15:02:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, 0x0) 15:02:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4604000000000000}], 0x0, 0x500) 15:02:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55a, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3180.674257] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:02:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3180.758150] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3180.763788] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3180.763913] CPU: 0 PID: 15642 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3180.780660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3180.790029] Call Trace: [ 3180.792635] dump_stack+0x197/0x210 [ 3180.796295] dump_header+0x15e/0xa55 [ 3180.800034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 15:02:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3180.805158] ? ___ratelimit+0x60/0x595 [ 3180.809056] ? do_raw_spin_unlock+0x181/0x270 [ 3180.813572] oom_kill_process.cold+0x10/0x6ef [ 3180.818087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3180.823643] ? task_will_free_mem+0x139/0x6e0 [ 3180.828163] out_of_memory+0x362/0x1330 [ 3180.832162] ? lock_downgrade+0x880/0x880 [ 3180.836328] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3180.841445] ? oom_killer_disable+0x280/0x280 [ 3180.845949] ? find_held_lock+0x35/0x130 [ 3180.850032] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3180.854889] ? memcg_event_wake+0x230/0x230 [ 3180.859225] ? do_raw_spin_unlock+0x181/0x270 [ 3180.863729] ? _raw_spin_unlock+0x2d/0x50 [ 3180.867889] try_charge+0xec5/0x1490 [ 3180.871619] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3180.876477] ? lock_downgrade+0x880/0x880 [ 3180.880637] ? kasan_check_read+0x11/0x20 [ 3180.884801] memcg_kmem_charge_memcg+0x83/0x170 [ 3180.889479] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3180.893988] ? __isolate_free_page+0x4c0/0x4c0 [ 3180.899898] memcg_kmem_charge+0x13b/0x370 [ 3180.904148] __alloc_pages_nodemask+0x3c3/0x750 [ 3180.908832] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3180.913888] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3180.918484] ? trace_hardirqs_on+0x67/0x220 [ 3180.922822] copy_process.part.0+0x3e0/0x7a30 [ 3180.927329] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3180.932448] ? delayacct_end+0x5c/0x100 [ 3180.936439] ? __delayacct_freepages_end+0xe0/0x140 [ 3180.941472] ? __lock_acquire+0x6ee/0x49c0 [ 3180.945725] ? __cleanup_sighand+0x70/0x70 [ 3180.950058] ? mark_held_locks+0x100/0x100 [ 3180.954313] _do_fork+0x257/0xfd0 [ 3180.957784] ? fork_idle+0x1d0/0x1d0 [ 3180.961513] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3180.967405] ? kasan_check_read+0x11/0x20 [ 3180.971562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3180.976324] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3180.981091] ? do_syscall_64+0x26/0x620 [ 3180.985075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3180.990443] ? do_syscall_64+0x26/0x620 [ 3180.994431] __x64_sys_clone+0xbf/0x150 [ 3180.998420] do_syscall_64+0xfd/0x620 [ 3181.002237] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3181.007865] RIP: 0033:0x45d919 [ 3181.011066] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3181.029975] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3181.037698] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3181.044975] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3181.052252] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3181.059532] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3181.066808] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c 15:02:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4704000000000000}], 0x0, 0x500) 15:02:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3181.312729] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3181.349862] Task in /syz0 killed as a result of limit of /syz0 [ 3181.368709] memory: usage 307176kB, limit 307200kB, failcnt 1179 [ 3181.379864] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3181.429104] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3181.445883] Memory cgroup stats for /syz0: cache:8KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3181.466503] Memory cgroup out of memory: Kill process 15642 (syz-executor.0) score 1103 or sacrifice child [ 3181.485158] Killed process 15642 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3181.497717] oom_reaper: reaped process 15642 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3600000000000000) 15:02:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:11 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55b, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4804000000000000}], 0x0, 0x500) 15:02:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, 0x0) 15:02:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3182.103819] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:02:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3182.177636] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3182.199464] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3182.224227] CPU: 0 PID: 15671 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3182.232159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3182.241694] Call Trace: [ 3182.244310] dump_stack+0x197/0x210 [ 3182.247972] dump_header+0x15e/0xa55 [ 3182.251722] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3182.257018] ? ___ratelimit+0x60/0x595 [ 3182.260913] ? do_raw_spin_unlock+0x181/0x270 [ 3182.265418] oom_kill_process.cold+0x10/0x6ef [ 3182.269930] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3182.275474] ? task_will_free_mem+0x139/0x6e0 [ 3182.279986] out_of_memory+0x362/0x1330 [ 3182.283996] ? lock_downgrade+0x880/0x880 [ 3182.288164] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3182.293296] ? oom_killer_disable+0x280/0x280 [ 3182.297907] ? find_held_lock+0x35/0x130 [ 3182.302009] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3182.306868] ? memcg_event_wake+0x230/0x230 [ 3182.311208] ? do_raw_spin_unlock+0x181/0x270 [ 3182.315728] ? _raw_spin_unlock+0x2d/0x50 [ 3182.319899] try_charge+0xec5/0x1490 [ 3182.323633] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3182.328491] ? lock_downgrade+0x880/0x880 [ 3182.332655] ? kasan_check_read+0x11/0x20 [ 3182.336821] memcg_kmem_charge_memcg+0x83/0x170 [ 3182.341502] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3182.346018] ? __isolate_free_page+0x4c0/0x4c0 [ 3182.350611] memcg_kmem_charge+0x13b/0x370 [ 3182.354861] __alloc_pages_nodemask+0x3c3/0x750 [ 3182.359546] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3182.364578] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3182.369183] ? trace_hardirqs_on+0x67/0x220 [ 3182.373536] copy_process.part.0+0x3e0/0x7a30 [ 3182.378048] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3182.383171] ? delayacct_end+0x5c/0x100 [ 3182.387165] ? __delayacct_freepages_end+0xe0/0x140 [ 3182.392197] ? __lock_acquire+0x6ee/0x49c0 [ 3182.396456] ? __cleanup_sighand+0x70/0x70 [ 3182.400725] ? mark_held_locks+0x100/0x100 [ 3182.405006] _do_fork+0x257/0xfd0 [ 3182.408486] ? fork_idle+0x1d0/0x1d0 [ 3182.412221] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3182.418263] ? kasan_check_read+0x11/0x20 [ 3182.422430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3182.427199] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3182.431970] ? do_syscall_64+0x26/0x620 [ 3182.435957] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3182.441332] ? do_syscall_64+0x26/0x620 [ 3182.445321] __x64_sys_clone+0xbf/0x150 [ 3182.449309] do_syscall_64+0xfd/0x620 [ 3182.453124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3182.458325] RIP: 0033:0x45d919 15:02:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3182.461524] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3182.480433] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3182.488151] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3182.495513] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3182.502796] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3182.511203] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3182.518569] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c 15:02:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4904000000000000}], 0x0, 0x500) 15:02:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3182.728078] Task in /syz0 killed as a result of limit of /syz0 [ 3182.735534] memory: usage 307120kB, limit 307200kB, failcnt 1211 [ 3182.759966] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3182.776594] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3182.785830] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3182.807201] Memory cgroup stats for /syz0: cache:8KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3182.873324] Memory cgroup out of memory: Kill process 15671 (syz-executor.0) score 1103 or sacrifice child [ 3182.910566] Killed process 15671 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3182.948375] oom_reaper: reaped process 15671 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3700000000000000) 15:02:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4a04000000000000}], 0x0, 0x500) 15:02:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, 0x0) 15:02:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55c, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x0, 0x0}) [ 3183.785127] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4b04000000000000}], 0x0, 0x500) [ 3183.916699] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:02:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3183.959035] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3184.005542] CPU: 1 PID: 15712 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3184.013408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3184.022785] Call Trace: [ 3184.025389] dump_stack+0x197/0x210 [ 3184.029039] dump_header+0x15e/0xa55 [ 3184.032798] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3184.037915] ? ___ratelimit+0x60/0x595 [ 3184.041834] ? do_raw_spin_unlock+0x181/0x270 [ 3184.046343] oom_kill_process.cold+0x10/0x6ef [ 3184.050857] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3184.053241] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3184.056406] ? task_will_free_mem+0x139/0x6e0 [ 3184.056431] out_of_memory+0x362/0x1330 [ 3184.056452] ? lock_downgrade+0x880/0x880 [ 3184.056472] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3184.081803] ? oom_killer_disable+0x280/0x280 [ 3184.086317] ? find_held_lock+0x35/0x130 [ 3184.090413] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3184.095268] ? memcg_event_wake+0x230/0x230 [ 3184.099609] ? do_raw_spin_unlock+0x181/0x270 [ 3184.104119] ? _raw_spin_unlock+0x2d/0x50 [ 3184.108281] try_charge+0xec5/0x1490 [ 3184.112006] ? lock_downgrade+0x880/0x880 [ 3184.116175] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3184.121032] ? rcu_read_unlock+0x33/0x60 [ 3184.125100] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3184.129958] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3184.136036] mem_cgroup_try_charge+0x259/0x6b0 [ 3184.140928] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3184.146137] __handle_mm_fault+0x1e50/0x3f80 [ 3184.150569] ? copy_page_range+0x2030/0x2030 [ 3184.155634] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3184.161295] handle_mm_fault+0x1b5/0x690 [ 3184.165378] __do_page_fault+0x62a/0xe90 [ 3184.169463] ? vmalloc_fault+0x740/0x740 [ 3184.173537] ? trace_hardirqs_off_caller+0x65/0x220 [ 3184.178564] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3184.185329] ? page_fault+0x8/0x30 [ 3184.188887] do_page_fault+0x71/0x57d [ 3184.192708] ? page_fault+0x8/0x30 [ 3184.196267] page_fault+0x1e/0x30 [ 3184.199770] RIP: 0033:0x4005c0 [ 3184.202978] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 a5 55 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 3184.223017] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3184.228390] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000020000040 [ 3184.235668] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 3184.242947] RBP: 00000000007608e8 R08: 0000000000000000 R09: 0000000000000000 [ 3184.250230] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 000000000075bf20 [ 3184.257509] R13: 00000000003094fb R14: 00000000007608f0 R15: 000000000075bf2c [ 3184.268227] Task in /syz0 killed as a result of limit of /syz0 [ 3184.274356] memory: usage 307200kB, limit 307200kB, failcnt 1264 [ 3184.281211] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3184.298371] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3184.305920] Memory cgroup stats for /syz0: cache:8KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3184.332651] Memory cgroup out of memory: Kill process 15712 (syz-executor.0) score 1103 or sacrifice child [ 3184.346702] Killed process 15712 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3184.362076] oom_reaper: reaped process 15712 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3800000000000000) 15:02:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, 0x0) 15:02:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4c04000000000000}], 0x0, 0x500) 15:02:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x0, 0x0}) 15:02:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55d, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:15 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, 0x0) [ 3185.342733] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x0, 0x0}) 15:02:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4d04000000000000}], 0x0, 0x500) 15:02:15 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, 0x0) 15:02:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3185.560847] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3185.650145] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) [ 3185.667542] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3185.688273] CPU: 1 PID: 15741 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3185.696113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3185.705672] Call Trace: [ 3185.708274] dump_stack+0x197/0x210 [ 3185.711913] dump_header+0x15e/0xa55 [ 3185.715637] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3185.720748] ? ___ratelimit+0x60/0x595 [ 3185.724640] ? do_raw_spin_unlock+0x181/0x270 [ 3185.729590] oom_kill_process.cold+0x10/0x6ef [ 3185.734102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3185.739653] ? task_will_free_mem+0x139/0x6e0 [ 3185.744166] out_of_memory+0x362/0x1330 [ 3185.748156] ? lock_downgrade+0x880/0x880 [ 3185.752322] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3185.757523] ? oom_killer_disable+0x280/0x280 [ 3185.762026] ? find_held_lock+0x35/0x130 [ 3185.766104] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3185.770964] ? memcg_event_wake+0x230/0x230 [ 3185.775299] ? do_raw_spin_unlock+0x181/0x270 [ 3185.779804] ? _raw_spin_unlock+0x2d/0x50 [ 3185.783968] try_charge+0xec5/0x1490 [ 3185.787691] ? lock_downgrade+0x880/0x880 [ 3185.791857] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3185.796717] ? rcu_read_unlock+0x33/0x60 [ 3185.800785] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3185.805656] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3185.811854] mem_cgroup_try_charge+0x259/0x6b0 [ 3185.816463] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3185.821414] __handle_mm_fault+0x1e50/0x3f80 [ 3185.825840] ? copy_page_range+0x2030/0x2030 [ 3185.830278] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3185.834978] handle_mm_fault+0x1b5/0x690 [ 3185.839066] __do_page_fault+0x62a/0xe90 [ 3185.843148] ? vmalloc_fault+0x740/0x740 [ 3185.847231] ? trace_hardirqs_off_caller+0x65/0x220 [ 3185.852271] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3185.857214] ? page_fault+0x8/0x30 [ 3185.860772] do_page_fault+0x71/0x57d [ 3185.864673] ? page_fault+0x8/0x30 [ 3185.868225] page_fault+0x1e/0x30 [ 3185.871682] RIP: 0033:0x4005c0 [ 3185.874879] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 a5 55 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 3185.893792] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3185.899168] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000020000040 [ 3185.906445] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 3185.913728] RBP: 00000000007608e8 R08: 0000000000000000 R09: 0000000000000000 [ 3185.921010] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 000000000075bf20 [ 3185.928294] R13: 0000000000309b61 R14: 00000000007608f0 R15: 000000000075bf2c [ 3186.120625] Task in /syz0 killed as a result of limit of /syz0 [ 3186.126765] memory: usage 307200kB, limit 307200kB, failcnt 1307 [ 3186.133475] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3186.148148] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3186.161022] Memory cgroup stats for /syz0: cache:8KB rss:188KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3186.191313] Memory cgroup out of memory: Kill process 15741 (syz-executor.0) score 1103 or sacrifice child [ 3186.217091] Killed process 15741 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3186.234945] oom_reaper: reaped process 15741 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3900000000000000) 15:02:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x0, 0x0}) 15:02:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x6000000000000000}], 0x0, 0x500) 15:02:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55e, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)) 15:02:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x4b04000000000000}], 0x0, 0x500) 15:02:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) [ 3187.044770] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)) [ 3187.091278] BFS-fs: bfs_fill_super(): No BFS filesystem on loop4 (magic=00000000) 15:02:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x8000000000000000}], 0x0, 0x500) 15:02:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3187.375923] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:18 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3a00000000000000) 15:02:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0x8cffffff00000000}], 0x0, 0x500) 15:02:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x55f, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) 15:02:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3188.620851] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x560, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) 15:02:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xf5ffffff00000000}], 0x0, 0x500) [ 3188.891976] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:19 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3b00000000000000) 15:02:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:19 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xf6ffffff00000000}], 0x0, 0x500) 15:02:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x561, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x8000000f, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x0, 0x500) 15:02:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3190.208786] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xfb25000000000000}], 0x0, 0x500) [ 3190.325794] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 3190.537884] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x3f00000000000000) 15:02:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xfeffffff00000000}], 0x0, 0x500) 15:02:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x562, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3191.609915] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xff07040000000000}], 0x0, 0x500) 15:02:21 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3191.917262] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x4000000000000000) 15:02:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xff0f000000000000}], 0x0, 0x500) 15:02:22 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x563, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3193.151399] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xffff1f0000000000}], 0x0, 0x500) 15:02:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3193.440855] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:24 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x4800000000000000) 15:02:24 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 2: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xffffff7f00000000}], 0x0, 0x500) 15:02:24 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x564, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:24 executing program 2: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3194.589974] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xffffffff00000000}], 0x0, 0x500) 15:02:24 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:24 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3194.880324] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x4c00000000000000) 15:02:25 executing program 2: syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:25 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa, 0xffffffffffffffff}], 0x0, 0x500) 15:02:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x565, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:25 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:25 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, 0x0) 15:02:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3196.056444] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00000000) 15:02:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2, 0x500) 15:02:25 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:25 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, 0x0) [ 3196.327544] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:27 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, 0x0) 15:02:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x6000000000000000) 15:02:27 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3, 0x500) 15:02:27 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x566, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:27 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x0, 0x0}) 15:02:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4, 0x500) 15:02:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:27 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x0, 0x0}) [ 3197.932454] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3197.996835] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3198.002480] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3198.015048] CPU: 1 PID: 15969 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3198.022870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3198.032233] Call Trace: [ 3198.034837] dump_stack+0x197/0x210 [ 3198.038485] dump_header+0x15e/0xa55 [ 3198.042213] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3198.047330] ? ___ratelimit+0x60/0x595 [ 3198.051223] ? do_raw_spin_unlock+0x181/0x270 [ 3198.055734] oom_kill_process.cold+0x10/0x6ef [ 3198.060249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3198.065805] ? task_will_free_mem+0x139/0x6e0 [ 3198.070316] out_of_memory+0x362/0x1330 [ 3198.074305] ? lock_downgrade+0x880/0x880 [ 3198.078467] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3198.092211] ? oom_killer_disable+0x280/0x280 [ 3198.096717] ? find_held_lock+0x35/0x130 [ 3198.100808] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3198.105661] ? memcg_event_wake+0x230/0x230 [ 3198.111301] ? do_raw_spin_unlock+0x181/0x270 [ 3198.115808] ? _raw_spin_unlock+0x2d/0x50 [ 3198.119967] try_charge+0xec5/0x1490 [ 3198.124564] ? lock_downgrade+0x880/0x880 [ 3198.128732] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3198.133587] ? rcu_read_unlock+0x33/0x60 [ 3198.137656] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3198.142513] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3198.148589] mem_cgroup_try_charge+0x259/0x6b0 [ 3198.153190] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3198.158130] __handle_mm_fault+0x1e50/0x3f80 [ 3198.162551] ? copy_page_range+0x2030/0x2030 [ 3198.166981] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3198.171659] handle_mm_fault+0x1b5/0x690 [ 3198.175741] __do_page_fault+0x62a/0xe90 [ 3198.179828] ? vmalloc_fault+0x740/0x740 [ 3198.183901] ? trace_hardirqs_off_caller+0x65/0x220 [ 3198.188932] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3198.193889] ? page_fault+0x8/0x30 [ 3198.197451] do_page_fault+0x71/0x57d [ 3198.201272] ? page_fault+0x8/0x30 [ 3198.204835] page_fault+0x1e/0x30 [ 3198.208297] RIP: 0033:0x4005c0 [ 3198.211507] Code: 01 e9 cd 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 20 48 8b 14 24 48 8b 7c 24 20 be 02 00 00 00 e8 a5 55 00 00 48 8b 4c 24 08 <66> 89 01 e9 a1 01 00 00 48 8b 44 24 08 48 8b 14 24 be 02 00 00 00 [ 3198.230424] RSP: 002b:00007ffd6c54cd00 EFLAGS: 00010202 [ 3198.235805] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000020000040 [ 3198.243086] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 3198.250361] RBP: 00000000007608e8 R08: 0000000000000000 R09: 0000000000000000 [ 3198.257792] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 000000000075bf20 [ 3198.265073] R13: 000000000030cba9 R14: 00000000007608f0 R15: 000000000075bf2c [ 3198.640316] Task in /syz0 killed as a result of limit of /syz0 [ 3198.662484] memory: usage 307192kB, limit 307200kB, failcnt 1557 [ 3198.675539] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3198.709200] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3198.720970] Memory cgroup stats for /syz0: cache:8KB rss:184KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3198.762166] Memory cgroup out of memory: Kill process 15969 (syz-executor.0) score 1103 or sacrifice child [ 3198.782195] Killed process 15969 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3198.804837] oom_reaper: reaped process 15969 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 15:02:28 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x6800000000000000) 15:02:28 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:28 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x0, 0x0}) 15:02:28 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x5, 0x500) 15:02:28 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x567, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:29 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)) 15:02:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3199.308218] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3199.375502] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3199.403787] CPU: 0 PID: 15979 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3199.411643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3199.421125] Call Trace: [ 3199.423737] dump_stack+0x197/0x210 [ 3199.427394] dump_header+0x15e/0xa55 [ 3199.431134] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3199.436262] ? ___ratelimit+0x60/0x595 [ 3199.440166] ? do_raw_spin_unlock+0x181/0x270 [ 3199.444684] oom_kill_process.cold+0x10/0x6ef [ 3199.449202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3199.454754] ? task_will_free_mem+0x139/0x6e0 [ 3199.459287] out_of_memory+0x362/0x1330 [ 3199.463295] ? lock_downgrade+0x880/0x880 [ 3199.467459] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3199.472589] ? oom_killer_disable+0x280/0x280 [ 3199.477097] ? find_held_lock+0x35/0x130 [ 3199.481191] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3199.486066] ? memcg_event_wake+0x230/0x230 [ 3199.490405] ? do_raw_spin_unlock+0x181/0x270 [ 3199.494911] ? _raw_spin_unlock+0x2d/0x50 [ 3199.499071] try_charge+0xec5/0x1490 [ 3199.502797] ? lock_downgrade+0x880/0x880 [ 3199.506974] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3199.511831] ? rcu_read_unlock+0x33/0x60 [ 3199.515903] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3199.520762] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3199.526841] mem_cgroup_try_charge+0x259/0x6b0 [ 3199.531444] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3199.536398] wp_page_copy+0x430/0x16a0 [ 3199.540312] ? follow_pfn+0x2a0/0x2a0 [ 3199.544132] ? do_raw_spin_unlock+0x181/0x270 [ 3199.548667] do_wp_page+0x57d/0x10b0 [ 3199.552407] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3199.557095] ? kasan_check_write+0x14/0x20 [ 3199.561347] ? do_raw_spin_lock+0xd7/0x250 [ 3199.565599] __handle_mm_fault+0x2305/0x3f80 [ 3199.570023] ? copy_page_range+0x2030/0x2030 [ 3199.574463] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3199.579149] handle_mm_fault+0x1b5/0x690 [ 3199.583229] __do_page_fault+0x62a/0xe90 [ 3199.587307] ? vmalloc_fault+0x740/0x740 [ 3199.591382] ? trace_hardirqs_off_caller+0x65/0x220 [ 3199.596408] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3199.601474] ? page_fault+0x8/0x30 [ 3199.605046] do_page_fault+0x71/0x57d [ 3199.608861] ? page_fault+0x8/0x30 [ 3199.612415] page_fault+0x1e/0x30 [ 3199.615879] RIP: 0033:0x40d708 [ 3199.619082] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 a9 32 00 48 8b 15 73 4f 66 00 83 c0 01 <89> 05 f2 a8 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 3199.637995] RSP: 002b:00007ffd6c54ccd0 EFLAGS: 00010202 [ 3199.643366] RAX: 0000000000000001 RBX: 0000001b2f320014 RCX: 0000001b30320000 [ 3199.650643] RDX: 0000001b2f320000 RSI: 000000000000118f RDI: ffffffff29a7918f [ 3199.659571] RBP: 0000001b2f320018 R08: 0000000029a7918f R09: 0000000029a79193 [ 3199.666859] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 0000001b2f32001c [ 3199.674141] R13: 000000000030d11d R14: 000000000075bf20 R15: 000000000075bf2c 15:02:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:29 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)) [ 3199.729588] Task in /syz0 killed as a result of limit of /syz0 [ 3199.740306] memory: usage 307200kB, limit 307200kB, failcnt 1591 [ 3199.746499] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3199.761260] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:02:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6, 0x500) 15:02:29 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)) [ 3199.774903] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:140KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3199.846990] Memory cgroup out of memory: Kill process 15979 (syz-executor.0) score 1103 or sacrifice child [ 3199.893033] Killed process 15979 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3199.976002] oom_reaper: reaped process 15979 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3199.996946] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x6c00000000000000) 15:02:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b48, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x7, 0x500) 15:02:30 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x568, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6, 0x500) 15:02:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3201.243444] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3201.288060] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3201.293583] CPU: 1 PID: 16006 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3201.301391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3201.310757] Call Trace: [ 3201.313364] dump_stack+0x197/0x210 [ 3201.317009] dump_header+0x15e/0xa55 [ 3201.320737] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3201.325850] ? ___ratelimit+0x60/0x595 [ 3201.329764] ? do_raw_spin_unlock+0x181/0x270 [ 3201.334280] oom_kill_process.cold+0x10/0x6ef [ 3201.338798] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3201.344353] ? task_will_free_mem+0x139/0x6e0 [ 3201.348873] out_of_memory+0x362/0x1330 [ 3201.352873] ? oom_killer_disable+0x280/0x280 [ 3201.357406] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3201.369741] ? memcg_event_wake+0x230/0x230 [ 3201.374101] ? _raw_spin_unlock+0x41/0x50 [ 3201.378270] try_charge+0xec5/0x1490 [ 3201.382005] ? lock_downgrade+0x880/0x880 [ 3201.386173] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3201.391030] ? rcu_read_unlock+0x33/0x60 [ 3201.395103] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3201.399987] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3201.406056] ? __free_object+0xe2/0x1f0 [ 3201.410049] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3201.415176] mem_cgroup_try_charge+0x259/0x6b0 [ 3201.419778] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3201.424722] wp_page_copy+0x430/0x16a0 [ 3201.428627] ? follow_pfn+0x2a0/0x2a0 [ 3201.432442] ? do_raw_spin_unlock+0x181/0x270 [ 3201.436949] do_wp_page+0x57d/0x10b0 [ 3201.440677] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3201.445360] ? kasan_check_write+0x14/0x20 [ 3201.449603] ? do_raw_spin_lock+0xd7/0x250 [ 3201.453851] __handle_mm_fault+0x2305/0x3f80 [ 3201.458276] ? copy_page_range+0x2030/0x2030 [ 3201.462718] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3201.467402] handle_mm_fault+0x1b5/0x690 [ 3201.473740] __do_page_fault+0x62a/0xe90 [ 3201.477821] ? vmalloc_fault+0x740/0x740 [ 3201.481900] ? trace_hardirqs_off_caller+0x65/0x220 [ 3201.486933] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3201.491879] ? page_fault+0x8/0x30 [ 3201.495440] do_page_fault+0x71/0x57d [ 3201.499256] ? page_fault+0x8/0x30 [ 3201.502820] page_fault+0x1e/0x30 [ 3201.506295] RIP: 0033:0x40d948 [ 3201.509504] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 3201.528447] RSP: 002b:00007ffd6c54cd10 EFLAGS: 00010246 [ 3201.533835] RAX: 0000000000000004 RBX: 000000000075bf20 RCX: 0000000000000001 [ 3201.541126] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000075bf20 [ 3201.548405] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 3201.555817] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 000000000075bf20 [ 3201.563113] R13: 000000000030d8b4 R14: 000000000030d8e1 R15: 000000000075bf2c 15:02:31 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3201.600911] Task in /syz0 killed as a result of limit of /syz0 [ 3201.607096] memory: usage 307200kB, limit 307200kB, failcnt 1619 [ 3201.613949] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3201.621512] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3201.627834] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:144KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3201.648606] Memory cgroup out of memory: Kill process 16006 (syz-executor.0) score 1103 or sacrifice child [ 3201.659077] Killed process 16006 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3201.673987] oom_reaper: reaped process 16006 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x9, 0x500) 15:02:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3201.709792] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing 15:02:31 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3201.926863] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3202.006483] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3202.014636] CPU: 0 PID: 16029 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3202.022471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3202.031829] Call Trace: [ 3202.034430] dump_stack+0x197/0x210 [ 3202.038081] dump_header+0x15e/0xa55 [ 3202.041813] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3202.046927] ? ___ratelimit+0x60/0x595 [ 3202.050826] ? do_raw_spin_unlock+0x181/0x270 [ 3202.055341] oom_kill_process.cold+0x10/0x6ef [ 3202.059980] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3202.065531] ? task_will_free_mem+0x139/0x6e0 [ 3202.070052] out_of_memory+0x362/0x1330 [ 3202.074051] ? lock_downgrade+0x880/0x880 [ 3202.078764] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3202.083876] ? oom_killer_disable+0x280/0x280 [ 3202.088379] ? find_held_lock+0x35/0x130 [ 3202.092470] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3202.097322] ? memcg_event_wake+0x230/0x230 [ 3202.101659] ? do_raw_spin_unlock+0x181/0x270 [ 3202.106167] ? _raw_spin_unlock+0x2d/0x50 [ 3202.110327] try_charge+0xec5/0x1490 [ 3202.114050] ? lock_downgrade+0x880/0x880 [ 3202.118216] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3202.123069] ? rcu_read_unlock+0x33/0x60 [ 3202.127134] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3202.131991] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3202.138102] mem_cgroup_try_charge+0x259/0x6b0 [ 3202.142703] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3202.147638] wp_page_copy+0x430/0x16a0 [ 3202.151541] ? follow_pfn+0x2a0/0x2a0 [ 3202.155350] ? do_raw_spin_unlock+0x181/0x270 [ 3202.159852] do_wp_page+0x57d/0x10b0 [ 3202.163572] ? lock_acquire+0x16f/0x3f0 [ 3202.167550] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3202.172224] ? kasan_check_write+0x14/0x20 [ 3202.176957] ? do_raw_spin_lock+0xd7/0x250 [ 3202.181205] __handle_mm_fault+0x2305/0x3f80 [ 3202.185627] ? copy_page_range+0x2030/0x2030 [ 3202.190058] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3202.194738] handle_mm_fault+0x1b5/0x690 [ 3202.198835] __do_page_fault+0x62a/0xe90 [ 3202.202935] ? vmalloc_fault+0x740/0x740 [ 3202.207022] ? trace_hardirqs_off_caller+0x65/0x220 [ 3202.212061] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3202.217007] ? page_fault+0x8/0x30 [ 3202.220563] do_page_fault+0x71/0x57d [ 3202.224371] ? page_fault+0x8/0x30 [ 3202.227916] page_fault+0x1e/0x30 [ 3202.231379] RIP: 0033:0x40ff98 [ 3202.234583] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3202.253495] RSP: 002b:00007ffd6c54cc70 EFLAGS: 00010246 [ 3202.258871] RAX: 000000009cbbf6b7 RBX: 00000000a709c79f RCX: 0000001b30320000 [ 3202.266143] RDX: 0000000000000000 RSI: 00000000000016b7 RDI: ffffffff9cbbf6b7 [ 3202.273416] RBP: 0000000000000005 R08: 000000009cbbf6b7 R09: 000000009cbbf6bb [ 3202.280692] R10: 00007ffd6c54ce10 R11: 0000000000000246 R12: 000000000075bfa8 [ 3202.288920] R13: 0000000080000000 R14: 00007fe843cd0008 R15: 0000000000000005 [ 3202.299154] Task in /syz0 killed as a result of limit of /syz0 [ 3202.305406] memory: usage 307200kB, limit 307200kB, failcnt 1653 [ 3202.312247] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3202.319544] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3202.325929] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3202.346351] Memory cgroup out of memory: Kill process 16029 (syz-executor.0) score 1103 or sacrifice child [ 3202.357647] Killed process 16029 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3202.371526] oom_reaper: reaped process 16029 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x7400000000000000) 15:02:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b46, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa, 0x500) 15:02:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x569, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3203.284458] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:02:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x9, 0x500) [ 3203.378490] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3203.383933] CPU: 0 PID: 16037 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3203.391750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3203.401118] Call Trace: [ 3203.403728] dump_stack+0x197/0x210 [ 3203.407378] dump_header+0x15e/0xa55 [ 3203.411112] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3203.416231] ? ___ratelimit+0x60/0x595 [ 3203.420136] ? do_raw_spin_unlock+0x181/0x270 [ 3203.424655] oom_kill_process.cold+0x10/0x6ef [ 3203.429175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3203.434734] ? task_will_free_mem+0x139/0x6e0 [ 3203.439265] out_of_memory+0x362/0x1330 [ 3203.443264] ? lock_downgrade+0x880/0x880 [ 3203.447429] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3203.452552] ? oom_killer_disable+0x280/0x280 [ 3203.457065] ? find_held_lock+0x35/0x130 [ 3203.461157] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3203.466019] ? memcg_event_wake+0x230/0x230 [ 3203.470369] ? do_raw_spin_unlock+0x181/0x270 [ 3203.474882] ? _raw_spin_unlock+0x2d/0x50 [ 3203.479054] try_charge+0xec5/0x1490 [ 3203.482805] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3203.490310] ? lock_downgrade+0x880/0x880 [ 3203.494484] ? kasan_check_read+0x11/0x20 [ 3203.498654] memcg_kmem_charge_memcg+0x83/0x170 [ 3203.503339] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3203.507861] ? __isolate_free_page+0x4c0/0x4c0 [ 3203.512460] memcg_kmem_charge+0x13b/0x370 [ 3203.516717] __alloc_pages_nodemask+0x3c3/0x750 [ 3203.521442] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3203.526475] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3203.531073] ? trace_hardirqs_on+0x67/0x220 [ 3203.535417] copy_process.part.0+0x3e0/0x7a30 [ 3203.539928] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3203.545055] ? delayacct_end+0x5c/0x100 [ 3203.549188] ? __delayacct_freepages_end+0xe0/0x140 [ 3203.554224] ? __lock_acquire+0x6ee/0x49c0 [ 3203.558490] ? __cleanup_sighand+0x70/0x70 [ 3203.562754] ? mark_held_locks+0x100/0x100 [ 3203.567018] _do_fork+0x257/0xfd0 [ 3203.570491] ? fork_idle+0x1d0/0x1d0 [ 3203.574226] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3203.580120] ? kasan_check_read+0x11/0x20 [ 3203.584282] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3203.589046] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3203.593813] ? do_syscall_64+0x26/0x620 [ 3203.597813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3203.603192] ? do_syscall_64+0x26/0x620 [ 3203.607193] __x64_sys_clone+0xbf/0x150 [ 3203.611181] do_syscall_64+0xfd/0x620 [ 3203.614998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3203.620193] RIP: 0033:0x45d919 [ 3203.623395] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3203.642309] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3203.650033] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3203.657314] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3203.664600] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3203.671884] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 15:02:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3203.679162] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c [ 3203.750913] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3203.758192] Task in /syz0 killed as a result of limit of /syz0 [ 3203.765709] memory: usage 307172kB, limit 307200kB, failcnt 1684 15:02:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3203.794186] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3203.827344] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:02:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b45, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3203.864403] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB 15:02:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xe, 0x500) [ 3204.091756] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3204.158129] Memory cgroup out of memory: Kill process 16037 (syz-executor.0) score 1103 or sacrifice child [ 3204.177325] Killed process 16037 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3204.215964] oom_reaper: reaped process 16037 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x7a00000000000000) 15:02:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b45, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, 0x0) 15:02:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x22, 0x500) 15:02:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56a, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3204.968796] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3205.008142] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3205.013649] CPU: 1 PID: 16068 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3205.021457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3205.030820] Call Trace: [ 3205.033420] dump_stack+0x197/0x210 [ 3205.037062] dump_header+0x15e/0xa55 [ 3205.040794] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3205.045912] ? ___ratelimit+0x60/0x595 [ 3205.050068] ? do_raw_spin_unlock+0x181/0x270 [ 3205.054583] oom_kill_process.cold+0x10/0x6ef [ 3205.059096] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3205.064640] ? task_will_free_mem+0x139/0x6e0 [ 3205.069156] out_of_memory+0x362/0x1330 [ 3205.073143] ? lock_downgrade+0x880/0x880 [ 3205.077302] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3205.082415] ? oom_killer_disable+0x280/0x280 [ 3205.086925] ? find_held_lock+0x35/0x130 [ 3205.091014] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3205.095878] ? memcg_event_wake+0x230/0x230 [ 3205.100212] ? do_raw_spin_unlock+0x181/0x270 [ 3205.104830] ? _raw_spin_unlock+0x2d/0x50 [ 3205.108999] try_charge+0xec5/0x1490 [ 3205.112747] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 15:02:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, 0x0) [ 3205.117615] ? lock_downgrade+0x880/0x880 [ 3205.121789] ? kasan_check_read+0x11/0x20 [ 3205.125957] memcg_kmem_charge_memcg+0x83/0x170 [ 3205.130654] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3205.135179] ? __isolate_free_page+0x4c0/0x4c0 [ 3205.139787] memcg_kmem_charge+0x13b/0x370 [ 3205.144044] __alloc_pages_nodemask+0x3c3/0x750 [ 3205.148733] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3205.153766] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3205.158359] ? trace_hardirqs_on+0x67/0x220 [ 3205.162706] copy_process.part.0+0x3e0/0x7a30 [ 3205.167221] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3205.172346] ? delayacct_end+0x5c/0x100 [ 3205.176351] ? __delayacct_freepages_end+0xe0/0x140 [ 3205.181394] ? __lock_acquire+0x6ee/0x49c0 [ 3205.185658] ? __cleanup_sighand+0x70/0x70 [ 3205.190039] ? mark_held_locks+0x100/0x100 [ 3205.194310] _do_fork+0x257/0xfd0 [ 3205.197788] ? fork_idle+0x1d0/0x1d0 [ 3205.201522] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3205.208294] ? kasan_check_read+0x11/0x20 [ 3205.212460] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3205.217234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3205.222026] ? do_syscall_64+0x26/0x620 [ 3205.226120] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3205.231506] ? do_syscall_64+0x26/0x620 [ 3205.235508] __x64_sys_clone+0xbf/0x150 [ 3205.239502] do_syscall_64+0xfd/0x620 [ 3205.243329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3205.248534] RIP: 0033:0x45d919 [ 3205.251739] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3205.270652] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3205.278378] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3205.285757] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3205.293044] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3205.300334] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3205.307613] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c 15:02:35 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56b, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23, 0x500) 15:02:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:35 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, 0x0) [ 3205.628239] Task in /syz0 killed as a result of limit of /syz0 [ 3205.717507] memory: usage 307176kB, limit 307200kB, failcnt 1716 [ 3205.725426] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3205.740413] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3205.753394] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3205.792916] Memory cgroup out of memory: Kill process 16068 (syz-executor.0) score 1103 or sacrifice child [ 3205.814057] Killed process 16068 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3205.838016] oom_reaper: reaped process 16068 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x97ffffff00000000) 15:02:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x0, 0x0}) 15:02:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2c, 0x500) 15:02:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:36 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56c, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3206.636387] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:02:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x0, 0x0}) 15:02:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b44, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3206.718030] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3206.728220] CPU: 0 PID: 16097 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3206.736053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3206.745415] Call Trace: [ 3206.748020] dump_stack+0x197/0x210 [ 3206.751661] dump_header+0x15e/0xa55 [ 3206.755383] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3206.760498] ? ___ratelimit+0x60/0x595 [ 3206.764396] ? do_raw_spin_unlock+0x181/0x270 [ 3206.768912] oom_kill_process.cold+0x10/0x6ef [ 3206.773422] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3206.778965] ? task_will_free_mem+0x139/0x6e0 [ 3206.783478] out_of_memory+0x362/0x1330 [ 3206.787466] ? lock_downgrade+0x880/0x880 [ 3206.791622] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3206.796741] ? oom_killer_disable+0x280/0x280 [ 3206.801243] ? find_held_lock+0x35/0x130 [ 3206.805334] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3206.810188] ? memcg_event_wake+0x230/0x230 [ 3206.814524] ? do_raw_spin_unlock+0x181/0x270 [ 3206.819026] ? _raw_spin_unlock+0x2d/0x50 [ 3206.823187] try_charge+0xec5/0x1490 [ 3206.826914] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3206.831767] ? lock_downgrade+0x880/0x880 [ 3206.835924] ? kasan_check_read+0x11/0x20 [ 3206.840083] memcg_kmem_charge_memcg+0x83/0x170 [ 3206.844760] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3206.849275] ? __isolate_free_page+0x4c0/0x4c0 [ 3206.853870] memcg_kmem_charge+0x13b/0x370 [ 3206.858119] __alloc_pages_nodemask+0x3c3/0x750 [ 3206.862805] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3206.867839] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3206.872432] ? trace_hardirqs_on+0x67/0x220 [ 3206.876769] copy_process.part.0+0x3e0/0x7a30 [ 3206.881277] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3206.886389] ? delayacct_end+0x5c/0x100 [ 3206.890371] ? __delayacct_freepages_end+0xe0/0x140 [ 3206.895395] ? __lock_acquire+0x6ee/0x49c0 [ 3206.899650] ? __cleanup_sighand+0x70/0x70 [ 3206.903904] ? mark_held_locks+0x100/0x100 [ 3206.908376] _do_fork+0x257/0xfd0 [ 3206.911857] ? fork_idle+0x1d0/0x1d0 [ 3206.915592] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3206.921509] ? kasan_check_read+0x11/0x20 [ 3206.925681] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3206.930450] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3206.935213] ? do_syscall_64+0x26/0x620 [ 3206.939196] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3206.944566] ? do_syscall_64+0x26/0x620 [ 3206.948560] __x64_sys_clone+0xbf/0x150 [ 3206.952549] do_syscall_64+0xfd/0x620 [ 3206.956365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3206.961558] RIP: 0033:0x45d919 [ 3206.964754] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3206.983658] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3206.991385] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3206.998676] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3207.006044] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3207.013929] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3207.021209] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c [ 3207.036259] Task in /syz0 killed as a result of limit of /syz0 [ 3207.048713] memory: usage 307188kB, limit 307200kB, failcnt 1749 15:02:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x60, 0x500) [ 3207.063176] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3207.096206] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3207.115236] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB 15:02:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3207.158176] Memory cgroup out of memory: Kill process 16097 (syz-executor.0) score 1103 or sacrifice child [ 3207.213168] Killed process 16097 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3207.225318] oom_reaper: reaped process 16097 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3207.377666] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3207.407640] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3207.420793] CPU: 0 PID: 16120 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3207.428777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3207.438136] Call Trace: [ 3207.440740] dump_stack+0x197/0x210 [ 3207.444381] dump_header+0x15e/0xa55 [ 3207.448117] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3207.453231] ? ___ratelimit+0x60/0x595 [ 3207.457126] ? do_raw_spin_unlock+0x181/0x270 [ 3207.461645] oom_kill_process.cold+0x10/0x6ef [ 3207.466244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3207.472483] ? task_will_free_mem+0x139/0x6e0 [ 3207.476992] out_of_memory+0x362/0x1330 [ 3207.480980] ? lock_downgrade+0x880/0x880 [ 3207.485141] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3207.490254] ? oom_killer_disable+0x280/0x280 [ 3207.494758] ? find_held_lock+0x35/0x130 [ 3207.498838] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3207.503689] ? memcg_event_wake+0x230/0x230 [ 3207.508024] ? do_raw_spin_unlock+0x181/0x270 [ 3207.512529] ? _raw_spin_unlock+0x2d/0x50 [ 3207.516685] try_charge+0xec5/0x1490 [ 3207.520591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3207.525446] ? lock_downgrade+0x880/0x880 [ 3207.529606] ? kasan_check_read+0x11/0x20 [ 3207.533766] memcg_kmem_charge_memcg+0x83/0x170 [ 3207.538445] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3207.542958] ? __isolate_free_page+0x4c0/0x4c0 [ 3207.547575] memcg_kmem_charge+0x13b/0x370 [ 3207.551828] __alloc_pages_nodemask+0x3c3/0x750 [ 3207.556534] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3207.561586] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3207.566209] ? trace_hardirqs_on+0x67/0x220 [ 3207.570819] copy_process.part.0+0x3e0/0x7a30 [ 3207.575341] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3207.580462] ? delayacct_end+0x5c/0x100 [ 3207.584462] ? __delayacct_freepages_end+0xe0/0x140 [ 3207.589495] ? __lock_acquire+0x6ee/0x49c0 [ 3207.593752] ? __cleanup_sighand+0x70/0x70 [ 3207.597997] ? mark_held_locks+0x100/0x100 [ 3207.602275] _do_fork+0x257/0xfd0 [ 3207.605755] ? fork_idle+0x1d0/0x1d0 [ 3207.609491] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3207.615390] ? kasan_check_read+0x11/0x20 [ 3207.619552] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3207.624319] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3207.629085] ? do_syscall_64+0x26/0x620 [ 3207.633068] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3207.638440] ? do_syscall_64+0x26/0x620 [ 3207.642429] __x64_sys_clone+0xbf/0x150 [ 3207.646436] do_syscall_64+0xfd/0x620 [ 3207.650249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3207.655448] RIP: 0033:0x45d919 [ 3207.659317] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3207.678431] RSP: 002b:00007ffd6c54cc08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3207.686148] RAX: ffffffffffffffda RBX: 00007fe841ccf700 RCX: 000000000045d919 [ 3207.693422] RDX: 00007fe841ccf9d0 RSI: 00007fe841ccedb0 RDI: 00000000003d0f00 [ 3207.700696] RBP: 00007ffd6c54ce20 R08: 00007fe841ccf700 R09: 00007fe841ccf700 [ 3207.707967] R10: 00007fe841ccf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 3207.715246] R13: 00007ffd6c54ccbf R14: 00007fe841ccf9c0 R15: 000000000075bf2c [ 3207.858225] Task in /syz0 killed as a result of limit of /syz0 [ 3207.864345] memory: usage 307196kB, limit 307200kB, failcnt 1781 [ 3207.878167] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3207.898152] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3207.904396] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3207.934532] Memory cgroup out of memory: Kill process 16120 (syz-executor.0) score 1103 or sacrifice child [ 3207.951528] Killed process 16120 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3208.009925] oom_reaper: reaped process 16120 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x9effffff00000000) 15:02:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x300, 0x500) 15:02:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56d, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3208.662276] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3208.738249] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3208.750267] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3208.755693] CPU: 1 PID: 16129 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3208.763497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3208.772868] Call Trace: [ 3208.775475] dump_stack+0x197/0x210 [ 3208.779126] dump_header+0x15e/0xa55 [ 3208.782877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3208.782894] ? ___ratelimit+0x60/0x595 [ 3208.782910] ? do_raw_spin_unlock+0x181/0x270 [ 3208.782931] oom_kill_process.cold+0x10/0x6ef [ 3208.782952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3208.782968] ? task_will_free_mem+0x139/0x6e0 [ 3208.782984] ? find_held_lock+0x35/0x130 [ 3208.783007] out_of_memory+0x362/0x1330 [ 3208.783027] ? lock_downgrade+0x880/0x880 [ 3208.783045] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3208.783061] ? oom_killer_disable+0x280/0x280 15:02:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x303, 0x500) [ 3208.783075] ? find_held_lock+0x35/0x130 [ 3208.783104] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3208.783121] ? memcg_event_wake+0x230/0x230 [ 3208.783142] ? do_raw_spin_unlock+0x181/0x270 [ 3208.783157] ? _raw_spin_unlock+0x2d/0x50 [ 3208.783174] try_charge+0xec5/0x1490 [ 3208.783199] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3208.783220] ? lock_downgrade+0x880/0x880 [ 3208.783238] ? kasan_check_read+0x11/0x20 [ 3208.783261] memcg_kmem_charge_memcg+0x83/0x170 [ 3208.783279] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3208.783300] ? __isolate_free_page+0x4c0/0x4c0 [ 3208.783318] memcg_kmem_charge+0x13b/0x370 [ 3208.783339] __alloc_pages_nodemask+0x3c3/0x750 [ 3208.783361] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3208.783378] ? __lock_acquire+0x6ee/0x49c0 [ 3208.783401] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3208.783421] alloc_pages_current+0x107/0x210 15:02:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x304, 0x500) [ 3208.783439] __pmd_alloc+0x41/0x460 [ 3208.783454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3208.783471] __handle_mm_fault+0x1954/0x3f80 [ 3208.783490] ? copy_page_range+0x2030/0x2030 [ 3208.783523] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3208.783542] handle_mm_fault+0x1b5/0x690 [ 3208.783569] __do_page_fault+0x62a/0xe90 [ 3208.783591] ? vmalloc_fault+0x740/0x740 [ 3208.783608] ? trace_hardirqs_off_caller+0x65/0x220 [ 3208.783622] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3208.783637] ? page_fault+0x8/0x30 [ 3208.783656] do_page_fault+0x71/0x57d [ 3208.783670] ? page_fault+0x8/0x30 [ 3208.783686] page_fault+0x1e/0x30 [ 3208.783697] RIP: 0033:0x401c27 [ 3208.783712] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3208.783720] RSP: 002b:00007ffd6c54cd30 EFLAGS: 00010287 [ 3208.783733] RAX: 0000001b2f320000 RBX: 0000000000000000 RCX: 0000001b30320000 [ 3208.783742] RDX: 0000001b2f320004 RSI: 00007ffd6c54caf0 RDI: 0000000000000000 [ 3208.783749] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3208.783758] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3208.783767] R13: 00007ffd6c54cf20 R14: 0000000000000000 R15: 00007ffd6c54cf30 [ 3208.905728] Task in /syz0 killed as a result of limit of /syz0 [ 3208.905761] memory: usage 307200kB, limit 307200kB, failcnt 1819 15:02:39 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x305, 0x500) [ 3208.905771] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3208.905781] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3208.905787] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3208.905868] Memory cgroup out of memory: Kill process 16129 (syz-executor.0) score 1103 or sacrifice child [ 3208.905921] Killed process 16129 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3208.906825] oom_reaper: reaped process 16129 (syz-executor.0), now anon-rss:0kB, file-rss:34176kB, shmem-rss:0kB [ 3209.012992] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3209.013003] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3209.013031] CPU: 0 PID: 16140 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3209.013040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3209.013045] Call Trace: [ 3209.013070] dump_stack+0x197/0x210 [ 3209.013092] dump_header+0x15e/0xa55 [ 3209.013110] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3209.013125] ? ___ratelimit+0x60/0x595 [ 3209.013139] ? do_raw_spin_unlock+0x181/0x270 [ 3209.013159] oom_kill_process.cold+0x10/0x6ef [ 3209.013179] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.013194] ? task_will_free_mem+0x139/0x6e0 [ 3209.013217] out_of_memory+0x362/0x1330 [ 3209.013237] ? lock_downgrade+0x880/0x880 [ 3209.013255] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3209.013271] ? oom_killer_disable+0x280/0x280 [ 3209.013286] ? find_held_lock+0x35/0x130 [ 3209.013314] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3209.013331] ? memcg_event_wake+0x230/0x230 [ 3209.013352] ? do_raw_spin_unlock+0x181/0x270 [ 3209.013368] ? _raw_spin_unlock+0x2d/0x50 [ 3209.013385] try_charge+0xec5/0x1490 [ 3209.013402] ? lock_downgrade+0x880/0x880 [ 3209.013425] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3209.013442] ? rcu_read_unlock+0x33/0x60 [ 3209.013455] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3209.013475] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3209.013501] mem_cgroup_try_charge+0x259/0x6b0 [ 3209.013523] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3209.013540] wp_page_copy+0x430/0x16a0 [ 3209.013564] ? follow_pfn+0x2a0/0x2a0 [ 3209.013583] ? do_raw_spin_unlock+0x181/0x270 [ 3209.013601] do_wp_page+0x57d/0x10b0 [ 3209.013620] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3209.013637] ? kasan_check_write+0x14/0x20 [ 3209.013650] ? do_raw_spin_lock+0xd7/0x250 [ 3209.013672] __handle_mm_fault+0x2305/0x3f80 [ 3209.013693] ? copy_page_range+0x2030/0x2030 [ 3209.013727] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3209.013746] handle_mm_fault+0x1b5/0x690 [ 3209.013768] __do_page_fault+0x62a/0xe90 [ 3209.013791] ? vmalloc_fault+0x740/0x740 [ 3209.013808] ? trace_hardirqs_off_caller+0x65/0x220 [ 3209.013822] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3209.013836] ? page_fault+0x8/0x30 [ 3209.013856] do_page_fault+0x71/0x57d [ 3209.013868] ? page_fault+0x8/0x30 [ 3209.013882] page_fault+0x1e/0x30 [ 3209.013892] RIP: 0033:0x45958a [ 3209.013904] Code: 00 00 0f 31 48 c1 e2 20 89 c0 48 09 c2 64 48 89 14 25 20 06 00 00 b8 c0 58 41 00 48 89 15 0e f4 61 00 48 85 c0 74 08 4c 89 cf 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db 48 c7 05 ea 39 [ 3209.013910] RSP: 002b:00007ffd6c54cea0 EFLAGS: 00010206 [ 3209.013921] RAX: 00000000004158c0 RBX: 00007ffd6c54cea0 RCX: 000000000045951a [ 3209.013929] RDX: 000006b89bc5d90d RSI: 0000000000000000 RDI: 00000000024da940 [ 3209.013937] RBP: 00007ffd6c54cee0 R08: 0000000000000001 R09: 00000000024da940 [ 3209.013943] R10: 00000000024dac10 R11: 0000000000000246 R12: 0000000000000001 [ 3209.013951] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd6c54cf30 [ 3209.013971] Task in /syz0 killed as a result of limit of /syz0 [ 3209.014010] memory: usage 307200kB, limit 307200kB, failcnt 1848 [ 3209.014018] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.014026] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.014032] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3209.014111] Memory cgroup out of memory: Kill process 15295 (syz-executor.0) score 117 or sacrifice child [ 3209.014151] Killed process 16140 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3209.014399] oom_reaper: reaped process 16140 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3209.015709] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3209.015724] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3209.015755] CPU: 1 PID: 15295 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3209.015764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3209.015772] Call Trace: [ 3209.015800] dump_stack+0x197/0x210 [ 3209.015822] dump_header+0x15e/0xa55 [ 3209.015840] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3209.015855] ? ___ratelimit+0x60/0x595 [ 3209.015869] ? do_raw_spin_unlock+0x181/0x270 [ 3209.015889] oom_kill_process.cold+0x10/0x6ef [ 3209.015908] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3209.015923] ? task_will_free_mem+0x139/0x6e0 [ 3209.015945] out_of_memory+0x362/0x1330 [ 3209.015965] ? lock_downgrade+0x880/0x880 [ 3209.015982] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3209.016004] ? oom_killer_disable+0x280/0x280 [ 3209.016018] ? find_held_lock+0x35/0x130 [ 3209.016045] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3209.016061] ? memcg_event_wake+0x230/0x230 [ 3209.016081] ? do_raw_spin_unlock+0x181/0x270 [ 3209.016097] ? _raw_spin_unlock+0x2d/0x50 [ 3209.016113] try_charge+0xec5/0x1490 [ 3209.016130] ? lock_downgrade+0x880/0x880 [ 3209.016153] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3209.016169] ? rcu_read_unlock+0x33/0x60 [ 3209.016182] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3209.016197] ? mark_held_locks+0x100/0x100 [ 3209.016214] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3209.016239] mem_cgroup_try_charge+0x259/0x6b0 [ 3209.016261] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3209.016278] wp_page_copy+0x430/0x16a0 [ 3209.016302] ? follow_pfn+0x2a0/0x2a0 [ 3209.016320] ? do_raw_spin_unlock+0x181/0x270 [ 3209.016336] do_wp_page+0x57d/0x10b0 [ 3209.016354] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3209.016371] ? kasan_check_write+0x14/0x20 [ 3209.016383] ? do_raw_spin_lock+0xd7/0x250 [ 3209.016403] __handle_mm_fault+0x2305/0x3f80 [ 3209.016424] ? copy_page_range+0x2030/0x2030 [ 3209.016459] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3209.016478] handle_mm_fault+0x1b5/0x690 [ 3209.016500] __do_page_fault+0x62a/0xe90 [ 3209.016520] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3209.016543] ? vmalloc_fault+0x740/0x740 [ 3209.016567] ? trace_hardirqs_off_caller+0x65/0x220 [ 3209.016582] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3209.016597] ? page_fault+0x8/0x30 [ 3209.016618] do_page_fault+0x71/0x57d [ 3209.016632] ? page_fault+0x8/0x30 [ 3209.016649] page_fault+0x1e/0x30 [ 3209.016660] RIP: 0033:0x45967a [ 3209.016675] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 3209.016684] RSP: 002b:00007ffd6c54cea0 EFLAGS: 00010246 [ 3209.016696] RAX: 0000000000000000 RBX: 00007ffd6c54cea0 RCX: 000000000045951a [ 3209.016705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 3209.016714] RBP: 00007ffd6c54cee0 R08: 0000000000000001 R09: 00000000024da940 [ 3209.016723] R10: 00000000024dac10 R11: 0000000000000246 R12: 00000000000000ca [ 3209.016733] R13: 0000000000000058 R14: 0000000000000000 R15: 00007ffd6c54cf30 [ 3209.019447] Task in /syz0 killed as a result of limit of /syz0 [ 3209.019476] memory: usage 307192kB, limit 307200kB, failcnt 1850 [ 3209.019485] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.019495] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3209.019501] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3209.019580] Memory cgroup out of memory: Kill process 15295 (syz-executor.0) score 117 or sacrifice child [ 3209.019614] Killed process 15295 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 3209.020292] oom_reaper: reaped process 15295 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 3209.410157] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x403, 0x500) 15:02:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:40 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xbf0e000000000000) 15:02:40 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56e, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x42a, 0x500) 15:02:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:41 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3213.172377] IPVS: ftp: loaded support on port[0] = 21 [ 3213.594490] chnl_net:caif_netlink_parms(): no params data found [ 3213.782053] bridge0: port 1(bridge_slave_0) entered blocking state [ 3213.788601] bridge0: port 1(bridge_slave_0) entered disabled state [ 3213.797754] device bridge_slave_0 entered promiscuous mode [ 3213.807037] bridge0: port 2(bridge_slave_1) entered blocking state [ 3213.814194] bridge0: port 2(bridge_slave_1) entered disabled state [ 3213.823703] device bridge_slave_1 entered promiscuous mode [ 3213.931134] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3214.007321] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3214.093305] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3214.120483] team0: Port device team_slave_0 added [ 3214.173570] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3214.191460] team0: Port device team_slave_1 added [ 3214.254233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3214.270451] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3214.413238] device hsr_slave_0 entered promiscuous mode [ 3214.469893] device hsr_slave_1 entered promiscuous mode [ 3214.509995] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3214.590017] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3215.028432] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3215.321437] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3215.392896] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3215.409074] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3215.415954] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3215.426267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3215.495892] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3215.502119] 8021q: adding VLAN 0 to HW filter on device team0 [ 3215.531795] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3215.549489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3215.560769] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3215.569911] bridge0: port 1(bridge_slave_0) entered blocking state [ 3215.576273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3215.629952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3215.638128] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3215.647397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3215.659362] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3215.669240] bridge0: port 2(bridge_slave_1) entered blocking state [ 3215.675614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3215.745796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3215.753738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3215.772051] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3215.832633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3215.851092] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3215.862830] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3215.874280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3215.948867] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3215.956621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3215.972060] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3215.991881] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3216.025291] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3216.083066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3216.093032] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3216.110942] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3216.119451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3216.130646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3216.193685] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3216.210373] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3216.322027] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3216.391778] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3216.409235] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3216.416735] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3216.514866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3216.773905] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3216.790983] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3216.842832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3216.853974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3217.039111] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3217.059323] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3217.067401] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3217.148759] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3217.156203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3217.167853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3217.244928] device veth0_vlan entered promiscuous mode [ 3217.260050] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3217.270343] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3217.353437] device veth1_vlan entered promiscuous mode [ 3217.369876] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 3217.447689] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 3217.608439] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3217.621420] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3217.626963] CPU: 1 PID: 16197 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3217.634767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3217.644130] Call Trace: [ 3217.646730] dump_stack+0x197/0x210 [ 3217.650374] dump_header+0x15e/0xa55 [ 3217.654104] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3217.659217] ? ___ratelimit+0x60/0x595 [ 3217.663204] ? do_raw_spin_unlock+0x181/0x270 [ 3217.667717] oom_kill_process.cold+0x10/0x6ef [ 3217.672262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3217.677814] ? task_will_free_mem+0x139/0x6e0 [ 3217.682325] out_of_memory+0x362/0x1330 [ 3217.686314] ? lock_downgrade+0x880/0x880 [ 3217.690913] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3217.696039] ? oom_killer_disable+0x280/0x280 [ 3217.700551] ? find_held_lock+0x35/0x130 [ 3217.704650] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3217.709523] ? memcg_event_wake+0x230/0x230 [ 3217.713864] ? do_raw_spin_unlock+0x181/0x270 [ 3217.718376] ? _raw_spin_unlock+0x2d/0x50 [ 3217.722627] try_charge+0xec5/0x1490 [ 3217.726364] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3217.731231] ? lock_downgrade+0x880/0x880 [ 3217.735393] ? kasan_check_read+0x11/0x20 [ 3217.739559] memcg_kmem_charge_memcg+0x83/0x170 [ 3217.744237] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3217.748744] ? __isolate_free_page+0x4c0/0x4c0 [ 3217.753338] memcg_kmem_charge+0x13b/0x370 [ 3217.757593] __alloc_pages_nodemask+0x3c3/0x750 [ 3217.762282] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3217.767319] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3217.771917] ? trace_hardirqs_on+0x67/0x220 [ 3217.776256] copy_process.part.0+0x3e0/0x7a30 [ 3217.780764] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3217.785879] ? delayacct_end+0x5c/0x100 [ 3217.789990] ? __delayacct_freepages_end+0xe0/0x140 [ 3217.795044] ? __lock_acquire+0x6ee/0x49c0 [ 3217.799325] ? __cleanup_sighand+0x70/0x70 [ 3217.803575] ? mark_held_locks+0x100/0x100 [ 3217.807834] _do_fork+0x257/0xfd0 [ 3217.811305] ? fork_idle+0x1d0/0x1d0 [ 3217.815038] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3217.821032] ? kasan_check_read+0x11/0x20 [ 3217.825195] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3217.829965] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3217.834741] ? do_syscall_64+0x26/0x620 [ 3217.838730] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3217.844100] ? do_syscall_64+0x26/0x620 [ 3217.848085] __x64_sys_clone+0xbf/0x150 [ 3217.852075] do_syscall_64+0xfd/0x620 [ 3217.855894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3217.861090] RIP: 0033:0x45d919 [ 3217.864290] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3217.883198] RSP: 002b:00007ffe050c6568 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3217.890918] RAX: ffffffffffffffda RBX: 00007f33df929700 RCX: 000000000045d919 [ 3217.898196] RDX: 00007f33df9299d0 RSI: 00007f33df928db0 RDI: 00000000003d0f00 [ 3217.905473] RBP: 00007ffe050c6780 R08: 00007f33df929700 R09: 00007f33df929700 [ 3217.912752] R10: 00007f33df9299d0 R11: 0000000000000202 R12: 0000000000000000 [ 3217.920031] R13: 00007ffe050c661f R14: 00007f33df9299c0 R15: 000000000075bf2c [ 3217.931173] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 3217.933763] Task in /syz0 killed as a result of limit of /syz0 [ 3217.944181] memory: usage 307200kB, limit 307200kB, failcnt 1877 [ 3217.947374] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 3217.950764] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3217.964582] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3217.972144] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3217.992207] Memory cgroup out of memory: Kill process 16197 (syz-executor.0) score 1103 or sacrifice child 15:02:47 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, 0x0) 15:02:47 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x442, 0x500) 15:02:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:47 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x56f, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xdd46010000000000) [ 3218.002376] Killed process 16197 (syz-executor.0) total-vm:72592kB, anon-rss:88kB, file-rss:34816kB, shmem-rss:0kB [ 3218.014037] oom_reaper: reaped process 16197 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:47 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:47 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3218.164228] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3218.191220] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:47 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3218.248042] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3218.253693] CPU: 1 PID: 16212 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3218.261618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3218.270990] Call Trace: [ 3218.273599] dump_stack+0x197/0x210 [ 3218.277248] dump_header+0x15e/0xa55 [ 3218.280983] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3218.286100] ? ___ratelimit+0x60/0x595 [ 3218.290006] ? do_raw_spin_unlock+0x181/0x270 [ 3218.294519] oom_kill_process.cold+0x10/0x6ef [ 3218.299033] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.304588] ? task_will_free_mem+0x139/0x6e0 [ 3218.309105] out_of_memory+0x362/0x1330 [ 3218.313113] ? lock_downgrade+0x880/0x880 [ 3218.313132] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3218.313149] ? oom_killer_disable+0x280/0x280 [ 3218.313163] ? find_held_lock+0x35/0x130 [ 3218.313192] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3218.313208] ? memcg_event_wake+0x230/0x230 [ 3218.313228] ? do_raw_spin_unlock+0x181/0x270 15:02:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) [ 3218.313247] ? _raw_spin_unlock+0x2d/0x50 [ 3218.348818] try_charge+0xec5/0x1490 [ 3218.352551] ? lock_downgrade+0x880/0x880 [ 3218.356741] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3218.356759] ? rcu_read_unlock+0x33/0x60 15:02:48 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3218.356773] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3218.356785] ? __pte_alloc+0x1bf/0x360 15:02:48 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x443, 0x500) 15:02:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) [ 3218.356804] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3218.356830] mem_cgroup_try_charge+0x259/0x6b0 [ 3218.356853] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3218.356871] __handle_mm_fault+0x1e50/0x3f80 [ 3218.356891] ? copy_page_range+0x2030/0x2030 [ 3218.356924] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3218.356941] handle_mm_fault+0x1b5/0x690 15:02:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) [ 3218.356962] __do_page_fault+0x62a/0xe90 [ 3218.356984] ? vmalloc_fault+0x740/0x740 [ 3218.357000] ? trace_hardirqs_off_caller+0x65/0x220 [ 3218.357019] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3218.357034] ? page_fault+0x8/0x30 [ 3218.357053] do_page_fault+0x71/0x57d 15:02:48 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)) [ 3218.357067] ? page_fault+0x8/0x30 [ 3218.357083] page_fault+0x1e/0x30 [ 3218.357094] RIP: 0033:0x400644 [ 3218.357110] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 3218.357118] RSP: 002b:00007ffe050c6660 EFLAGS: 00010202 [ 3218.357129] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 3218.357138] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3218.357147] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3218.357156] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3218.357165] R13: 00007ffe050c6880 R14: 0000000000760008 R15: 00007ffe050c6890 [ 3218.359144] Task in /syz0 killed as a result of limit of /syz0 [ 3218.359174] memory: usage 307200kB, limit 307200kB, failcnt 1907 [ 3218.359185] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.359193] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.359199] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3218.359274] Memory cgroup out of memory: Kill process 16212 (syz-executor.0) score 1103 or sacrifice child [ 3218.359329] Killed process 16212 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 3218.360063] oom_reaper: reaped process 16212 (syz-executor.0), now anon-rss:0kB, file-rss:33984kB, shmem-rss:0kB [ 3218.411711] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3218.411720] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3218.411747] CPU: 1 PID: 16219 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3218.411756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3218.411761] Call Trace: [ 3218.411781] dump_stack+0x197/0x210 [ 3218.411803] dump_header+0x15e/0xa55 [ 3218.411820] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3218.411835] ? ___ratelimit+0x60/0x595 [ 3218.411849] ? do_raw_spin_unlock+0x181/0x270 [ 3218.411868] oom_kill_process.cold+0x10/0x6ef [ 3218.411888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.411902] ? task_will_free_mem+0x139/0x6e0 [ 3218.411918] ? find_held_lock+0x35/0x130 [ 3218.411939] out_of_memory+0x362/0x1330 [ 3218.411957] ? lock_downgrade+0x880/0x880 [ 3218.411974] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3218.411988] ? oom_killer_disable+0x280/0x280 [ 3218.412001] ? find_held_lock+0x35/0x130 [ 3218.412035] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3218.412052] ? memcg_event_wake+0x230/0x230 [ 3218.412071] ? do_raw_spin_unlock+0x181/0x270 [ 3218.412087] ? _raw_spin_unlock+0x2d/0x50 [ 3218.412104] try_charge+0xec5/0x1490 [ 3218.412127] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3218.412148] ? lock_downgrade+0x880/0x880 [ 3218.412166] ? kasan_check_read+0x11/0x20 [ 3218.412187] memcg_kmem_charge_memcg+0x83/0x170 [ 3218.412204] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3218.412225] ? __isolate_free_page+0x4c0/0x4c0 [ 3218.412242] memcg_kmem_charge+0x13b/0x370 [ 3218.412263] __alloc_pages_nodemask+0x3c3/0x750 [ 3218.412286] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3218.412302] ? __lock_acquire+0x6ee/0x49c0 [ 3218.412324] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3218.412344] alloc_pages_current+0x107/0x210 [ 3218.412361] __pmd_alloc+0x41/0x460 [ 3218.412375] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.412392] __handle_mm_fault+0x1954/0x3f80 [ 3218.412417] ? copy_page_range+0x2030/0x2030 [ 3218.412450] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3218.412468] handle_mm_fault+0x1b5/0x690 [ 3218.412488] __do_page_fault+0x62a/0xe90 [ 3218.412509] ? vmalloc_fault+0x740/0x740 [ 3218.412525] ? trace_hardirqs_off_caller+0x65/0x220 [ 3218.412539] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3218.412552] ? page_fault+0x8/0x30 [ 3218.412572] do_page_fault+0x71/0x57d [ 3218.412586] ? page_fault+0x8/0x30 [ 3218.412600] page_fault+0x1e/0x30 [ 3218.412611] RIP: 0033:0x401c27 [ 3218.412625] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3218.412633] RSP: 002b:00007ffe050c6690 EFLAGS: 00010287 [ 3218.412644] RAX: 0000001b2f120000 RBX: 0000000000000000 RCX: 0000001b30120000 [ 3218.412653] RDX: 0000001b2f120004 RSI: 00007ffe050c6450 RDI: 0000000000000000 [ 3218.412660] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3218.412668] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3218.412677] R13: 00007ffe050c6880 R14: 0000000000000000 R15: 00007ffe050c6890 [ 3218.412792] Task in /syz0 killed as a result of limit of /syz0 [ 3218.412817] memory: usage 307200kB, limit 307200kB, failcnt 1932 [ 3218.412826] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.412834] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.412840] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3218.412912] Memory cgroup out of memory: Kill process 16219 (syz-executor.0) score 1103 or sacrifice child [ 3218.412942] Killed process 16219 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 3218.413500] oom_reaper: reaped process 16219 (syz-executor.0), now anon-rss:0kB, file-rss:34176kB, shmem-rss:0kB [ 3218.525212] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3218.525222] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3218.525252] CPU: 1 PID: 16182 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3218.525262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3218.525268] Call Trace: [ 3218.525288] dump_stack+0x197/0x210 [ 3218.525311] dump_header+0x15e/0xa55 [ 3218.525330] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3218.525346] ? ___ratelimit+0x60/0x595 [ 3218.525361] ? do_raw_spin_unlock+0x181/0x270 [ 3218.525382] oom_kill_process.cold+0x10/0x6ef [ 3218.525403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.525418] ? task_will_free_mem+0x139/0x6e0 [ 3218.525442] out_of_memory+0x362/0x1330 [ 3218.525463] ? lock_downgrade+0x880/0x880 [ 3218.525481] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3218.525497] ? oom_killer_disable+0x280/0x280 [ 3218.525512] ? find_held_lock+0x35/0x130 [ 3218.525541] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3218.525559] ? memcg_event_wake+0x230/0x230 [ 3218.525580] ? do_raw_spin_unlock+0x181/0x270 [ 3218.525596] ? _raw_spin_unlock+0x2d/0x50 [ 3218.525613] try_charge+0xec5/0x1490 [ 3218.525629] ? lock_downgrade+0x880/0x880 [ 3218.525651] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3218.525667] ? rcu_read_unlock+0x33/0x60 [ 3218.525681] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3218.525699] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3218.525723] mem_cgroup_try_charge+0x259/0x6b0 [ 3218.525743] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3218.525760] wp_page_copy+0x430/0x16a0 [ 3218.525784] ? follow_pfn+0x2a0/0x2a0 [ 3218.525802] ? do_raw_spin_unlock+0x181/0x270 15:02:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x570, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xde46010000000000) 15:02:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x444, 0x500) 15:02:50 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)) [ 3218.525819] do_wp_page+0x57d/0x10b0 [ 3218.525838] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3218.525855] ? kasan_check_write+0x14/0x20 [ 3218.525868] ? do_raw_spin_lock+0xd7/0x250 [ 3218.525890] __handle_mm_fault+0x2305/0x3f80 [ 3218.525910] ? copy_page_range+0x2030/0x2030 [ 3218.525947] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3218.525965] handle_mm_fault+0x1b5/0x690 [ 3218.525986] __do_page_fault+0x62a/0xe90 [ 3218.526007] ? vmalloc_fault+0x740/0x740 [ 3218.526024] ? trace_hardirqs_off_caller+0x65/0x220 [ 3218.526039] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3218.526053] ? page_fault+0x8/0x30 [ 3218.526073] do_page_fault+0x71/0x57d 15:02:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x445, 0x500) [ 3218.526087] ? page_fault+0x8/0x30 [ 3218.526103] page_fault+0x1e/0x30 [ 3218.526120] RIP: 0033:0x40eb41 [ 3218.526135] Code: 3d 53 95 34 00 00 0f 85 d8 08 00 00 e8 18 a9 04 00 85 c0 89 c5 0f 88 39 06 00 00 0f 84 ba 05 00 00 89 c6 bf 62 0a 4c 00 31 c0 5a 33 ff ff c7 44 24 30 00 00 00 00 e8 2d 3b ff ff 49 89 c6 48 [ 3218.526143] RSP: 002b:00007ffe050c6850 EFLAGS: 00010246 [ 3218.526155] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045951a [ 3218.526164] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 00000000004c0a62 [ 3218.526172] RBP: 0000000000000006 R08: 0000000000000001 R09: 0000000001503940 [ 3218.526181] R10: 0000000001503c10 R11: 0000000000000246 R12: 0000000000000000 [ 3218.526190] R13: 00007ffe050c6880 R14: 0000000000000000 R15: 00007ffe050c6890 [ 3218.540698] Task in /syz0 killed as a result of limit of /syz0 [ 3218.540728] memory: usage 307200kB, limit 307200kB, failcnt 1962 [ 3218.540738] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.540747] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.540753] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:60KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3218.540828] Memory cgroup out of memory: Kill process 16182 (syz-executor.0) score 117 or sacrifice child [ 3218.540873] Killed process 16222 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 3218.541122] oom_reaper: reaped process 16222 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3218.670113] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3218.670123] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3218.670152] CPU: 0 PID: 16226 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3218.670161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3218.670166] Call Trace: [ 3218.670186] dump_stack+0x197/0x210 [ 3218.670208] dump_header+0x15e/0xa55 [ 3218.670225] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3218.670241] ? ___ratelimit+0x60/0x595 [ 3218.670254] ? do_raw_spin_unlock+0x181/0x270 [ 3218.670274] oom_kill_process.cold+0x10/0x6ef [ 3218.670293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.670307] ? task_will_free_mem+0x139/0x6e0 [ 3218.670330] out_of_memory+0x362/0x1330 [ 3218.670348] ? lock_downgrade+0x880/0x880 [ 3218.670364] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3218.670379] ? oom_killer_disable+0x280/0x280 [ 3218.670393] ? find_held_lock+0x35/0x130 [ 3218.670420] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3218.670437] ? memcg_event_wake+0x230/0x230 [ 3218.670457] ? do_raw_spin_unlock+0x181/0x270 [ 3218.670472] ? _raw_spin_unlock+0x2d/0x50 [ 3218.670497] try_charge+0xec5/0x1490 [ 3218.670513] ? lock_downgrade+0x880/0x880 [ 3218.670535] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3218.670551] ? rcu_read_unlock+0x33/0x60 [ 3218.670564] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3218.670583] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3218.670607] mem_cgroup_try_charge+0x259/0x6b0 [ 3218.670629] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3218.670646] wp_page_copy+0x430/0x16a0 [ 3218.670668] ? follow_pfn+0x2a0/0x2a0 [ 3218.670686] ? do_raw_spin_unlock+0x181/0x270 [ 3218.670703] do_wp_page+0x57d/0x10b0 [ 3218.670722] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3218.670737] ? kasan_check_write+0x14/0x20 [ 3218.670751] ? do_raw_spin_lock+0xd7/0x250 [ 3218.670771] __handle_mm_fault+0x2305/0x3f80 [ 3218.670791] ? copy_page_range+0x2030/0x2030 [ 3218.670823] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3218.670841] handle_mm_fault+0x1b5/0x690 [ 3218.670861] __do_page_fault+0x62a/0xe90 [ 3218.670884] ? vmalloc_fault+0x740/0x740 [ 3218.670901] ? trace_hardirqs_off_caller+0x65/0x220 [ 3218.670915] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3218.670929] ? page_fault+0x8/0x30 [ 3218.670949] do_page_fault+0x71/0x57d [ 3218.670962] ? page_fault+0x8/0x30 [ 3218.670977] page_fault+0x1e/0x30 [ 3218.670987] RIP: 0033:0x45954e [ 3218.671002] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 d7 f3 61 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 3218.671010] RSP: 002b:00007ffe050c6800 EFLAGS: 00010206 [ 3218.671021] RAX: 0000000000a78428 RBX: 00007ffe050c6800 RCX: 000000000045951a [ 3218.671030] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3218.671039] RBP: 00007ffe050c6840 R08: 0000000000000001 R09: 0000000001503940 [ 3218.671047] R10: 0000000001503c10 R11: 0000000000000246 R12: 0000000000000001 [ 3218.671055] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe050c6890 [ 3218.671077] Task in /syz0 killed as a result of limit of /syz0 [ 3218.671103] memory: usage 307200kB, limit 307200kB, failcnt 1985 [ 3218.671112] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.671122] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.671128] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3218.671205] Memory cgroup out of memory: Kill process 16182 (syz-executor.0) score 117 or sacrifice child [ 3218.671245] Killed process 16226 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 3218.671525] oom_reaper: reaped process 16226 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3218.824668] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 3218.824679] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3218.824708] CPU: 1 PID: 16182 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3218.824717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3218.824722] Call Trace: [ 3218.824743] dump_stack+0x197/0x210 [ 3218.824764] dump_header+0x15e/0xa55 [ 3218.824782] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3218.824798] ? ___ratelimit+0x60/0x595 [ 3218.824812] ? do_raw_spin_unlock+0x181/0x270 [ 3218.824832] oom_kill_process.cold+0x10/0x6ef [ 3218.824852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3218.824867] ? task_will_free_mem+0x139/0x6e0 [ 3218.824889] out_of_memory+0x362/0x1330 [ 3218.824909] ? lock_downgrade+0x880/0x880 [ 3218.824926] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3218.824942] ? oom_killer_disable+0x280/0x280 [ 3218.824956] ? find_held_lock+0x35/0x130 [ 3218.824984] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3218.825002] ? memcg_event_wake+0x230/0x230 [ 3218.825022] ? do_raw_spin_unlock+0x181/0x270 [ 3218.825037] ? _raw_spin_unlock+0x2d/0x50 [ 3218.825055] try_charge+0xec5/0x1490 [ 3218.825080] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3218.825101] ? lock_downgrade+0x880/0x880 [ 3218.825120] ? kasan_check_read+0x11/0x20 [ 3218.825143] memcg_kmem_charge_memcg+0x83/0x170 [ 3218.825160] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3218.825182] ? __isolate_free_page+0x4c0/0x4c0 [ 3218.825201] memcg_kmem_charge+0x13b/0x370 [ 3218.825222] __alloc_pages_nodemask+0x3c3/0x750 [ 3218.825245] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3218.825266] ? find_held_lock+0x35/0x130 [ 3218.825282] ? copy_page_range+0x13b3/0x2030 [ 3218.825298] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3218.825319] alloc_pages_current+0x107/0x210 [ 3218.825340] pte_alloc_one+0x1b/0x1a0 [ 3218.825355] __pte_alloc+0x2a/0x360 [ 3218.825374] copy_page_range+0x16d0/0x2030 [ 3218.825424] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 3218.825446] ? __vma_link_rb+0x279/0x370 [ 3218.825471] copy_process.part.0+0x543e/0x7a30 [ 3218.825518] ? __cleanup_sighand+0x70/0x70 [ 3218.825556] _do_fork+0x257/0xfd0 [ 3218.825578] ? fork_idle+0x1d0/0x1d0 [ 3218.825606] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3218.825622] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3218.825638] ? do_syscall_64+0x26/0x620 [ 3218.825653] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3218.825668] ? do_syscall_64+0x26/0x620 [ 3218.825689] __x64_sys_clone+0xbf/0x150 [ 3218.825709] do_syscall_64+0xfd/0x620 [ 3218.825728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3218.825739] RIP: 0033:0x45951a [ 3218.825755] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3218.825763] RSP: 002b:00007ffe050c6800 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3218.825776] RAX: ffffffffffffffda RBX: 00007ffe050c6800 RCX: 000000000045951a [ 3218.825785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3218.825794] RBP: 00007ffe050c6840 R08: 0000000000000001 R09: 0000000001503940 [ 3218.825802] R10: 0000000001503c10 R11: 0000000000000246 R12: 0000000000000001 [ 3218.825811] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe050c6890 [ 3218.829888] Task in /syz0 killed as a result of limit of /syz0 [ 3218.829917] memory: usage 307200kB, limit 307200kB, failcnt 2002 [ 3218.829928] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.829937] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3218.829943] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3218.831272] Memory cgroup out of memory: Kill process 16182 (syz-executor.0) score 117 or sacrifice child [ 3218.831646] Killed process 16182 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB [ 3220.435657] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:52 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x446, 0x500) [ 3222.275064] IPVS: ftp: loaded support on port[0] = 21 15:02:52 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:52 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x571, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:52 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3222.616712] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:02:52 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:52 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x572, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:02:52 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x447, 0x500) 15:02:52 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xdf46010000000000) 15:02:52 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3224.482052] chnl_net:caif_netlink_parms(): no params data found [ 3224.665049] bridge0: port 1(bridge_slave_0) entered blocking state [ 3224.678143] bridge0: port 1(bridge_slave_0) entered disabled state [ 3224.687835] device bridge_slave_0 entered promiscuous mode [ 3224.770261] bridge0: port 2(bridge_slave_1) entered blocking state [ 3224.776658] bridge0: port 2(bridge_slave_1) entered disabled state [ 3224.800989] device bridge_slave_1 entered promiscuous mode [ 3224.885873] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3224.899064] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3224.961087] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3224.971345] team0: Port device team_slave_0 added [ 3224.978643] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3224.988646] team0: Port device team_slave_1 added [ 3224.995249] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3225.044136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3225.172241] device hsr_slave_0 entered promiscuous mode [ 3225.209906] device hsr_slave_1 entered promiscuous mode [ 3225.249926] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3225.314034] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3225.683605] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3226.045670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3226.116798] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3226.147157] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3226.169168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3226.179441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3226.268094] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3226.274214] 8021q: adding VLAN 0 to HW filter on device team0 [ 3226.354954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3226.379394] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3226.390786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3226.409774] bridge0: port 1(bridge_slave_0) entered blocking state [ 3226.416150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3226.508095] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3226.508966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3226.541398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3226.552117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3226.570289] bridge0: port 2(bridge_slave_1) entered blocking state [ 3226.576681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3226.653533] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3226.669064] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3226.759039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3226.766825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3226.822923] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3226.839123] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3226.850932] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3226.928083] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3226.939278] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3226.958816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3226.979762] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3227.055050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3227.079619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3227.090596] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3227.179199] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3227.186907] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3227.202026] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3227.261815] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3227.279222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3227.391319] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3227.462167] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3227.479051] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3227.486658] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3227.582782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3227.839554] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3227.915891] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3227.939162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3227.950653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3228.238901] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3228.247762] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3228.270694] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3228.331682] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3228.339331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3228.349858] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3228.392324] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3228.410934] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3228.430948] device veth0_vlan entered promiscuous mode [ 3228.509832] device veth1_vlan entered promiscuous mode [ 3228.528284] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 3228.566265] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 3228.589054] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 3228.599940] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 3228.722102] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3228.736912] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3228.743358] CPU: 1 PID: 16285 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3228.751289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3228.760652] Call Trace: [ 3228.763247] dump_stack+0x197/0x210 [ 3228.766885] dump_header+0x15e/0xa55 [ 3228.770619] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3228.775750] ? ___ratelimit+0x60/0x595 [ 3228.779664] ? do_raw_spin_unlock+0x181/0x270 [ 3228.784178] oom_kill_process.cold+0x10/0x6ef [ 3228.788698] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3228.794249] ? task_will_free_mem+0x139/0x6e0 [ 3228.798767] out_of_memory+0x362/0x1330 [ 3228.802753] ? lock_downgrade+0x880/0x880 [ 3228.806910] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3228.812109] ? oom_killer_disable+0x280/0x280 [ 3228.816698] ? find_held_lock+0x35/0x130 [ 3228.820785] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3228.825634] ? memcg_event_wake+0x230/0x230 [ 3228.829964] ? do_raw_spin_unlock+0x181/0x270 [ 3228.834464] ? _raw_spin_unlock+0x2d/0x50 [ 3228.838623] try_charge+0xec5/0x1490 [ 3228.842350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3228.847204] ? lock_downgrade+0x880/0x880 [ 3228.851367] ? kasan_check_read+0x11/0x20 [ 3228.855528] memcg_kmem_charge_memcg+0x83/0x170 [ 3228.860205] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3228.864719] ? __isolate_free_page+0x4c0/0x4c0 [ 3228.869309] memcg_kmem_charge+0x13b/0x370 [ 3228.873563] __alloc_pages_nodemask+0x3c3/0x750 [ 3228.878244] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3228.883445] ? trace_hardirqs_on+0x67/0x220 [ 3228.887772] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3228.892794] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3228.898343] alloc_pages_current+0x107/0x210 [ 3228.902767] pte_alloc_one+0x1b/0x1a0 [ 3228.906570] __pte_alloc+0x2a/0x360 [ 3228.910208] __handle_mm_fault+0x340b/0x3f80 [ 3228.914634] ? copy_page_range+0x2030/0x2030 [ 3228.919066] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3228.923765] handle_mm_fault+0x1b5/0x690 [ 3228.927853] __do_page_fault+0x62a/0xe90 [ 3228.931942] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3228.937854] ? vmalloc_fault+0x740/0x740 [ 3228.941929] ? trace_hardirqs_off_caller+0x65/0x220 [ 3228.946956] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3228.951893] ? page_fault+0x8/0x30 [ 3228.955445] do_page_fault+0x71/0x57d [ 3228.959254] ? page_fault+0x8/0x30 [ 3228.962800] page_fault+0x1e/0x30 [ 3228.966250] RIP: 0033:0x40e0fc [ 3228.969450] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 51 ff ff <83> 05 01 1f 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 3228.988360] RSP: 002b:00007ffd7e2d0c00 EFLAGS: 00010217 [ 3228.993751] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045af49 [ 3229.001158] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 3229.008441] RBP: 000000000075bf2c R08: 00007fce938c6700 R09: ffffffffffffffff [ 3229.015721] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 3229.023001] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 3229.042835] Task in /syz0 killed as a result of limit of /syz0 [ 3229.049040] memory: usage 307196kB, limit 307200kB, failcnt 2018 [ 3229.055257] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3229.062608] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3229.069216] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3229.090852] Memory cgroup out of memory: Kill process 16285 (syz-executor.0) score 1103 or sacrifice child [ 3229.101101] Killed process 16285 (syz-executor.0) total-vm:72592kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB 15:02:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)) 15:02:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:58 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x448, 0x500) 15:02:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe046010000000000) 15:02:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x573, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3229.113967] oom_reaper: reaped process 16285 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:02:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3229.249164] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3229.274114] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3229.332647] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3229.373901] CPU: 1 PID: 16298 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3229.381751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3229.391121] Call Trace: [ 3229.393730] dump_stack+0x197/0x210 [ 3229.397369] dump_header+0x15e/0xa55 [ 3229.401095] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3229.406241] ? ___ratelimit+0x60/0x595 [ 3229.410142] ? do_raw_spin_unlock+0x181/0x270 [ 3229.414653] oom_kill_process.cold+0x10/0x6ef [ 3229.419163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3229.424712] ? task_will_free_mem+0x139/0x6e0 [ 3229.429219] out_of_memory+0x362/0x1330 [ 3229.433201] ? lock_downgrade+0x880/0x880 [ 3229.437355] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3229.442460] ? oom_killer_disable+0x280/0x280 [ 3229.446955] ? find_held_lock+0x35/0x130 [ 3229.451036] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3229.455884] ? memcg_event_wake+0x230/0x230 [ 3229.460219] ? do_raw_spin_unlock+0x181/0x270 [ 3229.464843] ? _raw_spin_unlock+0x2d/0x50 [ 3229.469261] try_charge+0xec5/0x1490 [ 3229.472999] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3229.477872] ? lock_downgrade+0x880/0x880 [ 3229.482039] ? kasan_check_read+0x11/0x20 [ 3229.486220] memcg_kmem_charge_memcg+0x83/0x170 [ 3229.490908] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3229.495418] ? __isolate_free_page+0x4c0/0x4c0 [ 3229.500012] memcg_kmem_charge+0x13b/0x370 [ 3229.504261] __alloc_pages_nodemask+0x3c3/0x750 [ 3229.508936] ? should_fail+0x14d/0x85c [ 3229.512835] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3229.517854] ? find_held_lock+0x35/0x130 [ 3229.521928] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3229.527475] alloc_pages_current+0x107/0x210 [ 3229.531892] pte_alloc_one+0x1b/0x1a0 [ 3229.535698] __do_fault+0x2d7/0x480 [ 3229.539328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3229.544997] __handle_mm_fault+0x2b0e/0x3f80 [ 3229.549422] ? copy_page_range+0x2030/0x2030 [ 3229.553864] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3229.558550] handle_mm_fault+0x1b5/0x690 [ 3229.562625] __do_page_fault+0x62a/0xe90 [ 3229.567044] ? vmalloc_fault+0x740/0x740 [ 3229.571108] ? trace_hardirqs_off_caller+0x65/0x220 [ 3229.576125] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3229.581408] ? page_fault+0x8/0x30 [ 3229.584956] do_page_fault+0x71/0x57d [ 3229.588757] ? page_fault+0x8/0x30 [ 3229.592299] page_fault+0x1e/0x30 [ 3229.595750] RIP: 0033:0x401c27 [ 3229.598945] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3229.617851] RSP: 002b:00007ffd7e2d0bf0 EFLAGS: 00010287 15:02:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3229.623216] RAX: 0000001b32f20000 RBX: 0000000000000000 RCX: 0000001b33f20000 [ 3229.630485] RDX: 0000001b32f20004 RSI: 00007ffd7e2d09b0 RDI: 0000000000000000 [ 3229.637756] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3229.645025] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3229.652298] R13: 00007ffd7e2d0de0 R14: 0000000000000000 R15: 00007ffd7e2d0df0 15:02:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x449, 0x500) [ 3229.689360] Task in /syz0 killed as a result of limit of /syz0 [ 3229.695548] memory: usage 307200kB, limit 307200kB, failcnt 2048 [ 3229.702178] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3229.709773] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3229.715948] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:80KB inactive_file:0KB active_file:0KB unevictable:0KB 15:02:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3229.795849] Memory cgroup out of memory: Kill process 16298 (syz-executor.0) score 1103 or sacrifice child [ 3229.830656] Killed process 16298 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3229.956486] oom_reaper: reaped process 16298 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:02:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x44a, 0x500) 15:02:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:02:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x445, 0x500) [ 3230.069059] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3230.098519] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3230.118053] CPU: 0 PID: 16244 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3230.118564] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3230.125923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3230.125930] Call Trace: [ 3230.125955] dump_stack+0x197/0x210 [ 3230.125976] dump_header+0x15e/0xa55 [ 3230.125994] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3230.126010] ? ___ratelimit+0x60/0x595 [ 3230.126022] ? do_raw_spin_unlock+0x181/0x270 [ 3230.126042] oom_kill_process.cold+0x10/0x6ef [ 3230.169589] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3230.175143] ? task_will_free_mem+0x139/0x6e0 [ 3230.179671] out_of_memory+0x362/0x1330 [ 3230.183673] ? lock_downgrade+0x880/0x880 [ 3230.187844] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3230.192971] ? oom_killer_disable+0x280/0x280 [ 3230.197481] ? find_held_lock+0x35/0x130 [ 3230.201575] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3230.206471] ? memcg_event_wake+0x230/0x230 [ 3230.210824] ? do_raw_spin_unlock+0x181/0x270 [ 3230.215332] ? _raw_spin_unlock+0x2d/0x50 [ 3230.219503] try_charge+0xec5/0x1490 [ 3230.223230] ? lock_downgrade+0x880/0x880 [ 3230.227391] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3230.232244] ? rcu_read_unlock+0x33/0x60 [ 3230.236310] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3230.241426] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3230.247502] mem_cgroup_try_charge+0x259/0x6b0 [ 3230.252137] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3230.257078] wp_page_copy+0x430/0x16a0 [ 3230.260983] ? follow_pfn+0x2a0/0x2a0 [ 3230.264798] ? do_raw_spin_unlock+0x181/0x270 [ 3230.269302] do_wp_page+0x57d/0x10b0 [ 3230.273031] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3230.277798] ? kasan_check_write+0x14/0x20 [ 3230.282040] ? do_raw_spin_lock+0xd7/0x250 [ 3230.286296] __handle_mm_fault+0x2305/0x3f80 [ 3230.290721] ? copy_page_range+0x2030/0x2030 [ 3230.295161] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3230.299846] handle_mm_fault+0x1b5/0x690 [ 3230.303925] __do_page_fault+0x62a/0xe90 [ 3230.308003] ? vmalloc_fault+0x740/0x740 [ 3230.312076] ? trace_hardirqs_off_caller+0x65/0x220 [ 3230.317101] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3230.322039] ? page_fault+0x8/0x30 [ 3230.325594] do_page_fault+0x71/0x57d [ 3230.329401] ? page_fault+0x8/0x30 [ 3230.332949] page_fault+0x1e/0x30 [ 3230.336406] RIP: 0033:0x45967a [ 3230.339607] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 3230.358535] RSP: 002b:00007ffd7e2d0d60 EFLAGS: 00010246 [ 3230.363907] RAX: 0000000000000000 RBX: 00007ffd7e2d0d60 RCX: 000000000045951a [ 3230.371206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 3230.378497] RBP: 00007ffd7e2d0da0 R08: 0000000000000001 R09: 000000000151b940 [ 3230.385775] R10: 000000000151bc10 R11: 0000000000000246 R12: 00000000000000ca [ 3230.393052] R13: 0000000000000005 R14: 0000000000000000 R15: 00007ffd7e2d0df0 [ 3230.777020] Task in /syz0 killed as a result of limit of /syz0 [ 3230.784504] memory: usage 307200kB, limit 307200kB, failcnt 2096 [ 3230.797497] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.018029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.024218] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3231.068040] Memory cgroup out of memory: Kill process 16244 (syz-executor.0) score 117 or sacrifice child [ 3231.077886] Killed process 16322 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3231.108298] oom_reaper: reaped process 16322 (syz-executor.0), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB 15:03:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe146010000000000) 15:03:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x44b, 0x500) 15:03:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x574, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x445, 0x500) [ 3231.389320] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 15:03:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3231.444565] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3231.475352] CPU: 0 PID: 16244 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3231.483190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3231.492549] Call Trace: [ 3231.495200] dump_stack+0x197/0x210 [ 3231.498846] dump_header+0x15e/0xa55 [ 3231.502581] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3231.507703] ? ___ratelimit+0x60/0x595 [ 3231.511608] ? do_raw_spin_unlock+0x181/0x270 [ 3231.516121] oom_kill_process.cold+0x10/0x6ef [ 3231.520641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3231.526199] ? task_will_free_mem+0x139/0x6e0 [ 3231.526221] out_of_memory+0x362/0x1330 [ 3231.526239] ? lock_downgrade+0x880/0x880 [ 3231.526255] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 15:03:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x575, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3231.526268] ? oom_killer_disable+0x280/0x280 [ 3231.526281] ? find_held_lock+0x35/0x130 [ 3231.526307] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3231.526324] ? memcg_event_wake+0x230/0x230 [ 3231.526346] ? do_raw_spin_unlock+0x181/0x270 [ 3231.526363] ? _raw_spin_unlock+0x2d/0x50 [ 3231.526380] try_charge+0xec5/0x1490 [ 3231.526405] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3231.526426] ? lock_downgrade+0x880/0x880 [ 3231.526445] ? kasan_check_read+0x11/0x20 [ 3231.526467] memcg_kmem_charge_memcg+0x83/0x170 15:03:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3231.526485] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3231.596508] ? __isolate_free_page+0x4c0/0x4c0 [ 3231.601131] memcg_kmem_charge+0x13b/0x370 [ 3231.605393] __alloc_pages_nodemask+0x3c3/0x750 [ 3231.605414] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3231.605433] ? find_held_lock+0x35/0x130 [ 3231.605448] ? copy_page_range+0x13b3/0x2030 [ 3231.605464] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3231.605483] alloc_pages_current+0x107/0x210 [ 3231.605503] pte_alloc_one+0x1b/0x1a0 [ 3231.605516] __pte_alloc+0x2a/0x360 15:03:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x44c, 0x500) [ 3231.605533] copy_page_range+0x16d0/0x2030 [ 3231.605569] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 3231.605586] ? __vma_link_rb+0x279/0x370 [ 3231.605608] copy_process.part.0+0x543e/0x7a30 [ 3231.605648] ? __cleanup_sighand+0x70/0x70 [ 3231.605680] _do_fork+0x257/0xfd0 [ 3231.605700] ? fork_idle+0x1d0/0x1d0 [ 3231.605724] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3231.605739] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3231.605753] ? do_syscall_64+0x26/0x620 [ 3231.605768] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3231.605781] ? do_syscall_64+0x26/0x620 [ 3231.605799] __x64_sys_clone+0xbf/0x150 [ 3231.605817] do_syscall_64+0xfd/0x620 [ 3231.605834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3231.605844] RIP: 0033:0x45951a [ 3231.605858] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 3231.605865] RSP: 002b:00007ffd7e2d0d60 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3231.605878] RAX: ffffffffffffffda RBX: 00007ffd7e2d0d60 RCX: 000000000045951a [ 3231.605886] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3231.605894] RBP: 00007ffd7e2d0da0 R08: 0000000000000001 R09: 000000000151b940 [ 3231.605901] R10: 000000000151bc10 R11: 0000000000000246 R12: 0000000000000001 [ 3231.605909] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffd7e2d0df0 [ 3231.633761] Task in /syz0 killed as a result of limit of /syz0 [ 3231.633794] memory: usage 307200kB, limit 307200kB, failcnt 2108 [ 3231.633804] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3231.633813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3231.633819] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3231.633962] Memory cgroup out of memory: Kill process 16244 (syz-executor.0) score 117 or sacrifice child [ 3231.634014] Killed process 16244 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 3231.849254] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:02 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe246010000000000) 15:03:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x44d, 0x500) 15:03:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x445, 0x500) 15:03:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x576, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x500, 0x500) 15:03:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3233.798257] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe346010000000000) 15:03:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:04 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x503, 0x500) [ 3235.297822] IPVS: ftp: loaded support on port[0] = 21 [ 3236.555125] chnl_net:caif_netlink_parms(): no params data found [ 3236.680983] bridge0: port 1(bridge_slave_0) entered blocking state [ 3236.687448] bridge0: port 1(bridge_slave_0) entered disabled state [ 3236.698434] device bridge_slave_0 entered promiscuous mode [ 3236.752682] bridge0: port 2(bridge_slave_1) entered blocking state [ 3236.768732] bridge0: port 2(bridge_slave_1) entered disabled state [ 3236.788444] device bridge_slave_1 entered promiscuous mode [ 3236.874825] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3236.903577] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3237.070970] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3237.091389] team0: Port device team_slave_0 added [ 3237.109532] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3237.130670] team0: Port device team_slave_1 added [ 3237.173866] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3237.200582] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3237.333469] device hsr_slave_0 entered promiscuous mode [ 3237.389861] device hsr_slave_1 entered promiscuous mode [ 3237.473774] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3237.495535] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3237.942898] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3238.318357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3238.395348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3238.425731] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3238.433755] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3238.446305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3238.498911] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3238.505026] 8021q: adding VLAN 0 to HW filter on device team0 [ 3238.588408] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3238.596370] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3238.610875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3238.630501] bridge0: port 1(bridge_slave_0) entered blocking state [ 3238.636907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3238.722603] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3238.739158] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3238.749831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3238.771271] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3238.789746] bridge0: port 2(bridge_slave_1) entered blocking state [ 3238.796137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3238.868861] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3238.876455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3238.962451] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3238.979089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3238.997520] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3239.064036] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3239.081567] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3239.107734] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3239.129250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3239.139766] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3239.161298] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3239.235120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3239.259153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3239.279262] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3239.358848] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3239.366634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3239.377393] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3239.394654] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3239.402365] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3239.494348] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3239.576789] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3239.599915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3239.607579] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3239.694202] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3239.937272] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3239.965150] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3239.979510] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3240.000694] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3240.222854] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3240.232222] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3240.244593] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3240.303484] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3240.311112] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3240.321597] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3240.337324] device veth0_vlan entered promiscuous mode [ 3240.383491] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3240.400709] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3240.471909] device veth1_vlan entered promiscuous mode [ 3240.489422] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 3240.516467] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 3240.608353] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 3240.632796] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 3240.656745] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3240.689947] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3240.695378] CPU: 0 PID: 16402 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3240.703180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3240.712536] Call Trace: [ 3240.715136] dump_stack+0x197/0x210 [ 3240.718778] dump_header+0x15e/0xa55 [ 3240.722503] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3240.727613] ? ___ratelimit+0x60/0x595 [ 3240.731506] ? do_raw_spin_unlock+0x181/0x270 [ 3240.736038] oom_kill_process.cold+0x10/0x6ef [ 3240.740931] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3240.746484] ? task_will_free_mem+0x139/0x6e0 [ 3240.751002] out_of_memory+0x362/0x1330 [ 3240.755008] ? lock_downgrade+0x880/0x880 [ 3240.759174] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3240.764289] ? oom_killer_disable+0x280/0x280 [ 3240.768794] ? find_held_lock+0x35/0x130 [ 3240.772894] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3240.777760] ? memcg_event_wake+0x230/0x230 [ 3240.782125] ? do_raw_spin_unlock+0x181/0x270 [ 3240.786633] ? _raw_spin_unlock+0x2d/0x50 [ 3240.790807] try_charge+0xec5/0x1490 [ 3240.794550] ? lock_downgrade+0x880/0x880 [ 3240.798722] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3240.803581] ? rcu_read_unlock+0x33/0x60 [ 3240.807650] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3240.812506] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3240.818588] mem_cgroup_try_charge+0x259/0x6b0 [ 3240.823186] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3240.828125] wp_page_copy+0x430/0x16a0 [ 3240.832025] ? kasan_check_read+0x11/0x20 [ 3240.836184] ? follow_pfn+0x2a0/0x2a0 [ 3240.839997] ? do_raw_spin_unlock+0x181/0x270 [ 3240.844500] do_wp_page+0x57d/0x10b0 [ 3240.848227] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3240.852908] ? kasan_check_write+0x14/0x20 [ 3240.857152] ? do_raw_spin_lock+0xd7/0x250 [ 3240.861401] __handle_mm_fault+0x2305/0x3f80 [ 3240.865821] ? copy_page_range+0x2030/0x2030 [ 3240.870255] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3240.874934] handle_mm_fault+0x1b5/0x690 [ 3240.879022] __do_page_fault+0x62a/0xe90 [ 3240.883100] ? vmalloc_fault+0x740/0x740 [ 3240.887171] ? trace_hardirqs_off_caller+0x65/0x220 [ 3240.892627] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3240.897585] ? page_fault+0x8/0x30 [ 3240.901138] do_page_fault+0x71/0x57d [ 3240.904954] ? page_fault+0x8/0x30 [ 3240.908539] page_fault+0x1e/0x30 [ 3240.911993] RIP: 0033:0x473163 [ 3240.915193] Code: 00 4c 89 e7 89 8d 50 fb ff ff 45 31 ff 48 89 85 a8 fb ff ff 48 8b 42 08 48 89 85 b0 fb ff ff 48 8b 42 10 48 89 85 b8 fb ff ff f8 03 fd ff 8b 8d 50 fb ff ff 49 89 c6 48 89 85 68 fb ff ff 80 [ 3240.934099] RSP: 002b:00007ffe1082bff0 EFLAGS: 00010246 [ 3240.939468] RAX: 00007ffe1082c6e0 RBX: 00007ffe1082c550 RCX: 00000000fbad8001 [ 3240.946744] RDX: 00007ffe1082c6c8 RSI: 0000000000000025 RDI: 00000000004c08fd [ 3240.954019] RBP: 00007ffe1082c540 R08: 0000000000000000 R09: 00007ffe1082c6c8 [ 3240.961290] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004c08fd [ 3240.968566] R13: 00007ffe1082c6c8 R14: 00007ffe1082c6c8 R15: 0000000000000000 [ 3240.979804] Task in /syz0 killed as a result of limit of /syz0 [ 3240.985822] memory: usage 307144kB, limit 307200kB, failcnt 2124 [ 3240.994592] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3241.001772] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x577, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x600, 0x500) 15:03:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe446010000000000) [ 3241.007928] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3241.028086] Memory cgroup out of memory: Kill process 16377 (syz-executor.0) score 114 or sacrifice child [ 3241.037903] Killed process 16402 (syz-executor.0) total-vm:72460kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB [ 3241.049668] oom_reaper: reaped process 16402 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 15:03:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3241.184020] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3241.200549] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3241.272469] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3241.310408] CPU: 1 PID: 16414 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3241.318249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3241.327620] Call Trace: [ 3241.330230] dump_stack+0x197/0x210 [ 3241.333886] dump_header+0x15e/0xa55 [ 3241.337637] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3241.342754] ? ___ratelimit+0x60/0x595 [ 3241.346652] ? do_raw_spin_unlock+0x181/0x270 [ 3241.351166] oom_kill_process.cold+0x10/0x6ef [ 3241.355679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3241.361228] ? task_will_free_mem+0x139/0x6e0 [ 3241.365743] out_of_memory+0x362/0x1330 15:03:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3241.369743] ? lock_downgrade+0x880/0x880 [ 3241.373920] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3241.379046] ? oom_killer_disable+0x280/0x280 [ 3241.383551] ? find_held_lock+0x35/0x130 [ 3241.387636] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3241.392494] ? memcg_event_wake+0x230/0x230 [ 3241.396831] ? do_raw_spin_unlock+0x181/0x270 [ 3241.401342] ? _raw_spin_unlock+0x2d/0x50 [ 3241.405506] try_charge+0xec5/0x1490 [ 3241.409256] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3241.414125] ? lock_downgrade+0x880/0x880 [ 3241.418287] ? kasan_check_read+0x11/0x20 [ 3241.422457] memcg_kmem_charge_memcg+0x83/0x170 [ 3241.427142] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3241.431653] ? __isolate_free_page+0x4c0/0x4c0 [ 3241.436254] memcg_kmem_charge+0x13b/0x370 [ 3241.440508] __alloc_pages_nodemask+0x3c3/0x750 [ 3241.445194] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3241.450233] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3241.455786] alloc_pages_current+0x107/0x210 [ 3241.460215] pte_alloc_one+0x1b/0x1a0 [ 3241.464029] __pte_alloc+0x2a/0x360 [ 3241.467815] __handle_mm_fault+0x340b/0x3f80 [ 3241.472238] ? copy_page_range+0x2030/0x2030 [ 3241.476675] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3241.481358] handle_mm_fault+0x1b5/0x690 [ 3241.485442] __do_page_fault+0x62a/0xe90 [ 3241.489525] ? vmalloc_fault+0x740/0x740 [ 3241.493605] ? trace_hardirqs_off_caller+0x65/0x220 [ 3241.498632] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3241.503572] ? page_fault+0x8/0x30 [ 3241.507125] do_page_fault+0x71/0x57d [ 3241.510934] ? page_fault+0x8/0x30 [ 3241.514489] page_fault+0x1e/0x30 [ 3241.517949] RIP: 0033:0x400644 [ 3241.521148] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 3241.540060] RSP: 002b:00007ffe1082c5b0 EFLAGS: 00010202 [ 3241.545430] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 3241.552710] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3241.559989] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3241.567294] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3241.574571] R13: 00007ffe1082c7d0 R14: 0000000000760008 R15: 00007ffe1082c7e0 15:03:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3241.928128] Task in /syz0 killed as a result of limit of /syz0 [ 3241.935185] memory: usage 307200kB, limit 307200kB, failcnt 2155 [ 3241.952671] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3241.973043] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3241.990598] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:80KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3242.042556] Memory cgroup out of memory: Kill process 16414 (syz-executor.0) score 1103 or sacrifice child [ 3242.069251] Killed process 16414 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB 15:03:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3242.113952] oom_reaper: reaped process 16414 (syz-executor.0), now anon-rss:0kB, file-rss:33984kB, shmem-rss:0kB [ 3242.212821] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 3242.248150] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3242.253711] CPU: 1 PID: 16377 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3242.261522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3242.270884] Call Trace: [ 3242.273498] dump_stack+0x197/0x210 [ 3242.277156] dump_header+0x15e/0xa55 [ 3242.280884] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3242.286011] ? ___ratelimit+0x60/0x595 [ 3242.289906] ? do_raw_spin_unlock+0x181/0x270 [ 3242.294418] oom_kill_process.cold+0x10/0x6ef [ 3242.298936] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3242.304485] ? task_will_free_mem+0x139/0x6e0 [ 3242.309018] out_of_memory+0x362/0x1330 [ 3242.313011] ? lock_downgrade+0x880/0x880 [ 3242.317174] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3242.322286] ? oom_killer_disable+0x280/0x280 [ 3242.326789] ? find_held_lock+0x35/0x130 [ 3242.330968] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3242.335824] ? memcg_event_wake+0x230/0x230 [ 3242.340182] ? do_raw_spin_unlock+0x181/0x270 [ 3242.344805] ? _raw_spin_unlock+0x2d/0x50 [ 3242.348979] try_charge+0xec5/0x1490 [ 3242.352717] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3242.357588] ? lock_downgrade+0x880/0x880 [ 3242.361754] ? kasan_check_read+0x11/0x20 [ 3242.365923] memcg_kmem_charge_memcg+0x83/0x170 [ 3242.370610] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3242.375133] ? __isolate_free_page+0x4c0/0x4c0 [ 3242.379739] memcg_kmem_charge+0x13b/0x370 [ 3242.384014] __alloc_pages_nodemask+0x3c3/0x750 [ 3242.388699] ? should_fail+0x14d/0x85c [ 3242.392727] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3242.397757] ? find_held_lock+0x35/0x130 [ 3242.401841] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3242.407410] alloc_pages_current+0x107/0x210 [ 3242.411843] pte_alloc_one+0x1b/0x1a0 [ 3242.415675] __pte_alloc+0x2a/0x360 [ 3242.419317] copy_page_range+0x16d0/0x2030 [ 3242.423591] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 3242.428449] ? __vma_link_rb+0x279/0x370 [ 3242.432523] copy_process.part.0+0x543e/0x7a30 [ 3242.437146] ? __cleanup_sighand+0x70/0x70 [ 3242.441424] _do_fork+0x257/0xfd0 [ 3242.444901] ? fork_idle+0x1d0/0x1d0 [ 3242.448643] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3242.453409] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3242.458171] ? do_syscall_64+0x26/0x620 [ 3242.462157] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3242.467528] ? do_syscall_64+0x26/0x620 [ 3242.471521] __x64_sys_clone+0xbf/0x150 [ 3242.475511] do_syscall_64+0xfd/0x620 [ 3242.479324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3242.484514] RIP: 0033:0x45951a [ 3242.487712] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 15:03:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x700, 0x500) 15:03:12 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x578, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, 0x0) [ 3242.506734] RSP: 002b:00007ffe1082c750 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 3242.514453] RAX: ffffffffffffffda RBX: 00007ffe1082c750 RCX: 000000000045951a [ 3242.521729] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3242.529003] RBP: 00007ffe1082c790 R08: 0000000000000001 R09: 00000000011dd940 [ 3242.536276] R10: 00000000011ddc10 R11: 0000000000000246 R12: 0000000000000001 [ 3242.543550] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe1082c7e0 [ 3242.653392] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3242.737757] Task in /syz0 killed as a result of limit of /syz0 [ 3242.744084] memory: usage 307200kB, limit 307200kB, failcnt 2181 [ 3242.750850] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3242.757774] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3242.764523] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3242.794909] Memory cgroup out of memory: Kill process 16377 (syz-executor.0) score 117 or sacrifice child [ 3242.821888] Killed process 16377 (syz-executor.0) total-vm:72456kB, anon-rss:96kB, file-rss:35776kB, shmem-rss:0kB 15:03:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:12 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, 0x0) 15:03:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x900, 0x500) 15:03:12 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe4ffffff00000000) 15:03:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, 0x0) 15:03:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x579, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3243.414246] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:03:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa00, 0x500) 15:03:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:03:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3243.728842] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:03:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)) [ 3245.362566] IPVS: ftp: loaded support on port[0] = 21 [ 3245.857155] chnl_net:caif_netlink_parms(): no params data found [ 3246.072858] bridge0: port 1(bridge_slave_0) entered blocking state [ 3246.084895] bridge0: port 1(bridge_slave_0) entered disabled state [ 3246.111245] device bridge_slave_0 entered promiscuous mode [ 3246.183466] bridge0: port 2(bridge_slave_1) entered blocking state [ 3246.208564] bridge0: port 2(bridge_slave_1) entered disabled state [ 3246.217817] device bridge_slave_1 entered promiscuous mode [ 3246.306141] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3246.387642] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3246.500934] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3246.521314] team0: Port device team_slave_0 added [ 3246.538265] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3246.558239] team0: Port device team_slave_1 added [ 3246.614600] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3246.638579] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3246.772429] device hsr_slave_0 entered promiscuous mode [ 3246.829788] device hsr_slave_1 entered promiscuous mode [ 3246.919028] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3246.935911] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3247.268265] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3247.613445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3247.675275] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3247.707423] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3247.729248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3247.739530] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3247.828023] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3247.834245] 8021q: adding VLAN 0 to HW filter on device team0 [ 3247.896544] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3247.918965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3247.930032] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3247.949717] bridge0: port 1(bridge_slave_0) entered blocking state [ 3247.956199] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3248.025097] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3248.052869] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3248.060855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3248.071596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3248.090500] bridge0: port 2(bridge_slave_1) entered blocking state [ 3248.096898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3248.173011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3248.189120] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3248.218952] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3248.273370] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3248.302592] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3248.329299] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3248.340897] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3248.413210] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3248.429096] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3248.448707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3248.469785] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3248.550742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3248.570474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3248.581513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3248.642662] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3248.658999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3248.669339] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3248.758015] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3248.765107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3248.836231] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3248.896604] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3248.909808] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3248.917411] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3249.020606] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3249.273644] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3249.346675] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3249.368972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3249.382744] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3249.636588] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3249.678681] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3249.687632] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3249.757262] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3249.779079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3249.790948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3249.855338] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3249.881189] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3249.943140] device veth0_vlan entered promiscuous mode [ 3250.038321] device veth1_vlan entered promiscuous mode [ 3250.182980] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3250.195665] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3250.202292] CPU: 1 PID: 16491 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3250.210384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3250.220004] Call Trace: [ 3250.222630] dump_stack+0x197/0x210 [ 3250.226285] dump_header+0x15e/0xa55 [ 3250.230024] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3250.235332] ? ___ratelimit+0x60/0x595 [ 3250.239460] ? do_raw_spin_unlock+0x181/0x270 [ 3250.243994] oom_kill_process.cold+0x10/0x6ef [ 3250.248917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3250.254860] ? task_will_free_mem+0x139/0x6e0 [ 3250.259397] out_of_memory+0x362/0x1330 [ 3250.263491] ? lock_downgrade+0x880/0x880 [ 3250.267888] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3250.273024] ? oom_killer_disable+0x280/0x280 [ 3250.277792] ? find_held_lock+0x35/0x130 [ 3250.281900] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3250.286784] ? memcg_event_wake+0x230/0x230 [ 3250.291139] ? do_raw_spin_unlock+0x181/0x270 [ 3250.296063] ? _raw_spin_unlock+0x2d/0x50 [ 3250.300242] try_charge+0xec5/0x1490 [ 3250.303995] ? lock_downgrade+0x880/0x880 [ 3250.308178] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3250.313215] ? rcu_read_unlock+0x33/0x60 [ 3250.317302] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3250.322176] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3250.328372] mem_cgroup_try_charge+0x259/0x6b0 [ 3250.333131] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3250.338088] __handle_mm_fault+0x1e50/0x3f80 [ 3250.342812] ? copy_page_range+0x2030/0x2030 [ 3250.347271] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3250.351978] handle_mm_fault+0x1b5/0x690 [ 3250.356072] __do_page_fault+0x62a/0xe90 [ 3250.360171] ? vmalloc_fault+0x740/0x740 [ 3250.364339] ? trace_hardirqs_off_caller+0x65/0x220 [ 3250.369378] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3250.374427] ? page_fault+0x8/0x30 [ 3250.378228] do_page_fault+0x71/0x57d [ 3250.382285] ? page_fault+0x8/0x30 [ 3250.385852] page_fault+0x1e/0x30 [ 3250.389439] RIP: 0033:0x45d8fd [ 3250.393102] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 3250.412165] RSP: 002b:00007ffe603737f8 EFLAGS: 00010202 [ 3250.417814] RAX: ffffffffffffffea RBX: 00007f1c50c15700 RCX: 00007f1c50c15700 [ 3250.425552] RDX: 00000000003d0f00 RSI: 00007f1c50c14db0 RDI: 0000000000411b30 [ 3250.433011] RBP: 00007ffe60373a10 R08: 00007f1c50c159d0 R09: 00007f1c50c15700 [ 3250.440991] R10: 00007f1c50c14dc0 R11: 0000000000000246 R12: 0000000000000000 [ 3250.448655] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c [ 3250.462279] Task in /syz0 killed as a result of limit of /syz0 [ 3250.469356] memory: usage 307200kB, limit 307200kB, failcnt 2192 [ 3250.475983] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3250.483829] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3250.490804] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3250.511269] Memory cgroup out of memory: Kill process 16491 (syz-executor.0) score 1103 or sacrifice child [ 3250.522036] Killed process 16491 (syz-executor.0) total-vm:72592kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB 15:03:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:03:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xe00, 0x500) 15:03:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:20 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe546010000000000) 15:03:20 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57a, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:20 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa00, 0x500) [ 3250.534980] oom_reaper: reaped process 16491 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3250.643595] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3250.671716] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3250.725705] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 3250.739473] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3250.782432] CPU: 1 PID: 16504 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3250.790465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3250.800492] Call Trace: [ 3250.803124] dump_stack+0x197/0x210 [ 3250.807005] dump_header+0x15e/0xa55 [ 3250.810759] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3250.816494] ? ___ratelimit+0x60/0x595 [ 3250.820419] ? do_raw_spin_unlock+0x181/0x270 [ 3250.825357] oom_kill_process.cold+0x10/0x6ef [ 3250.829897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3250.835468] ? task_will_free_mem+0x139/0x6e0 [ 3250.840246] ? find_held_lock+0x35/0x130 [ 3250.844347] out_of_memory+0x362/0x1330 [ 3250.848355] ? lock_downgrade+0x880/0x880 [ 3250.852825] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3250.858230] ? oom_killer_disable+0x280/0x280 [ 3250.862760] ? find_held_lock+0x35/0x130 [ 3250.866864] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3250.872170] ? memcg_event_wake+0x230/0x230 [ 3250.876707] ? do_raw_spin_unlock+0x181/0x270 [ 3250.881605] ? _raw_spin_unlock+0x2d/0x50 [ 3250.885788] try_charge+0xec5/0x1490 [ 3250.889541] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3250.894630] ? lock_downgrade+0x880/0x880 [ 3250.898960] ? kasan_check_read+0x11/0x20 [ 3250.903319] memcg_kmem_charge_memcg+0x83/0x170 [ 3250.908023] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3250.912763] ? __isolate_free_page+0x4c0/0x4c0 [ 3250.917380] memcg_kmem_charge+0x13b/0x370 [ 3250.921662] __alloc_pages_nodemask+0x3c3/0x750 [ 3250.926454] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3250.931685] ? __lock_acquire+0x6ee/0x49c0 [ 3250.935965] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3250.941627] alloc_pages_current+0x107/0x210 [ 3250.946166] __pmd_alloc+0x41/0x460 [ 3250.949829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3250.955779] __handle_mm_fault+0x1954/0x3f80 [ 3250.960232] ? copy_page_range+0x2030/0x2030 [ 3250.965079] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3250.969875] handle_mm_fault+0x1b5/0x690 [ 3250.974127] __do_page_fault+0x62a/0xe90 [ 3250.978692] ? vmalloc_fault+0x740/0x740 [ 3250.983060] ? trace_hardirqs_off_caller+0x65/0x220 [ 3250.988478] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3250.993534] ? page_fault+0x8/0x30 [ 3250.997113] do_page_fault+0x71/0x57d [ 3251.001029] ? page_fault+0x8/0x30 [ 3251.004684] page_fault+0x1e/0x30 [ 3251.008162] RIP: 0033:0x401c27 [ 3251.011480] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 15:03:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3251.031257] RSP: 002b:00007ffe60373920 EFLAGS: 00010287 [ 3251.036694] RAX: 0000001b31720000 RBX: 0000000000000000 RCX: 0000001b32720000 [ 3251.044148] RDX: 0000001b31720004 RSI: 00007ffe603736e0 RDI: 0000000000000000 [ 3251.051711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3251.059096] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3251.066668] R13: 00007ffe60373b10 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3251.134192] Task in /syz0 killed as a result of limit of /syz0 [ 3251.145249] memory: usage 307200kB, limit 307200kB, failcnt 2217 [ 3251.152360] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3251.159951] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3251.166444] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3251.195577] Memory cgroup out of memory: Kill process 16504 (syz-executor.0) score 1103 or sacrifice child [ 3251.214958] Killed process 16504 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:03:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) [ 3251.250843] oom_reaper: reaped process 16504 (syz-executor.0), now anon-rss:0kB, file-rss:34176kB, shmem-rss:0kB 15:03:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1e26, 0x500) 15:03:21 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3251.359513] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 15:03:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa00, 0x500) [ 3251.408423] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3251.438075] CPU: 0 PID: 16511 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3251.446075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3251.455449] Call Trace: [ 3251.458220] dump_stack+0x197/0x210 [ 3251.461871] dump_header+0x15e/0xa55 [ 3251.465755] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3251.472179] ? ___ratelimit+0x60/0x595 [ 3251.476079] ? do_raw_spin_unlock+0x181/0x270 [ 3251.480593] oom_kill_process.cold+0x10/0x6ef [ 3251.485109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3251.490673] ? task_will_free_mem+0x139/0x6e0 [ 3251.495188] ? find_held_lock+0x35/0x130 [ 3251.499272] out_of_memory+0x362/0x1330 [ 3251.503431] ? lock_downgrade+0x880/0x880 [ 3251.507606] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3251.512865] ? oom_killer_disable+0x280/0x280 [ 3251.517381] ? find_held_lock+0x35/0x130 [ 3251.521643] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3251.526509] ? memcg_event_wake+0x230/0x230 [ 3251.530855] ? do_raw_spin_unlock+0x181/0x270 [ 3251.535377] ? _raw_spin_unlock+0x2d/0x50 [ 3251.539550] try_charge+0xec5/0x1490 [ 3251.543422] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3251.548561] ? lock_downgrade+0x880/0x880 [ 3251.552900] ? kasan_check_read+0x11/0x20 [ 3251.557129] memcg_kmem_charge_memcg+0x83/0x170 [ 3251.562016] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3251.566547] ? __isolate_free_page+0x4c0/0x4c0 [ 3251.571155] memcg_kmem_charge+0x13b/0x370 [ 3251.575413] __alloc_pages_nodemask+0x3c3/0x750 [ 3251.580110] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3251.585262] ? __lock_acquire+0x6ee/0x49c0 [ 3251.589524] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3251.595076] alloc_pages_current+0x107/0x210 [ 3251.599595] __pmd_alloc+0x41/0x460 [ 3251.603357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3251.608926] __handle_mm_fault+0x1954/0x3f80 [ 3251.608948] ? copy_page_range+0x2030/0x2030 [ 3251.608979] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3251.608995] handle_mm_fault+0x1b5/0x690 [ 3251.609015] __do_page_fault+0x62a/0xe90 [ 3251.631174] ? vmalloc_fault+0x740/0x740 [ 3251.635265] ? trace_hardirqs_off_caller+0x65/0x220 [ 3251.640301] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3251.645250] ? page_fault+0x8/0x30 [ 3251.648824] do_page_fault+0x71/0x57d [ 3251.652651] ? page_fault+0x8/0x30 [ 3251.656213] page_fault+0x1e/0x30 [ 3251.659679] RIP: 0033:0x401c27 [ 3251.662891] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3251.681817] RSP: 002b:00007ffe60373920 EFLAGS: 00010287 [ 3251.687195] RAX: 0000001b31720000 RBX: 0000000000000000 RCX: 0000001b32720000 [ 3251.694480] RDX: 0000001b31720004 RSI: 00007ffe603736e0 RDI: 0000000000000000 [ 3251.701850] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3251.709132] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3251.716418] R13: 00007ffe60373b10 R14: 0000000000000000 R15: 00007ffe60373b20 15:03:21 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3251.765884] Task in /syz0 killed as a result of limit of /syz0 [ 3251.778127] memory: usage 307200kB, limit 307200kB, failcnt 2241 [ 3251.786893] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3251.793343] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 3251.798347] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2000, 0x500) [ 3251.808854] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3251.917276] Memory cgroup out of memory: Kill process 16511 (syz-executor.0) score 1103 or sacrifice child [ 3251.936605] Killed process 16511 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3251.961407] oom_reaper: reaped process 16511 (syz-executor.0), now anon-rss:0kB, file-rss:34176kB, shmem-rss:0kB 15:03:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe646010000000000) 15:03:22 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:22 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57b, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:22 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:03:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2200, 0x500) 15:03:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3252.476735] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 15:03:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3252.521544] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3252.532051] CPU: 1 PID: 16530 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3252.539899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3252.549271] Call Trace: [ 3252.552065] dump_stack+0x197/0x210 [ 3252.555724] dump_header+0x15e/0xa55 [ 3252.559462] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3252.564713] ? ___ratelimit+0x60/0x595 15:03:22 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3252.568623] ? do_raw_spin_unlock+0x181/0x270 [ 3252.573404] oom_kill_process.cold+0x10/0x6ef [ 3252.578018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3252.583583] ? task_will_free_mem+0x139/0x6e0 [ 3252.588279] ? find_held_lock+0x35/0x130 [ 3252.592373] out_of_memory+0x362/0x1330 [ 3252.596375] ? lock_downgrade+0x880/0x880 [ 3252.600660] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3252.600677] ? oom_killer_disable+0x280/0x280 15:03:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2300, 0x500) [ 3252.600692] ? find_held_lock+0x35/0x130 [ 3252.600725] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3252.600744] ? memcg_event_wake+0x230/0x230 [ 3252.600765] ? do_raw_spin_unlock+0x181/0x270 [ 3252.600782] ? _raw_spin_unlock+0x2d/0x50 [ 3252.600800] try_charge+0xec5/0x1490 [ 3252.600825] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3252.600846] ? lock_downgrade+0x880/0x880 [ 3252.600865] ? kasan_check_read+0x11/0x20 [ 3252.600887] memcg_kmem_charge_memcg+0x83/0x170 [ 3252.600904] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3252.600924] ? __isolate_free_page+0x4c0/0x4c0 [ 3252.600942] memcg_kmem_charge+0x13b/0x370 [ 3252.600963] __alloc_pages_nodemask+0x3c3/0x750 [ 3252.600985] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3252.601002] ? __lock_acquire+0x6ee/0x49c0 [ 3252.601025] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3252.601046] alloc_pages_current+0x107/0x210 [ 3252.601064] __pmd_alloc+0x41/0x460 [ 3252.601078] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3252.601096] __handle_mm_fault+0x1954/0x3f80 [ 3252.601117] ? copy_page_range+0x2030/0x2030 [ 3252.601149] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3252.601167] handle_mm_fault+0x1b5/0x690 [ 3252.601187] __do_page_fault+0x62a/0xe90 [ 3252.601210] ? vmalloc_fault+0x740/0x740 [ 3252.601225] ? trace_hardirqs_off_caller+0x65/0x220 [ 3252.601239] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3252.601253] ? page_fault+0x8/0x30 [ 3252.601272] do_page_fault+0x71/0x57d [ 3252.601286] ? page_fault+0x8/0x30 [ 3252.601302] page_fault+0x1e/0x30 [ 3252.601313] RIP: 0033:0x401c27 [ 3252.601328] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3252.601337] RSP: 002b:00007ffe60373920 EFLAGS: 00010287 15:03:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, 0x0) [ 3252.601349] RAX: 0000001b31720000 RBX: 0000000000000000 RCX: 0000001b32720000 [ 3252.601358] RDX: 0000001b31720004 RSI: 00007ffe603736e0 RDI: 0000000000000000 [ 3252.601366] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3252.601374] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 3252.601383] R13: 00007ffe60373b10 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3252.793012] Task in /syz0 killed as a result of limit of /syz0 15:03:22 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3252.964037] memory: usage 307148kB, limit 307200kB, failcnt 2265 [ 3252.970302] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3252.977238] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x25fb, 0x500) [ 3253.008176] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3253.043698] Memory cgroup out of memory: Kill process 16530 (syz-executor.0) score 1103 or sacrifice child [ 3253.078203] Killed process 16530 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:03:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe746010000000000) 15:03:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:23 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x261e, 0x500) 15:03:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57c, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3254.104367] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:03:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3254.166092] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3254.204509] CPU: 0 PID: 16560 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3254.212362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3254.221855] Call Trace: [ 3254.224484] dump_stack+0x197/0x210 [ 3254.228151] dump_header+0x15e/0xa55 [ 3254.232101] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3254.237226] ? ___ratelimit+0x60/0x595 [ 3254.241426] ? do_raw_spin_unlock+0x181/0x270 [ 3254.246177] oom_kill_process.cold+0x10/0x6ef [ 3254.250979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3254.256733] ? task_will_free_mem+0x139/0x6e0 [ 3254.256759] out_of_memory+0x362/0x1330 [ 3254.256780] ? lock_downgrade+0x880/0x880 [ 3254.256798] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3254.256815] ? oom_killer_disable+0x280/0x280 [ 3254.256830] ? find_held_lock+0x35/0x130 [ 3254.256859] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3254.256877] ? memcg_event_wake+0x230/0x230 [ 3254.256898] ? do_raw_spin_unlock+0x181/0x270 [ 3254.256916] ? _raw_spin_unlock+0x2d/0x50 [ 3254.256934] try_charge+0xec5/0x1490 [ 3254.256960] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3254.256982] ? lock_downgrade+0x880/0x880 [ 3254.257000] ? kasan_check_read+0x11/0x20 [ 3254.257022] memcg_kmem_charge_memcg+0x83/0x170 [ 3254.257039] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3254.257060] ? __isolate_free_page+0x4c0/0x4c0 [ 3254.257078] memcg_kmem_charge+0x13b/0x370 [ 3254.257100] __alloc_pages_nodemask+0x3c3/0x750 [ 3254.257122] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3254.257143] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3254.257159] ? trace_hardirqs_on+0x67/0x220 [ 3254.257182] copy_process.part.0+0x3e0/0x7a30 [ 3254.257202] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3254.367038] ? delayacct_end+0x5c/0x100 [ 3254.371041] ? __delayacct_freepages_end+0xe0/0x140 [ 3254.376089] ? __lock_acquire+0x6ee/0x49c0 [ 3254.380481] ? __cleanup_sighand+0x70/0x70 [ 3254.384736] ? mark_held_locks+0x100/0x100 [ 3254.389014] _do_fork+0x257/0xfd0 [ 3254.392515] ? fork_idle+0x1d0/0x1d0 [ 3254.396259] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3254.402166] ? kasan_check_read+0x11/0x20 [ 3254.406332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3254.411170] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3254.415957] ? do_syscall_64+0x26/0x620 [ 3254.419946] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3254.425351] ? do_syscall_64+0x26/0x620 [ 3254.429500] __x64_sys_clone+0xbf/0x150 [ 3254.433640] do_syscall_64+0xfd/0x620 [ 3254.437803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3254.443217] RIP: 0033:0x45d919 [ 3254.446428] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 15:03:24 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3254.465347] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3254.473075] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3254.480454] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3254.487866] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3254.495328] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3254.502903] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2a04, 0x500) 15:03:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:24 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3254.747482] Task in /syz0 killed as a result of limit of /syz0 [ 3254.776706] memory: usage 307188kB, limit 307200kB, failcnt 2298 [ 3254.785605] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3254.811953] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3254.827165] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3254.848287] Memory cgroup out of memory: Kill process 16560 (syz-executor.0) score 1103 or sacrifice child [ 3254.863357] Killed process 16560 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3254.888991] oom_reaper: reaped process 16560 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe846010000000000) 15:03:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2c00, 0x500) 15:03:25 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57d, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3255.829076] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3255.848295] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3255.853943] CPU: 0 PID: 16588 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3255.861895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3255.871275] Call Trace: [ 3255.873899] dump_stack+0x197/0x210 [ 3255.877568] dump_header+0x15e/0xa55 [ 3255.881322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3255.886438] ? ___ratelimit+0x60/0x595 [ 3255.890344] ? do_raw_spin_unlock+0x181/0x270 [ 3255.894868] oom_kill_process.cold+0x10/0x6ef [ 3255.899385] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3255.904943] ? task_will_free_mem+0x139/0x6e0 [ 3255.909462] out_of_memory+0x362/0x1330 [ 3255.913461] ? lock_downgrade+0x880/0x880 [ 3255.917637] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3255.922756] ? oom_killer_disable+0x280/0x280 [ 3255.927266] ? find_held_lock+0x35/0x130 [ 3255.931710] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3255.936583] ? memcg_event_wake+0x230/0x230 [ 3255.940926] ? do_raw_spin_unlock+0x181/0x270 [ 3255.945437] ? _raw_spin_unlock+0x2d/0x50 [ 3255.950138] try_charge+0xec5/0x1490 [ 3255.954924] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3255.959794] ? lock_downgrade+0x880/0x880 [ 3255.963958] ? kasan_check_read+0x11/0x20 [ 3255.968306] memcg_kmem_charge_memcg+0x83/0x170 [ 3255.973087] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3255.977601] ? __isolate_free_page+0x4c0/0x4c0 [ 3255.982203] memcg_kmem_charge+0x13b/0x370 [ 3255.986459] __alloc_pages_nodemask+0x3c3/0x750 [ 3255.991183] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3255.996333] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3256.000935] ? trace_hardirqs_on+0x67/0x220 [ 3256.005286] copy_process.part.0+0x3e0/0x7a30 [ 3256.009800] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3256.014936] ? delayacct_end+0x5c/0x100 [ 3256.019051] ? __delayacct_freepages_end+0xe0/0x140 [ 3256.024097] ? __lock_acquire+0x6ee/0x49c0 [ 3256.028361] ? __cleanup_sighand+0x70/0x70 [ 3256.032619] ? mark_held_locks+0x100/0x100 [ 3256.036888] _do_fork+0x257/0xfd0 [ 3256.040367] ? fork_idle+0x1d0/0x1d0 [ 3256.044104] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3256.050009] ? kasan_check_read+0x11/0x20 [ 3256.054209] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3256.058985] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3256.063757] ? do_syscall_64+0x26/0x620 [ 3256.067748] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3256.073128] ? do_syscall_64+0x26/0x620 [ 3256.077125] __x64_sys_clone+0xbf/0x150 [ 3256.081118] do_syscall_64+0xfd/0x620 [ 3256.084939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3256.090147] RIP: 0033:0x45d919 [ 3256.093360] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3256.112280] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3256.120008] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 15:03:25 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3256.127382] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3256.134666] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3256.142133] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3256.149558] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f00, 0x500) 15:03:25 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3256.228189] Task in /syz0 killed as a result of limit of /syz0 [ 3256.235861] memory: usage 307188kB, limit 307200kB, failcnt 2329 [ 3256.264100] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3256.428077] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3256.436036] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3256.507387] Memory cgroup out of memory: Kill process 16588 (syz-executor.0) score 1103 or sacrifice child [ 3256.563876] Killed process 16588 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3256.590919] oom_reaper: reaped process 16588 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xe946010000000000) 15:03:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4000, 0x500) 15:03:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:27 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57e, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3257.589588] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:03:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3257.642422] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3257.681611] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3257.712160] CPU: 1 PID: 16615 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3257.720267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3257.729791] Call Trace: [ 3257.732417] dump_stack+0x197/0x210 [ 3257.736228] dump_header+0x15e/0xa55 [ 3257.739978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3257.745279] ? ___ratelimit+0x60/0x595 [ 3257.749470] ? do_raw_spin_unlock+0x181/0x270 [ 3257.754007] oom_kill_process.cold+0x10/0x6ef [ 3257.758541] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3257.764103] ? task_will_free_mem+0x139/0x6e0 [ 3257.768633] out_of_memory+0x362/0x1330 [ 3257.772638] ? lock_downgrade+0x880/0x880 [ 3257.776806] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3257.781935] ? oom_killer_disable+0x280/0x280 [ 3257.786562] ? find_held_lock+0x35/0x130 [ 3257.790831] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3257.795841] ? memcg_event_wake+0x230/0x230 [ 3257.800489] ? do_raw_spin_unlock+0x181/0x270 [ 3257.805020] ? _raw_spin_unlock+0x2d/0x50 [ 3257.809207] try_charge+0xec5/0x1490 [ 3257.812960] ? lock_downgrade+0x880/0x880 [ 3257.817136] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3257.822004] ? rcu_read_unlock+0x33/0x60 [ 3257.826087] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3257.830979] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3257.837089] mem_cgroup_try_charge+0x259/0x6b0 [ 3257.841706] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3257.846663] wp_page_copy+0x430/0x16a0 [ 3257.850585] ? follow_pfn+0x2a0/0x2a0 [ 3257.854413] ? do_raw_spin_unlock+0x181/0x270 [ 3257.858957] do_wp_page+0x57d/0x10b0 [ 3257.862697] ? lock_acquire+0x16f/0x3f0 [ 3257.866692] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3257.871386] ? kasan_check_write+0x14/0x20 [ 3257.875642] ? do_raw_spin_lock+0xd7/0x250 [ 3257.879908] __handle_mm_fault+0x2305/0x3f80 [ 3257.884345] ? copy_page_range+0x2030/0x2030 [ 3257.888796] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3257.893493] handle_mm_fault+0x1b5/0x690 [ 3257.897581] __do_page_fault+0x62a/0xe90 [ 3257.901672] ? vmalloc_fault+0x740/0x740 [ 3257.905755] ? trace_hardirqs_off_caller+0x65/0x220 [ 3257.910794] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3257.915860] ? page_fault+0x8/0x30 [ 3257.919428] do_page_fault+0x71/0x57d [ 3257.923256] ? page_fault+0x8/0x30 [ 3257.926817] page_fault+0x1e/0x30 [ 3257.930295] RIP: 0033:0x40ff98 [ 3257.933510] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3257.952728] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 15:03:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3257.958120] RAX: 00000000722e1092 RBX: 0000000001fcffe9 RCX: 0000001b32720000 [ 3257.965413] RDX: 0000000000000000 RSI: 0000000000001092 RDI: ffffffff722e1092 [ 3257.972929] RBP: 0000000000000001 R08: 00000000722e1092 R09: 00000000722e1096 [ 3257.980225] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3257.987512] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000001 [ 3257.998079] Task in /syz0 killed as a result of limit of /syz0 [ 3258.005507] memory: usage 307200kB, limit 307200kB, failcnt 2360 15:03:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4204, 0x500) [ 3258.040139] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3258.047684] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3258.054581] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3258.140888] Memory cgroup out of memory: Kill process 16615 (syz-executor.0) score 1103 or sacrifice child 15:03:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3258.187078] Killed process 16615 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3258.280871] oom_reaper: reaped process 16615 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3258.340670] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xea46010000000000) 15:03:29 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f00, 0x500) 15:03:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4304, 0x500) 15:03:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x57f, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3259.522932] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3259.522942] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3259.522968] CPU: 0 PID: 16645 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3259.522977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3259.522982] Call Trace: [ 3259.523003] dump_stack+0x197/0x210 [ 3259.523024] dump_header+0x15e/0xa55 [ 3259.523042] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 15:03:29 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3259.523057] ? ___ratelimit+0x60/0x595 [ 3259.523071] ? do_raw_spin_unlock+0x181/0x270 [ 3259.523090] oom_kill_process.cold+0x10/0x6ef [ 3259.523109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3259.523124] ? task_will_free_mem+0x139/0x6e0 [ 3259.523146] out_of_memory+0x362/0x1330 [ 3259.523165] ? lock_downgrade+0x880/0x880 [ 3259.523182] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3259.523197] ? oom_killer_disable+0x280/0x280 [ 3259.523210] ? find_held_lock+0x35/0x130 [ 3259.523237] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3259.523257] ? memcg_event_wake+0x230/0x230 [ 3259.523276] ? do_raw_spin_unlock+0x181/0x270 [ 3259.523292] ? _raw_spin_unlock+0x2d/0x50 [ 3259.523308] try_charge+0xec5/0x1490 [ 3259.523330] ? lock_downgrade+0x880/0x880 [ 3259.523353] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3259.523369] ? rcu_read_unlock+0x33/0x60 [ 3259.523382] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3259.523401] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3259.523425] mem_cgroup_try_charge+0x259/0x6b0 [ 3259.523447] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3259.523464] wp_page_copy+0x430/0x16a0 [ 3259.523487] ? follow_pfn+0x2a0/0x2a0 [ 3259.523505] ? do_raw_spin_unlock+0x181/0x270 [ 3259.523527] do_wp_page+0x57d/0x10b0 [ 3259.523544] ? lock_acquire+0x16f/0x3f0 [ 3259.523558] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3259.523574] ? kasan_check_write+0x14/0x20 [ 3259.523588] ? do_raw_spin_lock+0xd7/0x250 [ 3259.523608] __handle_mm_fault+0x2305/0x3f80 [ 3259.523627] ? copy_page_range+0x2030/0x2030 15:03:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f00, 0x500) 15:03:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) [ 3259.523659] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3259.523676] handle_mm_fault+0x1b5/0x690 [ 3259.523696] __do_page_fault+0x62a/0xe90 [ 3259.523717] ? vmalloc_fault+0x740/0x740 [ 3259.523733] ? trace_hardirqs_off_caller+0x65/0x220 [ 3259.523746] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3259.523760] ? page_fault+0x8/0x30 [ 3259.523780] do_page_fault+0x71/0x57d [ 3259.523793] ? page_fault+0x8/0x30 [ 3259.523809] page_fault+0x1e/0x30 [ 3259.523820] RIP: 0033:0x40ff98 15:03:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x580, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3259.523839] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3259.523847] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3259.523858] RAX: 00000000722e1092 RBX: 0000000001fcffe9 RCX: 0000001b32720000 [ 3259.523867] RDX: 0000000000000000 RSI: 0000000000001092 RDI: ffffffff722e1092 [ 3259.523875] RBP: 0000000000000001 R08: 00000000722e1092 R09: 00000000722e1096 [ 3259.523884] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3259.523892] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000001 [ 3259.523918] Task in /syz0 killed as a result of limit of /syz0 [ 3259.524009] memory: usage 307200kB, limit 307200kB, failcnt 2390 [ 3259.524018] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3259.524026] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3259.524032] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3259.524105] Memory cgroup out of memory: Kill process 16645 (syz-executor.0) score 1103 or sacrifice child [ 3259.524148] Killed process 16645 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3259.598726] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3259.824550] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3259.915217] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3259.928674] CPU: 0 PID: 16661 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3259.936492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3259.945860] Call Trace: [ 3259.948477] dump_stack+0x197/0x210 [ 3259.952134] dump_header+0x15e/0xa55 [ 3259.955890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3259.961011] ? ___ratelimit+0x60/0x595 [ 3259.964916] ? do_raw_spin_unlock+0x181/0x270 [ 3259.969440] oom_kill_process.cold+0x10/0x6ef [ 3259.973957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3259.979514] ? task_will_free_mem+0x139/0x6e0 [ 3259.984035] out_of_memory+0x362/0x1330 [ 3259.988028] ? lock_downgrade+0x880/0x880 [ 3259.992192] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3259.997312] ? oom_killer_disable+0x280/0x280 [ 3260.001820] ? find_held_lock+0x35/0x130 [ 3260.005909] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3260.010782] ? memcg_event_wake+0x230/0x230 [ 3260.015122] ? do_raw_spin_unlock+0x181/0x270 [ 3260.019632] ? _raw_spin_unlock+0x2d/0x50 [ 3260.023798] try_charge+0xec5/0x1490 [ 3260.027535] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3260.032395] ? lock_downgrade+0x880/0x880 [ 3260.036589] ? kasan_check_read+0x11/0x20 [ 3260.040754] memcg_kmem_charge_memcg+0x83/0x170 [ 3260.045468] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3260.049982] ? __isolate_free_page+0x4c0/0x4c0 [ 3260.054578] memcg_kmem_charge+0x13b/0x370 [ 3260.058828] __alloc_pages_nodemask+0x3c3/0x750 [ 3260.063517] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3260.068554] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3260.073155] ? trace_hardirqs_on+0x67/0x220 [ 3260.077498] copy_process.part.0+0x3e0/0x7a30 [ 3260.082010] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3260.087125] ? delayacct_end+0x5c/0x100 [ 3260.091114] ? __delayacct_freepages_end+0xe0/0x140 [ 3260.096159] ? __lock_acquire+0x6ee/0x49c0 [ 3260.100520] ? __cleanup_sighand+0x70/0x70 [ 3260.104787] ? mark_held_locks+0x100/0x100 [ 3260.109061] _do_fork+0x257/0xfd0 [ 3260.112536] ? fork_idle+0x1d0/0x1d0 [ 3260.116274] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3260.122184] ? kasan_check_read+0x11/0x20 [ 3260.126353] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3260.131131] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3260.135897] ? do_syscall_64+0x26/0x620 [ 3260.139883] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3260.145262] ? do_syscall_64+0x26/0x620 [ 3260.149263] __x64_sys_clone+0xbf/0x150 [ 3260.153270] do_syscall_64+0xfd/0x620 [ 3260.157097] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3260.162308] RIP: 0033:0x45d919 15:03:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:29 executing program 4: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3260.165513] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3260.184552] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3260.192383] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3260.199677] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3260.208097] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3260.215383] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3260.222686] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c [ 3260.271755] Task in /syz0 killed as a result of limit of /syz0 [ 3260.278837] memory: usage 307176kB, limit 307200kB, failcnt 2423 [ 3260.298051] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3260.304849] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3260.318051] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3260.368403] Memory cgroup out of memory: Kill process 16661 (syz-executor.0) score 1103 or sacrifice child [ 3260.389961] Killed process 16661 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:03:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xeb46010000000000) 15:03:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:31 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4404, 0x500) 15:03:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f00, 0x500) 15:03:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x581, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:31 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3261.780950] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3261.816361] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3261.880882] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3261.909455] CPU: 1 PID: 16780 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3261.917279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3261.926647] Call Trace: [ 3261.929252] dump_stack+0x197/0x210 [ 3261.932898] dump_header+0x15e/0xa55 [ 3261.936640] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3261.941750] ? ___ratelimit+0x60/0x595 [ 3261.945643] ? do_raw_spin_unlock+0x181/0x270 [ 3261.950237] oom_kill_process.cold+0x10/0x6ef [ 3261.954916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3261.960472] ? task_will_free_mem+0x139/0x6e0 [ 3261.965004] out_of_memory+0x362/0x1330 [ 3261.965025] ? lock_downgrade+0x880/0x880 [ 3261.965042] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3261.965060] ? oom_killer_disable+0x280/0x280 [ 3261.982760] ? find_held_lock+0x35/0x130 [ 3261.986848] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3261.991707] ? memcg_event_wake+0x230/0x230 [ 3261.996041] ? do_raw_spin_unlock+0x181/0x270 [ 3262.000552] ? _raw_spin_unlock+0x2d/0x50 [ 3262.004719] try_charge+0xec5/0x1490 [ 3262.008457] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3262.013316] ? lock_downgrade+0x880/0x880 [ 3262.017475] ? kasan_check_read+0x11/0x20 [ 3262.021641] memcg_kmem_charge_memcg+0x83/0x170 [ 3262.026317] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3262.030832] ? __isolate_free_page+0x4c0/0x4c0 [ 3262.035430] memcg_kmem_charge+0x13b/0x370 [ 3262.039680] __alloc_pages_nodemask+0x3c3/0x750 [ 3262.044362] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3262.049397] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3262.053989] ? trace_hardirqs_on+0x67/0x220 [ 3262.058332] copy_process.part.0+0x3e0/0x7a30 [ 3262.062849] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3262.067958] ? delayacct_end+0x5c/0x100 [ 3262.071950] ? __delayacct_freepages_end+0xe0/0x140 [ 3262.076994] ? __lock_acquire+0x6ee/0x49c0 [ 3262.081266] ? __cleanup_sighand+0x70/0x70 [ 3262.085519] ? mark_held_locks+0x100/0x100 [ 3262.089795] _do_fork+0x257/0xfd0 [ 3262.093272] ? fork_idle+0x1d0/0x1d0 [ 3262.097011] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3262.102919] ? kasan_check_read+0x11/0x20 [ 3262.107086] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3262.111873] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3262.116655] ? do_syscall_64+0x26/0x620 [ 3262.120659] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3262.126044] ? do_syscall_64+0x26/0x620 [ 3262.130040] __x64_sys_clone+0xbf/0x150 [ 3262.134034] do_syscall_64+0xfd/0x620 [ 3262.137848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3262.143046] RIP: 0033:0x45d919 [ 3262.146248] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3262.165241] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3262.172965] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 15:03:31 executing program 4: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4504, 0x500) 15:03:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3262.180246] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3262.187523] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3262.194802] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3262.202088] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c [ 3262.238265] Task in /syz0 killed as a result of limit of /syz0 [ 3262.249886] memory: usage 307184kB, limit 307200kB, failcnt 2457 15:03:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3262.280564] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3262.319299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3262.338944] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3262.360085] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3262.408878] Memory cgroup out of memory: Kill process 16780 (syz-executor.0) score 1103 or sacrifice child [ 3262.441024] Killed process 16780 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3262.476503] oom_reaper: reaped process 16780 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xec46010000000000) 15:03:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4604, 0x500) 15:03:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x305, 0x500) 15:03:32 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x582, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3263.326120] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3263.343118] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3263.379628] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3263.410277] CPU: 1 PID: 16813 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3263.418120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3263.427486] Call Trace: [ 3263.430091] dump_stack+0x197/0x210 [ 3263.433741] dump_header+0x15e/0xa55 [ 3263.437472] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3263.442590] ? ___ratelimit+0x60/0x595 [ 3263.446489] ? do_raw_spin_unlock+0x181/0x270 [ 3263.451009] oom_kill_process.cold+0x10/0x6ef [ 3263.455523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3263.461076] ? task_will_free_mem+0x139/0x6e0 [ 3263.465597] out_of_memory+0x362/0x1330 [ 3263.469592] ? lock_downgrade+0x880/0x880 [ 3263.473755] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3263.478867] ? oom_killer_disable+0x280/0x280 [ 3263.483372] ? find_held_lock+0x35/0x130 [ 3263.487459] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3263.492319] ? memcg_event_wake+0x230/0x230 [ 3263.496660] ? do_raw_spin_unlock+0x181/0x270 [ 3263.501173] ? _raw_spin_unlock+0x2d/0x50 [ 3263.505334] try_charge+0xec5/0x1490 [ 3263.509070] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3263.513927] ? lock_downgrade+0x880/0x880 [ 3263.518096] ? kasan_check_read+0x11/0x20 [ 3263.522267] memcg_kmem_charge_memcg+0x83/0x170 [ 3263.526947] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3263.531463] ? __isolate_free_page+0x4c0/0x4c0 [ 3263.536064] memcg_kmem_charge+0x13b/0x370 [ 3263.540320] __alloc_pages_nodemask+0x3c3/0x750 [ 3263.545022] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3263.550058] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3263.554648] ? trace_hardirqs_on+0x67/0x220 [ 3263.558998] copy_process.part.0+0x3e0/0x7a30 [ 3263.563545] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3263.570526] ? delayacct_end+0x5c/0x100 [ 3263.574526] ? __delayacct_freepages_end+0xe0/0x140 [ 3263.579559] ? __lock_acquire+0x6ee/0x49c0 [ 3263.583816] ? __cleanup_sighand+0x70/0x70 [ 3263.588065] ? mark_held_locks+0x100/0x100 [ 3263.592335] _do_fork+0x257/0xfd0 [ 3263.595809] ? fork_idle+0x1d0/0x1d0 [ 3263.599553] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3263.605450] ? kasan_check_read+0x11/0x20 [ 3263.609617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3263.614383] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3263.619153] ? do_syscall_64+0x26/0x620 [ 3263.623139] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3263.628517] ? do_syscall_64+0x26/0x620 [ 3263.632515] __x64_sys_clone+0xbf/0x150 [ 3263.636500] do_syscall_64+0xfd/0x620 [ 3263.640314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3263.645510] RIP: 0033:0x45d919 [ 3263.648717] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3263.667627] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 15:03:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3263.675346] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3263.682624] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3263.689908] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3263.697183] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3263.704456] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3263.754984] Task in /syz0 killed as a result of limit of /syz0 [ 3263.762049] memory: usage 307184kB, limit 307200kB, failcnt 2488 [ 3263.798129] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3263.798138] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3263.798144] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3263.798217] Memory cgroup out of memory: Kill process 16813 (syz-executor.0) score 1103 or sacrifice child [ 3263.798262] Killed process 16813 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:03:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000003, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x0, 0x500) 15:03:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4704, 0x500) [ 3264.016012] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing [ 3264.023732] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3264.031316] oom_reaper: reaped process 16813 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xed46010000000000) 15:03:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:34 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x305, 0x500) 15:03:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4804, 0x500) 15:03:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x583, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3265.015635] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:03:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3265.069220] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3265.091749] CPU: 0 PID: 16835 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3265.099586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3265.108970] Call Trace: [ 3265.111582] dump_stack+0x197/0x210 [ 3265.115234] dump_header+0x15e/0xa55 [ 3265.118978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3265.124201] ? ___ratelimit+0x60/0x595 [ 3265.128110] ? do_raw_spin_unlock+0x181/0x270 [ 3265.132627] oom_kill_process.cold+0x10/0x6ef [ 3265.137143] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3265.142158] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3265.142692] ? task_will_free_mem+0x139/0x6e0 [ 3265.142713] out_of_memory+0x362/0x1330 [ 3265.157512] ? lock_downgrade+0x880/0x880 [ 3265.161677] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 15:03:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3265.166798] ? oom_killer_disable+0x280/0x280 [ 3265.171311] ? find_held_lock+0x35/0x130 [ 3265.175398] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3265.180267] ? memcg_event_wake+0x230/0x230 [ 3265.184610] ? do_raw_spin_unlock+0x181/0x270 [ 3265.189124] ? _raw_spin_unlock+0x2d/0x50 [ 3265.193293] try_charge+0xec5/0x1490 [ 3265.197033] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3265.201903] ? lock_downgrade+0x880/0x880 [ 3265.206067] ? kasan_check_read+0x11/0x20 [ 3265.210237] memcg_kmem_charge_memcg+0x83/0x170 [ 3265.214931] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3265.219451] ? __isolate_free_page+0x4c0/0x4c0 [ 3265.224055] memcg_kmem_charge+0x13b/0x370 [ 3265.228317] __alloc_pages_nodemask+0x3c3/0x750 [ 3265.233114] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3265.238164] copy_process.part.0+0x3e0/0x7a30 [ 3265.242986] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3265.248106] ? delayacct_end+0x5c/0x100 [ 3265.252105] ? __delayacct_freepages_end+0xe0/0x140 [ 3265.257143] ? __lock_acquire+0x6ee/0x49c0 [ 3265.261402] ? __cleanup_sighand+0x70/0x70 [ 3265.265655] ? mark_held_locks+0x100/0x100 15:03:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3265.269918] _do_fork+0x257/0xfd0 [ 3265.273392] ? fork_idle+0x1d0/0x1d0 [ 3265.277126] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3265.283632] ? kasan_check_read+0x11/0x20 [ 3265.287822] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3265.292601] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3265.297379] ? do_syscall_64+0x26/0x620 [ 3265.301381] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3265.306772] ? do_syscall_64+0x26/0x620 [ 3265.310794] __x64_sys_clone+0xbf/0x150 [ 3265.314795] do_syscall_64+0xfd/0x620 [ 3265.318623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3265.323823] RIP: 0033:0x45d919 [ 3265.327023] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3265.345937] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3265.353667] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3265.360948] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 15:03:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3265.368330] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3265.375620] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3265.382903] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:35 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4904, 0x500) [ 3265.598659] Task in /syz0 killed as a result of limit of /syz0 [ 3265.606033] memory: usage 307172kB, limit 307200kB, failcnt 2520 [ 3265.636471] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3265.673187] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3265.868049] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3265.874332] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3265.917025] Memory cgroup out of memory: Kill process 16835 (syz-executor.0) score 1103 or sacrifice child [ 3265.938200] Killed process 16835 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3265.961807] oom_reaper: reaped process 16835 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:36 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4a04, 0x500) 15:03:36 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xee46010000000000) 15:03:36 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x305, 0x500) 15:03:36 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x584, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:36 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3266.971212] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:03:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3267.018119] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3267.031892] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3267.054621] CPU: 1 PID: 16869 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3267.062459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3267.071827] Call Trace: [ 3267.074432] dump_stack+0x197/0x210 [ 3267.078087] dump_header+0x15e/0xa55 [ 3267.081823] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3267.086941] ? ___ratelimit+0x60/0x595 [ 3267.090842] ? do_raw_spin_unlock+0x181/0x270 [ 3267.095356] oom_kill_process.cold+0x10/0x6ef [ 3267.099889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3267.105434] ? task_will_free_mem+0x139/0x6e0 [ 3267.109950] out_of_memory+0x362/0x1330 [ 3267.113974] ? lock_downgrade+0x880/0x880 [ 3267.118163] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3267.123291] ? oom_killer_disable+0x280/0x280 [ 3267.127810] ? find_held_lock+0x35/0x130 [ 3267.131899] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3267.136754] ? memcg_event_wake+0x230/0x230 [ 3267.141212] ? do_raw_spin_unlock+0x181/0x270 [ 3267.145731] ? _raw_spin_unlock+0x2d/0x50 [ 3267.149909] try_charge+0xec5/0x1490 [ 3267.153655] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3267.158521] ? lock_downgrade+0x880/0x880 [ 3267.162701] ? kasan_check_read+0x11/0x20 [ 3267.166869] memcg_kmem_charge_memcg+0x83/0x170 [ 3267.171553] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3267.176065] ? __isolate_free_page+0x4c0/0x4c0 [ 3267.180665] memcg_kmem_charge+0x13b/0x370 [ 3267.184924] __alloc_pages_nodemask+0x3c3/0x750 [ 3267.189614] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3267.194653] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3267.199247] ? trace_hardirqs_on+0x67/0x220 [ 3267.203591] copy_process.part.0+0x3e0/0x7a30 [ 3267.208102] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3267.213253] ? delayacct_end+0x5c/0x100 [ 3267.217251] ? __delayacct_freepages_end+0xe0/0x140 [ 3267.222290] ? __lock_acquire+0x6ee/0x49c0 [ 3267.226548] ? __cleanup_sighand+0x70/0x70 [ 3267.230800] ? mark_held_locks+0x100/0x100 [ 3267.235066] _do_fork+0x257/0xfd0 [ 3267.238547] ? fork_idle+0x1d0/0x1d0 [ 3267.242278] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3267.248278] ? kasan_check_read+0x11/0x20 [ 3267.252443] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3267.257215] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3267.261989] ? do_syscall_64+0x26/0x620 [ 3267.265978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3267.271350] ? do_syscall_64+0x26/0x620 [ 3267.275340] __x64_sys_clone+0xbf/0x150 [ 3267.279333] do_syscall_64+0xfd/0x620 [ 3267.283175] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3267.288374] RIP: 0033:0x45d919 [ 3267.291573] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3267.310485] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 15:03:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3267.318203] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3267.325486] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3267.332769] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3267.340132] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3267.347582] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:37 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4b04, 0x500) [ 3267.433089] Task in /syz0 killed as a result of limit of /syz0 [ 3267.439920] memory: usage 307172kB, limit 307200kB, failcnt 2552 [ 3267.446244] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3267.459792] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3267.471726] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB 15:03:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3267.546705] Memory cgroup out of memory: Kill process 16869 (syz-executor.0) score 1103 or sacrifice child [ 3267.596931] Killed process 16869 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3267.617154] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3267.638193] oom_reaper: reaped process 16869 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:38 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xef46010000000000) 15:03:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4904, 0x500) 15:03:38 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4c04, 0x500) 15:03:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x585, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3268.781506] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3268.828973] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3268.834419] CPU: 1 PID: 16903 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3268.842228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3268.851587] Call Trace: [ 3268.854191] dump_stack+0x197/0x210 [ 3268.857839] dump_header+0x15e/0xa55 [ 3268.861564] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3268.866680] ? ___ratelimit+0x60/0x595 [ 3268.870574] ? do_raw_spin_unlock+0x181/0x270 15:03:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4904, 0x500) [ 3268.875079] oom_kill_process.cold+0x10/0x6ef [ 3268.879592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3268.885159] ? task_will_free_mem+0x139/0x6e0 [ 3268.889681] out_of_memory+0x362/0x1330 [ 3268.893671] ? lock_downgrade+0x880/0x880 [ 3268.898178] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 15:03:38 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3268.903316] ? oom_killer_disable+0x280/0x280 15:03:38 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3268.903334] ? find_held_lock+0x35/0x130 [ 3268.903363] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3268.903380] ? memcg_event_wake+0x230/0x230 [ 3268.903401] ? do_raw_spin_unlock+0x181/0x270 [ 3268.903418] ? _raw_spin_unlock+0x2d/0x50 [ 3268.903436] try_charge+0xec5/0x1490 [ 3268.903453] ? lock_downgrade+0x880/0x880 [ 3268.903476] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3268.903492] ? rcu_read_unlock+0x33/0x60 [ 3268.903506] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3268.903525] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3268.903551] mem_cgroup_try_charge+0x259/0x6b0 [ 3268.903573] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3268.903588] wp_page_copy+0x430/0x16a0 [ 3268.903612] ? follow_pfn+0x2a0/0x2a0 [ 3268.903630] ? do_raw_spin_unlock+0x181/0x270 [ 3268.903646] do_wp_page+0x57d/0x10b0 [ 3268.903664] ? lock_acquire+0x16f/0x3f0 [ 3268.903678] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3268.903695] ? kasan_check_write+0x14/0x20 [ 3268.903708] ? do_raw_spin_lock+0xd7/0x250 [ 3268.903730] __handle_mm_fault+0x2305/0x3f80 [ 3268.903750] ? copy_page_range+0x2030/0x2030 [ 3268.903784] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3268.903802] handle_mm_fault+0x1b5/0x690 [ 3268.903824] __do_page_fault+0x62a/0xe90 [ 3268.903847] ? vmalloc_fault+0x740/0x740 [ 3268.903864] ? trace_hardirqs_off_caller+0x65/0x220 [ 3268.903878] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3268.903892] ? page_fault+0x8/0x30 [ 3268.903913] do_page_fault+0x71/0x57d [ 3268.903926] ? page_fault+0x8/0x30 [ 3268.903942] page_fault+0x1e/0x30 [ 3268.903954] RIP: 0033:0x40ff98 15:03:38 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) [ 3268.903970] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3268.903979] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3268.903991] RAX: 00000000934ce80a RBX: 000000001dbb57c6 RCX: 0000001b32720000 [ 3268.904000] RDX: 0000000000000000 RSI: 000000000000080a RDI: ffffffff934ce80a [ 3268.904009] RBP: 0000000000000004 R08: 00000000934ce80a R09: 00000000934ce80e [ 3268.904018] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3268.904027] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000004 [ 3268.904580] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3268.906635] Task in /syz0 killed as a result of limit of /syz0 [ 3268.906664] memory: usage 307200kB, limit 307200kB, failcnt 2584 [ 3268.906673] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3268.906681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3268.906688] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3268.906763] Memory cgroup out of memory: Kill process 16903 (syz-executor.0) score 1103 or sacrifice child [ 3268.906832] Killed process 16903 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3268.908940] oom_reaper: reaped process 16903 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 3269.054562] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3269.528133] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3269.533723] CPU: 1 PID: 16917 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3269.541522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3269.550879] Call Trace: [ 3269.553481] dump_stack+0x197/0x210 [ 3269.557207] dump_header+0x15e/0xa55 [ 3269.561581] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3269.566693] ? ___ratelimit+0x60/0x595 [ 3269.570588] ? do_raw_spin_unlock+0x181/0x270 [ 3269.575093] oom_kill_process.cold+0x10/0x6ef [ 3269.579604] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3269.585148] ? task_will_free_mem+0x139/0x6e0 [ 3269.589667] out_of_memory+0x362/0x1330 [ 3269.593646] ? lock_downgrade+0x880/0x880 [ 3269.597795] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3269.602899] ? oom_killer_disable+0x280/0x280 [ 3269.607413] ? find_held_lock+0x35/0x130 [ 3269.611506] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3269.616364] ? memcg_event_wake+0x230/0x230 [ 3269.620704] ? do_raw_spin_unlock+0x181/0x270 [ 3269.625206] ? _raw_spin_unlock+0x2d/0x50 [ 3269.629361] try_charge+0xec5/0x1490 [ 3269.633090] ? lock_downgrade+0x880/0x880 [ 3269.637383] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3269.642245] ? rcu_read_unlock+0x33/0x60 [ 3269.646313] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3269.651170] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3269.657230] ? __free_object+0xe2/0x1f0 [ 3269.661211] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3269.666331] mem_cgroup_try_charge+0x259/0x6b0 [ 3269.670939] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3269.675879] wp_page_copy+0x430/0x16a0 [ 3269.679781] ? clock_was_set_work+0x30/0x30 [ 3269.684112] ? follow_pfn+0x2a0/0x2a0 [ 3269.687920] ? do_raw_spin_unlock+0x181/0x270 [ 3269.692424] do_wp_page+0x57d/0x10b0 [ 3269.696165] ? lock_acquire+0x16f/0x3f0 [ 3269.700163] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3269.704846] ? kasan_check_write+0x14/0x20 [ 3269.709096] ? do_raw_spin_lock+0xd7/0x250 [ 3269.713347] __handle_mm_fault+0x2305/0x3f80 [ 3269.717769] ? copy_page_range+0x2030/0x2030 [ 3269.722206] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3269.726887] handle_mm_fault+0x1b5/0x690 [ 3269.730962] __do_page_fault+0x62a/0xe90 [ 3269.735053] ? vmalloc_fault+0x740/0x740 [ 3269.739127] ? trace_hardirqs_off_caller+0x65/0x220 [ 3269.744157] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3269.749096] ? page_fault+0x8/0x30 [ 3269.752749] do_page_fault+0x71/0x57d [ 3269.756563] ? page_fault+0x8/0x30 [ 3269.760124] page_fault+0x1e/0x30 [ 3269.763588] RIP: 0033:0x40ff98 [ 3269.766793] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3269.785709] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3269.791082] RAX: 0000000081704f19 RBX: 00000000f35e5fa0 RCX: 0000001b32720000 [ 3269.798358] RDX: 0000000000000000 RSI: 0000000000000f19 RDI: ffffffff81704f19 [ 3269.805631] RBP: 0000000000000000 R08: 0000000081704f19 R09: 0000000081704f1d [ 3269.812905] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3269.820179] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000000 [ 3269.827478] ? trace_hardirqs_off_caller+0x19/0x220 [ 3269.836097] Task in /syz0 killed as a result of limit of /syz0 [ 3269.842425] memory: usage 307200kB, limit 307200kB, failcnt 2617 [ 3269.849035] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3269.855978] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3269.862778] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3269.893953] Memory cgroup out of memory: Kill process 16917 (syz-executor.0) score 1103 or sacrifice child [ 3269.915174] Killed process 16917 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3269.942641] oom_reaper: reaped process 16917 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:39 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf046010000000000) 15:03:39 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4d04, 0x500) 15:03:39 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:39 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:39 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x586, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:39 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4904, 0x500) 15:03:39 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:39 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3270.122101] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3270.145980] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3270.203480] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3270.233166] CPU: 1 PID: 16938 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3270.240998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3270.250375] Call Trace: [ 3270.252982] dump_stack+0x197/0x210 [ 3270.256623] dump_header+0x15e/0xa55 [ 3270.260351] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3270.265465] ? ___ratelimit+0x60/0x595 [ 3270.269799] ? do_raw_spin_unlock+0x181/0x270 [ 3270.274308] oom_kill_process.cold+0x10/0x6ef [ 3270.278818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3270.284391] ? task_will_free_mem+0x139/0x6e0 [ 3270.288903] out_of_memory+0x362/0x1330 [ 3270.292889] ? lock_downgrade+0x880/0x880 [ 3270.297941] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3270.297956] ? oom_killer_disable+0x280/0x280 [ 3270.297971] ? find_held_lock+0x35/0x130 [ 3270.297997] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3270.298015] ? memcg_event_wake+0x230/0x230 [ 3270.298040] ? do_raw_spin_unlock+0x181/0x270 [ 3270.326048] ? _raw_spin_unlock+0x2d/0x50 [ 3270.330215] try_charge+0xec5/0x1490 [ 3270.333950] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3270.338808] ? lock_downgrade+0x880/0x880 [ 3270.343053] ? kasan_check_read+0x11/0x20 [ 3270.347221] memcg_kmem_charge_memcg+0x83/0x170 [ 3270.351903] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3270.356421] ? __isolate_free_page+0x4c0/0x4c0 [ 3270.362769] memcg_kmem_charge+0x13b/0x370 [ 3270.367031] __alloc_pages_nodemask+0x3c3/0x750 [ 3270.371763] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3270.376808] ? trace_hardirqs_on+0x67/0x220 [ 3270.381205] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3270.386244] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3270.391807] alloc_pages_current+0x107/0x210 [ 3270.396249] pte_alloc_one+0x1b/0x1a0 [ 3270.400063] __pte_alloc+0x2a/0x360 [ 3270.403707] __handle_mm_fault+0x340b/0x3f80 [ 3270.408130] ? copy_page_range+0x2030/0x2030 [ 3270.412579] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3270.417266] handle_mm_fault+0x1b5/0x690 [ 3270.421348] __do_page_fault+0x62a/0xe90 [ 3270.425423] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3270.431333] ? vmalloc_fault+0x740/0x740 [ 3270.435407] ? trace_hardirqs_off_caller+0x65/0x220 [ 3270.440442] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3270.445385] ? page_fault+0x8/0x30 [ 3270.448948] do_page_fault+0x71/0x57d [ 3270.452760] ? page_fault+0x8/0x30 [ 3270.456331] page_fault+0x1e/0x30 [ 3270.459790] RIP: 0033:0x40e0fc [ 3270.462996] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 51 ff ff <83> 05 01 1f 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 3270.482027] RSP: 002b:00007ffe60373930 EFLAGS: 00010217 [ 3270.487403] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045af49 [ 3270.494685] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 15:03:40 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3270.501964] RBP: 000000000075bf2c R08: 00007f1c50c15700 R09: ffffffffffffffff [ 3270.509241] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 3270.516529] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 3270.530704] Task in /syz0 killed as a result of limit of /syz0 [ 3270.537020] memory: usage 307200kB, limit 307200kB, failcnt 2635 [ 3270.543509] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:40 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6000, 0x500) [ 3270.596538] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:40 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3270.628982] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3270.725074] Memory cgroup out of memory: Kill process 16938 (syz-executor.0) score 1103 or sacrifice child [ 3270.772865] Killed process 16938 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3270.815666] oom_reaper: reaped process 16938 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf0ffffff00000000) 15:03:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:03:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xedc0, 0x500) 15:03:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x587, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3272.033526] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3272.088084] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3272.093690] CPU: 1 PID: 16960 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3272.101499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3272.110892] Call Trace: [ 3272.113498] dump_stack+0x197/0x210 [ 3272.117147] dump_header+0x15e/0xa55 [ 3272.120876] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3272.125991] ? ___ratelimit+0x60/0x595 [ 3272.130417] ? do_raw_spin_unlock+0x181/0x270 [ 3272.135099] oom_kill_process.cold+0x10/0x6ef [ 3272.139708] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3272.145257] ? task_will_free_mem+0x139/0x6e0 [ 3272.149778] out_of_memory+0x362/0x1330 [ 3272.153770] ? lock_downgrade+0x880/0x880 [ 3272.157933] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3272.163050] ? oom_killer_disable+0x280/0x280 [ 3272.168681] ? find_held_lock+0x35/0x130 [ 3272.172769] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3272.177626] ? memcg_event_wake+0x230/0x230 [ 3272.181962] ? do_raw_spin_unlock+0x181/0x270 [ 3272.186471] ? _raw_spin_unlock+0x2d/0x50 [ 3272.190649] try_charge+0xec5/0x1490 [ 3272.194387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3272.199442] ? lock_downgrade+0x880/0x880 [ 3272.203608] ? kasan_check_read+0x11/0x20 [ 3272.207792] memcg_kmem_charge_memcg+0x83/0x170 [ 3272.212488] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3272.216999] ? __isolate_free_page+0x4c0/0x4c0 [ 3272.221598] memcg_kmem_charge+0x13b/0x370 [ 3272.225850] __alloc_pages_nodemask+0x3c3/0x750 [ 3272.230538] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3272.235568] ? trace_hardirqs_on+0x67/0x220 [ 3272.239896] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3272.244939] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3272.250496] alloc_pages_current+0x107/0x210 [ 3272.255269] pte_alloc_one+0x1b/0x1a0 [ 3272.259084] __pte_alloc+0x2a/0x360 [ 3272.262722] __handle_mm_fault+0x340b/0x3f80 [ 3272.267141] ? copy_page_range+0x2030/0x2030 [ 3272.271579] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3272.276265] handle_mm_fault+0x1b5/0x690 [ 3272.280349] __do_page_fault+0x62a/0xe90 [ 3272.284439] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3272.290355] ? vmalloc_fault+0x740/0x740 [ 3272.294431] ? trace_hardirqs_off_caller+0x65/0x220 [ 3272.299455] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3272.304393] ? page_fault+0x8/0x30 [ 3272.307944] do_page_fault+0x71/0x57d [ 3272.311757] ? page_fault+0x8/0x30 [ 3272.315308] page_fault+0x1e/0x30 [ 3272.318762] RIP: 0033:0x40e0fc 15:03:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)) [ 3272.321970] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 51 ff ff <83> 05 01 1f 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 3272.341753] RSP: 002b:00007ffe60373930 EFLAGS: 00010217 [ 3272.347134] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045af49 [ 3272.354412] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 3272.361863] RBP: 000000000075bf2c R08: 00007f1c50c15700 R09: ffffffffffffffff [ 3272.369142] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 3272.376417] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 15:03:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)) 15:03:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfb25, 0x500) [ 3272.459791] Task in /syz0 killed as a result of limit of /syz0 [ 3272.482904] memory: usage 307200kB, limit 307200kB, failcnt 2668 [ 3272.500595] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)) [ 3272.526461] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3272.538061] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3272.578099] Memory cgroup out of memory: Kill process 16960 (syz-executor.0) score 1103 or sacrifice child [ 3272.632780] Killed process 16960 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3272.661735] oom_reaper: reaped process 16960 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:43 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf146010000000000) 15:03:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xff0f, 0x500) 15:03:43 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf046010000000000) 15:03:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x588, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3273.676978] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:03:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3273.748101] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3273.753646] CPU: 1 PID: 16989 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3273.761884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3273.771244] Call Trace: [ 3273.773851] dump_stack+0x197/0x210 [ 3273.777498] dump_header+0x15e/0xa55 [ 3273.781228] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3273.786343] ? ___ratelimit+0x60/0x595 [ 3273.790238] ? do_raw_spin_unlock+0x181/0x270 [ 3273.794747] oom_kill_process.cold+0x10/0x6ef [ 3273.799343] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3273.804890] ? task_will_free_mem+0x139/0x6e0 [ 3273.809496] out_of_memory+0x362/0x1330 [ 3273.813484] ? lock_downgrade+0x880/0x880 [ 3273.817639] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3273.822752] ? oom_killer_disable+0x280/0x280 [ 3273.827254] ? find_held_lock+0x35/0x130 [ 3273.831335] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3273.836185] ? memcg_event_wake+0x230/0x230 [ 3273.840519] ? do_raw_spin_unlock+0x181/0x270 [ 3273.845031] ? _raw_spin_unlock+0x2d/0x50 [ 3273.849194] try_charge+0xec5/0x1490 [ 3273.853010] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3273.857912] ? lock_downgrade+0x880/0x880 [ 3273.862077] ? kasan_check_read+0x11/0x20 [ 3273.866267] memcg_kmem_charge_memcg+0x83/0x170 [ 3273.870960] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3273.875480] ? __isolate_free_page+0x4c0/0x4c0 [ 3273.880089] memcg_kmem_charge+0x13b/0x370 [ 3273.884350] __alloc_pages_nodemask+0x3c3/0x750 [ 3273.889039] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3273.894089] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3273.898680] ? trace_hardirqs_on+0x67/0x220 [ 3273.903019] copy_process.part.0+0x3e0/0x7a30 [ 3273.907525] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3273.912649] ? delayacct_end+0x5c/0x100 [ 3273.916645] ? __delayacct_freepages_end+0xe0/0x140 [ 3273.921693] ? __lock_acquire+0x6ee/0x49c0 [ 3273.925954] ? __cleanup_sighand+0x70/0x70 [ 3273.930333] ? mark_held_locks+0x100/0x100 [ 3273.934600] _do_fork+0x257/0xfd0 [ 3273.938070] ? fork_idle+0x1d0/0x1d0 [ 3273.941804] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3273.947702] ? kasan_check_read+0x11/0x20 [ 3273.951864] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3273.956638] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3273.961409] ? do_syscall_64+0x26/0x620 [ 3273.965423] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3273.970891] ? do_syscall_64+0x26/0x620 [ 3273.974880] __x64_sys_clone+0xbf/0x150 [ 3273.978873] do_syscall_64+0xfd/0x620 [ 3273.982701] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3273.987899] RIP: 0033:0x45d919 [ 3273.991103] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3274.010017] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3274.017742] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3274.025050] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3274.032331] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3274.039613] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3274.046901] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x20000, 0x500) 15:03:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23703, 0x500) 15:03:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3274.298094] Task in /syz0 killed as a result of limit of /syz0 [ 3274.323684] memory: usage 307176kB, limit 307200kB, failcnt 2701 [ 3274.366805] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3274.406616] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3274.450427] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3274.583445] Memory cgroup out of memory: Kill process 16989 (syz-executor.0) score 1103 or sacrifice child [ 3274.606386] Killed process 16989 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3274.631684] oom_reaper: reaped process 16989 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:45 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf246010000000000) 15:03:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23704, 0x500) 15:03:45 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23703, 0x500) 15:03:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, 0x0) 15:03:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x589, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3275.837415] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3275.869236] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3275.874675] CPU: 0 PID: 17015 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 15:03:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3275.882479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3275.891840] Call Trace: [ 3275.894446] dump_stack+0x197/0x210 [ 3275.898096] dump_header+0x15e/0xa55 [ 3275.901833] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3275.906956] ? ___ratelimit+0x60/0x595 [ 3275.910862] ? do_raw_spin_unlock+0x181/0x270 [ 3275.915376] oom_kill_process.cold+0x10/0x6ef [ 3275.919890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3275.925441] ? task_will_free_mem+0x139/0x6e0 [ 3275.929962] out_of_memory+0x362/0x1330 [ 3275.933957] ? lock_downgrade+0x880/0x880 [ 3275.938126] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3275.943249] ? oom_killer_disable+0x280/0x280 [ 3275.947763] ? find_held_lock+0x35/0x130 [ 3275.951850] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3275.956711] ? memcg_event_wake+0x230/0x230 [ 3275.961076] ? do_raw_spin_unlock+0x181/0x270 [ 3275.965603] ? _raw_spin_unlock+0x2d/0x50 [ 3275.969793] try_charge+0xec5/0x1490 [ 3275.973530] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3275.978401] ? lock_downgrade+0x880/0x880 [ 3275.982577] ? kasan_check_read+0x11/0x20 15:03:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58a, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3275.987443] memcg_kmem_charge_memcg+0x83/0x170 [ 3275.992137] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3275.996661] ? __isolate_free_page+0x4c0/0x4c0 [ 3276.001269] memcg_kmem_charge+0x13b/0x370 [ 3276.005526] __alloc_pages_nodemask+0x3c3/0x750 [ 3276.010340] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3276.015382] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3276.019985] ? trace_hardirqs_on+0x67/0x220 [ 3276.024340] copy_process.part.0+0x3e0/0x7a30 [ 3276.028864] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3276.033985] ? delayacct_end+0x5c/0x100 [ 3276.037981] ? __delayacct_freepages_end+0xe0/0x140 [ 3276.043019] ? __lock_acquire+0x6ee/0x49c0 [ 3276.047279] ? __cleanup_sighand+0x70/0x70 [ 3276.051533] ? mark_held_locks+0x100/0x100 [ 3276.055800] _do_fork+0x257/0xfd0 [ 3276.059269] ? fork_idle+0x1d0/0x1d0 [ 3276.063005] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3276.068911] ? kasan_check_read+0x11/0x20 [ 3276.073075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3276.077849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3276.082620] ? do_syscall_64+0x26/0x620 [ 3276.086605] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3276.091979] ? do_syscall_64+0x26/0x620 [ 3276.095973] __x64_sys_clone+0xbf/0x150 [ 3276.099971] do_syscall_64+0xfd/0x620 [ 3276.103794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3276.108995] RIP: 0033:0x45d919 [ 3276.112196] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3276.131109] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 15:03:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58b, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3276.138842] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3276.146118] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3276.153398] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3276.160680] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3276.167962] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c 15:03:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3276.216171] Task in /syz0 killed as a result of limit of /syz0 [ 3276.235227] memory: usage 307176kB, limit 307200kB, failcnt 2732 [ 3276.242820] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3276.253273] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3276.272357] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB 15:03:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23705, 0x500) 15:03:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xff0f, 0x500) [ 3276.323520] Memory cgroup out of memory: Kill process 17015 (syz-executor.0) score 1103 or sacrifice child [ 3276.335650] Killed process 17015 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3276.364540] oom_reaper: reaped process 17015 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf346010000000000) 15:03:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:47 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x40000, 0x500) 15:03:47 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58c, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3277.746242] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3277.770368] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3277.779300] CPU: 0 PID: 17048 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3277.787124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3277.796489] Call Trace: [ 3277.799096] dump_stack+0x197/0x210 [ 3277.802743] dump_header+0x15e/0xa55 [ 3277.806473] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3277.811593] ? ___ratelimit+0x60/0x595 [ 3277.815497] ? do_raw_spin_unlock+0x181/0x270 [ 3277.820012] oom_kill_process.cold+0x10/0x6ef [ 3277.824521] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3277.830069] ? task_will_free_mem+0x139/0x6e0 [ 3277.834695] out_of_memory+0x362/0x1330 [ 3277.838697] ? lock_downgrade+0x880/0x880 [ 3277.842882] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3277.848007] ? oom_killer_disable+0x280/0x280 [ 3277.852554] ? find_held_lock+0x35/0x130 [ 3277.856648] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3277.861513] ? memcg_event_wake+0x230/0x230 [ 3277.865856] ? do_raw_spin_unlock+0x181/0x270 [ 3277.870477] ? _raw_spin_unlock+0x2d/0x50 [ 3277.874642] try_charge+0xec5/0x1490 [ 3277.878369] ? lock_downgrade+0x880/0x880 [ 3277.882533] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3277.887405] ? rcu_read_unlock+0x33/0x60 [ 3277.891479] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3277.896337] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3277.902404] ? __free_object+0xe2/0x1f0 [ 3277.906396] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3277.911522] mem_cgroup_try_charge+0x259/0x6b0 [ 3277.916245] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3277.921194] wp_page_copy+0x430/0x16a0 [ 3277.925110] ? clock_was_set_work+0x30/0x30 [ 3277.929448] ? follow_pfn+0x2a0/0x2a0 [ 3277.933272] ? do_raw_spin_unlock+0x181/0x270 [ 3277.937788] do_wp_page+0x57d/0x10b0 [ 3277.941519] ? lock_acquire+0x16f/0x3f0 [ 3277.945503] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3277.950183] ? kasan_check_write+0x14/0x20 [ 3277.954431] ? do_raw_spin_lock+0xd7/0x250 [ 3277.958678] __handle_mm_fault+0x2305/0x3f80 [ 3277.963103] ? copy_page_range+0x2030/0x2030 [ 3277.967542] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3277.972223] handle_mm_fault+0x1b5/0x690 [ 3277.976300] __do_page_fault+0x62a/0xe90 [ 3277.980376] ? vmalloc_fault+0x740/0x740 [ 3277.984445] ? trace_hardirqs_off_caller+0x65/0x220 [ 3277.989469] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3277.994405] ? page_fault+0x8/0x30 [ 3277.997958] do_page_fault+0x71/0x57d [ 3278.001770] ? page_fault+0x8/0x30 [ 3278.005315] page_fault+0x1e/0x30 [ 3278.008771] RIP: 0033:0x40ff98 [ 3278.011972] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3278.030881] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3278.036251] RAX: 0000000081704f19 RBX: 00000000f35e5fa0 RCX: 0000001b32720000 15:03:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3278.043532] RDX: 0000000000000000 RSI: 0000000000000f19 RDI: ffffffff81704f19 [ 3278.050810] RBP: 0000000000000000 R08: 0000000081704f19 R09: 0000000081704f1d [ 3278.058083] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3278.065363] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000000 [ 3278.072663] ? trace_hardirqs_off_caller+0x19/0x220 [ 3278.081945] Task in /syz0 killed as a result of limit of /syz0 [ 3278.088190] memory: usage 307200kB, limit 307200kB, failcnt 2762 [ 3278.094503] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.101747] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.108135] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3278.128713] Memory cgroup out of memory: Kill process 17048 (syz-executor.0) score 1103 or sacrifice child 15:03:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x407ff, 0x500) [ 3278.177276] Killed process 17048 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:03:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, 0x0) [ 3278.228676] oom_reaper: reaped process 17048 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:47 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3278.418868] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3278.441524] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3278.452915] CPU: 1 PID: 17070 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3278.460742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3278.470097] Call Trace: [ 3278.472699] dump_stack+0x197/0x210 [ 3278.476337] dump_header+0x15e/0xa55 [ 3278.480069] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3278.485180] ? ___ratelimit+0x60/0x595 [ 3278.489080] ? do_raw_spin_unlock+0x181/0x270 [ 3278.493589] oom_kill_process.cold+0x10/0x6ef [ 3278.498101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3278.503650] ? task_will_free_mem+0x139/0x6e0 [ 3278.508162] out_of_memory+0x362/0x1330 [ 3278.512150] ? lock_downgrade+0x880/0x880 [ 3278.516307] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3278.521418] ? oom_killer_disable+0x280/0x280 [ 3278.525919] ? find_held_lock+0x35/0x130 [ 3278.530005] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3278.534855] ? memcg_event_wake+0x230/0x230 [ 3278.539189] ? do_raw_spin_unlock+0x181/0x270 [ 3278.543692] ? _raw_spin_unlock+0x2d/0x50 [ 3278.547851] try_charge+0xec5/0x1490 [ 3278.551575] ? lock_downgrade+0x880/0x880 [ 3278.555738] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3278.560590] ? rcu_read_unlock+0x33/0x60 [ 3278.564659] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3278.569510] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3278.575581] ? __free_object+0xe2/0x1f0 [ 3278.579566] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3278.584686] mem_cgroup_try_charge+0x259/0x6b0 [ 3278.589283] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3278.594223] wp_page_copy+0x430/0x16a0 [ 3278.598123] ? clock_was_set_work+0x30/0x30 [ 3278.602456] ? follow_pfn+0x2a0/0x2a0 [ 3278.606265] ? do_raw_spin_unlock+0x181/0x270 [ 3278.610771] do_wp_page+0x57d/0x10b0 [ 3278.614497] ? lock_acquire+0x16f/0x3f0 [ 3278.618488] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3278.623166] ? kasan_check_write+0x14/0x20 [ 3278.627409] ? do_raw_spin_lock+0xd7/0x250 [ 3278.631664] __handle_mm_fault+0x2305/0x3f80 [ 3278.636094] ? copy_page_range+0x2030/0x2030 [ 3278.640528] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3278.645210] handle_mm_fault+0x1b5/0x690 [ 3278.649285] __do_page_fault+0x62a/0xe90 [ 3278.653360] ? vmalloc_fault+0x740/0x740 [ 3278.657428] ? trace_hardirqs_off_caller+0x65/0x220 [ 3278.662451] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3278.667388] ? page_fault+0x8/0x30 [ 3278.670942] do_page_fault+0x71/0x57d [ 3278.674748] ? page_fault+0x8/0x30 [ 3278.678292] page_fault+0x1e/0x30 [ 3278.681749] RIP: 0033:0x40ff98 [ 3278.684947] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3278.703945] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3278.709318] RAX: 0000000081704f19 RBX: 00000000f35e5fa0 RCX: 0000001b32720000 [ 3278.716592] RDX: 0000000000000000 RSI: 0000000000000f19 RDI: ffffffff81704f19 [ 3278.723871] RBP: 0000000000000000 R08: 0000000081704f19 R09: 0000000081704f1d [ 3278.731394] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3278.738692] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000000 [ 3278.745994] ? trace_hardirqs_off_caller+0x19/0x220 [ 3278.897035] Task in /syz0 killed as a result of limit of /syz0 [ 3278.914975] memory: usage 307196kB, limit 307200kB, failcnt 2771 [ 3278.948151] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.962795] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3278.983175] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3279.033497] Memory cgroup out of memory: Kill process 17070 (syz-executor.0) score 1103 or sacrifice child [ 3279.043696] Killed process 17070 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3279.056257] oom_reaper: reaped process 17070 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:49 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf446010000000000) 15:03:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, 0x0) 15:03:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:49 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x40800, 0x500) 15:03:49 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58d, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, 0x0) 15:03:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3279.648747] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3279.675135] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3279.681470] CPU: 1 PID: 17081 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3279.689301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3279.698667] Call Trace: [ 3279.701271] dump_stack+0x197/0x210 [ 3279.704919] dump_header+0x15e/0xa55 [ 3279.708648] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3279.713760] ? ___ratelimit+0x60/0x595 [ 3279.717654] ? do_raw_spin_unlock+0x181/0x270 [ 3279.722164] oom_kill_process.cold+0x10/0x6ef [ 3279.726679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3279.732227] ? task_will_free_mem+0x139/0x6e0 [ 3279.736736] out_of_memory+0x362/0x1330 [ 3279.740724] ? lock_downgrade+0x880/0x880 [ 3279.744882] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3279.750007] ? oom_killer_disable+0x280/0x280 [ 3279.754599] ? find_held_lock+0x35/0x130 [ 3279.758682] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3279.763550] ? memcg_event_wake+0x230/0x230 [ 3279.767900] ? do_raw_spin_unlock+0x181/0x270 [ 3279.772407] ? _raw_spin_unlock+0x2d/0x50 [ 3279.776567] try_charge+0xec5/0x1490 [ 3279.780288] ? lock_downgrade+0x880/0x880 [ 3279.784452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3279.789934] ? rcu_read_unlock+0x33/0x60 [ 3279.794004] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3279.798857] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3279.804950] mem_cgroup_try_charge+0x259/0x6b0 [ 3279.809561] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3279.814520] wp_page_copy+0x430/0x16a0 [ 3279.818430] ? follow_pfn+0x2a0/0x2a0 [ 3279.822250] ? do_raw_spin_unlock+0x181/0x270 [ 3279.826755] do_wp_page+0x57d/0x10b0 [ 3279.830486] ? lock_acquire+0x16f/0x3f0 [ 3279.834479] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3279.839164] ? kasan_check_write+0x14/0x20 [ 3279.843406] ? do_raw_spin_lock+0xd7/0x250 [ 3279.847653] __handle_mm_fault+0x2305/0x3f80 [ 3279.852076] ? copy_page_range+0x2030/0x2030 [ 3279.856517] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3279.861194] handle_mm_fault+0x1b5/0x690 [ 3279.865270] __do_page_fault+0x62a/0xe90 [ 3279.869347] ? vmalloc_fault+0x740/0x740 [ 3279.873418] ? trace_hardirqs_off_caller+0x65/0x220 [ 3279.878532] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3279.883480] ? page_fault+0x8/0x30 [ 3279.887034] do_page_fault+0x71/0x57d [ 3279.892230] ? page_fault+0x8/0x30 [ 3279.895784] page_fault+0x1e/0x30 [ 3279.899240] RIP: 0033:0x40ff98 [ 3279.902437] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3279.921345] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3279.926732] RAX: 00000000722e1092 RBX: 0000000001fcffe9 RCX: 0000001b32720000 [ 3279.934011] RDX: 0000000000000000 RSI: 0000000000001092 RDI: ffffffff722e1092 [ 3279.941295] RBP: 0000000000000001 R08: 00000000722e1092 R09: 00000000722e1096 [ 3279.948573] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3279.955846] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000001 [ 3279.965156] Task in /syz0 killed as a result of limit of /syz0 [ 3280.003330] memory: usage 307200kB, limit 307200kB, failcnt 2792 [ 3280.040332] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:49 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x80400, 0x500) 15:03:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, 0x0) [ 3280.065343] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3280.083636] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB 15:03:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:49 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, 0x0) [ 3280.163450] Memory cgroup out of memory: Kill process 17081 (syz-executor.0) score 1103 or sacrifice child [ 3280.198193] Killed process 17081 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3280.238937] oom_reaper: reaped process 17081 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf546010000000000) 15:03:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xe0000, 0x500) 15:03:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:51 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:51 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b31, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:51 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58e, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:51 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b31, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3281.631417] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3281.670883] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3281.692979] CPU: 0 PID: 17103 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3281.700821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3281.710180] Call Trace: [ 3281.712783] dump_stack+0x197/0x210 [ 3281.716423] dump_header+0x15e/0xa55 [ 3281.720146] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3281.725351] ? ___ratelimit+0x60/0x595 [ 3281.729248] ? do_raw_spin_unlock+0x181/0x270 [ 3281.733843] oom_kill_process.cold+0x10/0x6ef [ 3281.738361] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3281.743908] ? task_will_free_mem+0x139/0x6e0 [ 3281.748434] out_of_memory+0x362/0x1330 [ 3281.752853] ? lock_downgrade+0x880/0x880 [ 3281.757010] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3281.762127] ? oom_killer_disable+0x280/0x280 [ 3281.766651] ? find_held_lock+0x35/0x130 [ 3281.771234] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3281.776089] ? memcg_event_wake+0x230/0x230 [ 3281.780425] ? do_raw_spin_unlock+0x181/0x270 [ 3281.784928] ? _raw_spin_unlock+0x2d/0x50 [ 3281.789096] try_charge+0xec5/0x1490 [ 3281.792826] ? lock_downgrade+0x880/0x880 [ 3281.796989] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3281.801840] ? rcu_read_unlock+0x33/0x60 [ 3281.805910] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3281.810763] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3281.816850] mem_cgroup_try_charge+0x259/0x6b0 [ 3281.821452] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3281.826389] wp_page_copy+0x430/0x16a0 [ 3281.830295] ? follow_pfn+0x2a0/0x2a0 [ 3281.834108] ? do_raw_spin_unlock+0x181/0x270 [ 3281.838615] do_wp_page+0x57d/0x10b0 [ 3281.842343] ? lock_acquire+0x16f/0x3f0 [ 3281.846327] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3281.851003] ? kasan_check_write+0x14/0x20 [ 3281.855240] ? do_raw_spin_lock+0xd7/0x250 [ 3281.859489] __handle_mm_fault+0x2305/0x3f80 [ 3281.863913] ? copy_page_range+0x2030/0x2030 [ 3281.868363] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3281.873512] handle_mm_fault+0x1b5/0x690 [ 3281.877587] __do_page_fault+0x62a/0xe90 [ 3281.881659] ? vmalloc_fault+0x740/0x740 [ 3281.885729] ? trace_hardirqs_off_caller+0x65/0x220 [ 3281.890750] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3281.895683] ? page_fault+0x8/0x30 [ 3281.899234] do_page_fault+0x71/0x57d [ 3281.903040] ? page_fault+0x8/0x30 [ 3281.906590] page_fault+0x1e/0x30 [ 3281.910048] RIP: 0033:0x40ff98 [ 3281.913247] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3281.932153] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3281.937521] RAX: 000000009cbbf6b7 RBX: 00000000a709c79f RCX: 0000001b32720000 [ 3281.944797] RDX: 0000000000000000 RSI: 00000000000016b7 RDI: ffffffff9cbbf6b7 [ 3281.952070] RBP: 0000000000000005 R08: 000000009cbbf6b7 R09: 000000009cbbf6bb [ 3281.959383] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3281.966667] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000005 [ 3281.981451] Task in /syz0 killed as a result of limit of /syz0 [ 3281.987626] memory: usage 307200kB, limit 307200kB, failcnt 2824 15:03:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1fffff, 0x500) [ 3282.040020] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3282.066813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3282.087473] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB 15:03:51 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3282.184163] Memory cgroup out of memory: Kill process 17103 (syz-executor.0) score 1103 or sacrifice child 15:03:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x400000, 0x500) [ 3282.236487] Killed process 17103 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3282.270899] oom_reaper: reaped process 17103 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3282.377270] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf646010000000000) 15:03:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:53 executing program 4 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6b6b6b, 0x500) 15:03:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x58f, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3283.556721] FAULT_INJECTION: forcing a failure. [ 3283.556721] name failslab, interval 1, probability 0, space 0, times 0 15:03:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3283.604527] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3283.635700] CPU: 1 PID: 17133 Comm: syz-executor.4 Not tainted 4.19.95-syzkaller #0 [ 3283.643537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3283.645893] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3283.652898] Call Trace: [ 3283.652925] dump_stack+0x197/0x210 [ 3283.652949] should_fail.cold+0xa/0x1b [ 3283.652970] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3283.652987] ? lock_downgrade+0x880/0x880 [ 3283.653014] __should_failslab+0x121/0x190 [ 3283.653032] should_failslab+0x9/0x14 [ 3283.653046] kmem_cache_alloc_trace+0x2cc/0x760 [ 3283.653063] ? __lock_acquire+0x6ee/0x49c0 [ 3283.653083] ksys_ioperm+0x2d3/0x6c0 [ 3283.653095] ? selinux_capable+0x36/0x40 [ 3283.653113] ? profile_pc+0xd0/0xd0 [ 3283.653134] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.712198] ? ns_capable_common+0x141/0x170 [ 3283.716838] vt_ioctl+0x7eb/0x2530 [ 3283.720396] ? complete_change_console+0x3a0/0x3a0 [ 3283.725335] ? avc_has_extended_perms+0xa78/0x10f0 [ 3283.730283] ? avc_ss_reset+0x190/0x190 [ 3283.734259] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3283.739463] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 3283.743815] ? complete_change_console+0x3a0/0x3a0 [ 3283.748763] tty_ioctl+0x7f3/0x1510 [ 3283.752396] ? tty_vhangup+0x30/0x30 [ 3283.756113] ? mark_held_locks+0x100/0x100 [ 3283.760375] ? proc_cwd_link+0x1d0/0x1d0 [ 3283.764458] ? __fget+0x340/0x540 [ 3283.767937] ? __might_sleep+0x95/0x190 [ 3283.771932] ? tty_vhangup+0x30/0x30 [ 3283.775671] do_vfs_ioctl+0xd5f/0x1380 [ 3283.779580] ? selinux_file_ioctl+0x46f/0x5e0 [ 3283.784082] ? selinux_file_ioctl+0x125/0x5e0 [ 3283.788680] ? ioctl_preallocate+0x210/0x210 [ 3283.793115] ? selinux_file_mprotect+0x620/0x620 [ 3283.797878] ? iterate_fd+0x360/0x360 [ 3283.801692] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3283.807246] ? fput+0x128/0x1a0 [ 3283.810542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.816086] ? security_file_ioctl+0x8d/0xc0 [ 3283.820591] ksys_ioctl+0xab/0xd0 [ 3283.824057] __x64_sys_ioctl+0x73/0xb0 [ 3283.827958] do_syscall_64+0xfd/0x620 [ 3283.831769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3283.836994] RIP: 0033:0x45af49 [ 3283.840192] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3283.859121] RSP: 002b:00007fc4a73fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3283.866842] RAX: ffffffffffffffda RBX: 00007fc4a73fcc90 RCX: 000000000045af49 [ 3283.874550] RDX: 0000000020000040 RSI: 0000000000004b37 RDI: 0000000000000004 [ 3283.881823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3283.889103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4a73fd6d4 [ 3283.896375] R13: 00000000004c505f R14: 00000000004dbba0 R15: 0000000000000005 [ 3283.904325] CPU: 1 PID: 17137 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3283.912153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3283.921865] Call Trace: [ 3283.924486] dump_stack+0x197/0x210 [ 3283.928139] dump_header+0x15e/0xa55 [ 3283.931872] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3283.936987] ? ___ratelimit+0x60/0x595 [ 3283.940889] ? do_raw_spin_unlock+0x181/0x270 [ 3283.945405] oom_kill_process.cold+0x10/0x6ef [ 3283.949917] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3283.955463] ? task_will_free_mem+0x139/0x6e0 [ 3283.959986] out_of_memory+0x362/0x1330 [ 3283.964072] ? lock_downgrade+0x880/0x880 [ 3283.968235] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3283.973344] ? oom_killer_disable+0x280/0x280 [ 3283.978288] ? find_held_lock+0x35/0x130 [ 3283.982380] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3283.987233] ? memcg_event_wake+0x230/0x230 [ 3283.991573] ? do_raw_spin_unlock+0x181/0x270 [ 3283.996081] ? _raw_spin_unlock+0x2d/0x50 [ 3284.000239] try_charge+0xec5/0x1490 [ 3284.003964] ? lock_downgrade+0x880/0x880 [ 3284.008126] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3284.012980] ? rcu_read_unlock+0x33/0x60 [ 3284.017046] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3284.021901] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3284.027972] ? __free_object+0xe2/0x1f0 [ 3284.031953] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3284.037072] mem_cgroup_try_charge+0x259/0x6b0 [ 3284.041671] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3284.046613] wp_page_copy+0x430/0x16a0 [ 3284.050515] ? clock_was_set_work+0x30/0x30 [ 3284.054846] ? follow_pfn+0x2a0/0x2a0 [ 3284.058659] ? do_raw_spin_unlock+0x181/0x270 [ 3284.063165] do_wp_page+0x57d/0x10b0 [ 3284.066891] ? lock_acquire+0x16f/0x3f0 [ 3284.070872] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3284.075553] ? kasan_check_write+0x14/0x20 [ 3284.079798] ? do_raw_spin_lock+0xd7/0x250 [ 3284.084047] __handle_mm_fault+0x2305/0x3f80 [ 3284.088498] ? copy_page_range+0x2030/0x2030 [ 3284.092947] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3284.097638] handle_mm_fault+0x1b5/0x690 [ 3284.101734] __do_page_fault+0x62a/0xe90 [ 3284.105824] ? vmalloc_fault+0x740/0x740 [ 3284.109903] ? trace_hardirqs_off_caller+0x65/0x220 [ 3284.114927] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3284.119964] ? page_fault+0x8/0x30 [ 3284.124047] do_page_fault+0x71/0x57d [ 3284.127859] ? page_fault+0x8/0x30 [ 3284.131497] page_fault+0x1e/0x30 [ 3284.134956] RIP: 0033:0x40ff98 [ 3284.138154] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3284.157240] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3284.162618] RAX: 0000000081704f19 RBX: 00000000f35e5fa0 RCX: 0000001b32720000 [ 3284.169901] RDX: 0000000000000000 RSI: 0000000000000f19 RDI: ffffffff81704f19 [ 3284.177183] RBP: 0000000000000000 R08: 0000000081704f19 R09: 0000000081704f1d [ 3284.184640] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3284.191918] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000000 [ 3284.199330] ? trace_hardirqs_off_caller+0x19/0x220 [ 3284.206053] Task in /syz0 killed as a result of limit of /syz0 15:03:53 executing program 4 (fault-call:2 fault-nth:1): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1000000, 0x500) [ 3284.255332] memory: usage 307200kB, limit 307200kB, failcnt 2853 [ 3284.276039] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3284.307303] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:03:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3284.340736] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3284.389097] FAULT_INJECTION: forcing a failure. [ 3284.389097] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3284.400975] CPU: 0 PID: 17150 Comm: syz-executor.4 Not tainted 4.19.95-syzkaller #0 [ 3284.408367] Memory cgroup out of memory: Kill process 17137 (syz-executor.0) score 1103 or sacrifice child [ 3284.408780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3284.425619] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3284.427924] Call Trace: [ 3284.427950] dump_stack+0x197/0x210 [ 3284.427973] should_fail.cold+0xa/0x1b [ 3284.427990] ? mark_held_locks+0xb1/0x100 [ 3284.428009] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3284.428030] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3284.449074] Killed process 17137 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3284.453684] ? retint_kernel+0x2d/0x2d [ 3284.453704] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3284.453725] __alloc_pages_nodemask+0x1ee/0x750 [ 3284.453746] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3284.487389] ? find_held_lock+0x35/0x130 [ 3284.491492] cache_grow_begin+0x91/0x8c0 [ 3284.495573] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3284.501125] ? check_preemption_disabled+0x48/0x290 [ 3284.506159] kmem_cache_alloc_trace+0x685/0x760 [ 3284.510852] ksys_ioperm+0x2d3/0x6c0 [ 3284.514580] ? profile_pc+0xd0/0xd0 [ 3284.518217] ? vt_ioctl+0x1af/0x2530 [ 3284.521946] ? __sanitizer_cov_trace_switch+0x4f/0x80 [ 3284.527148] vt_ioctl+0x7eb/0x2530 [ 3284.530700] ? complete_change_console+0x3a0/0x3a0 [ 3284.535644] ? retint_kernel+0x2d/0x2d [ 3284.539541] ? complete_change_console+0x3a0/0x3a0 [ 3284.544482] ? complete_change_console+0x3a0/0x3a0 [ 3284.549426] tty_ioctl+0x7f3/0x1510 [ 3284.553191] ? tty_vhangup+0x30/0x30 [ 3284.557037] ? mark_held_locks+0x100/0x100 [ 3284.561304] ? finish_task_switch+0x118/0x7c0 [ 3284.565808] ? switch_mm_irqs_off+0x7fa/0x1360 [ 3284.570426] ? __fget+0x340/0x540 [ 3284.573906] ? __might_sleep+0x95/0x190 [ 3284.578245] ? tty_vhangup+0x30/0x30 [ 3284.581978] do_vfs_ioctl+0xd5f/0x1380 [ 3284.585878] ? selinux_file_ioctl+0x46f/0x5e0 [ 3284.590732] ? selinux_file_ioctl+0x125/0x5e0 [ 3284.595238] ? ioctl_preallocate+0x210/0x210 [ 3284.599658] ? selinux_file_mprotect+0x620/0x620 [ 3284.604436] ? iterate_fd+0x360/0x360 [ 3284.608263] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3284.613814] ? fput+0x128/0x1a0 [ 3284.617110] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3284.622678] ? security_file_ioctl+0x8d/0xc0 [ 3284.627111] ksys_ioctl+0xab/0xd0 [ 3284.630593] __x64_sys_ioctl+0x73/0xb0 [ 3284.634514] do_syscall_64+0xfd/0x620 [ 3284.638336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3284.643563] RIP: 0033:0x45af49 [ 3284.646773] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3284.673075] RSP: 002b:00007fc4a73fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3284.680820] RAX: ffffffffffffffda RBX: 00007fc4a73fcc90 RCX: 000000000045af49 [ 3284.688095] RDX: 0000000020000040 RSI: 0000000000004b37 RDI: 0000000000000004 [ 3284.695371] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3284.702645] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4a73fd6d4 [ 3284.709924] R13: 00000000004c505f R14: 00000000004dbba0 R15: 0000000000000005 [ 3284.760588] oom_reaper: reaped process 17137 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:54 executing program 4 (fault-call:2 fault-nth:2): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2000000, 0x500) [ 3284.953238] FAULT_INJECTION: forcing a failure. [ 3284.953238] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3284.965086] CPU: 1 PID: 17158 Comm: syz-executor.4 Not tainted 4.19.95-syzkaller #0 [ 3284.972893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3284.982257] Call Trace: [ 3284.984860] dump_stack+0x197/0x210 [ 3284.988507] should_fail.cold+0xa/0x1b [ 3284.992401] ? avc_has_perm_noaudit+0x38f/0x570 [ 3284.997084] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3285.002204] ? mark_held_locks+0x100/0x100 [ 3285.006455] __alloc_pages_nodemask+0x1ee/0x750 [ 3285.011156] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3285.016185] ? find_held_lock+0x35/0x130 [ 3285.020266] cache_grow_begin+0x91/0x8c0 [ 3285.024335] ? do_raw_spin_unlock+0x181/0x270 [ 3285.028848] ____cache_alloc_node+0x17c/0x1e0 [ 3285.033354] kmem_cache_alloc_trace+0x215/0x760 [ 3285.038037] ksys_ioperm+0x2d3/0x6c0 [ 3285.041756] ? selinux_capable+0x36/0x40 [ 3285.045826] ? profile_pc+0xd0/0xd0 [ 3285.049464] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3285.055008] ? ns_capable_common+0x141/0x170 [ 3285.059428] vt_ioctl+0x7eb/0x2530 [ 3285.063009] ? complete_change_console+0x3a0/0x3a0 [ 3285.067953] ? avc_has_extended_perms+0xa78/0x10f0 [ 3285.072899] ? avc_ss_reset+0x190/0x190 [ 3285.076882] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3285.082083] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 3285.086411] ? complete_change_console+0x3a0/0x3a0 [ 3285.091365] tty_ioctl+0x7f3/0x1510 [ 3285.095012] ? tty_vhangup+0x30/0x30 [ 3285.098737] ? mark_held_locks+0x100/0x100 [ 3285.102976] ? proc_cwd_link+0x1d0/0x1d0 [ 3285.107151] ? __fget+0x340/0x540 [ 3285.110619] ? __might_sleep+0x95/0x190 [ 3285.114623] ? tty_vhangup+0x30/0x30 [ 3285.118349] do_vfs_ioctl+0xd5f/0x1380 [ 3285.122519] ? selinux_file_ioctl+0x46f/0x5e0 [ 3285.127645] ? selinux_file_ioctl+0x125/0x5e0 [ 3285.132245] ? ioctl_preallocate+0x210/0x210 [ 3285.136671] ? selinux_file_mprotect+0x620/0x620 [ 3285.141535] ? iterate_fd+0x360/0x360 [ 3285.145349] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3285.150915] ? fput+0x128/0x1a0 [ 3285.154224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3285.159775] ? security_file_ioctl+0x8d/0xc0 [ 3285.164201] ksys_ioctl+0xab/0xd0 [ 3285.167671] __x64_sys_ioctl+0x73/0xb0 [ 3285.171568] do_syscall_64+0xfd/0x620 [ 3285.175377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3285.180565] RIP: 0033:0x45af49 [ 3285.183938] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3285.202844] RSP: 002b:00007fc4a73fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3285.210583] RAX: ffffffffffffffda RBX: 00007fc4a73fcc90 RCX: 000000000045af49 [ 3285.217867] RDX: 0000000020000040 RSI: 0000000000004b37 RDI: 0000000000000004 [ 3285.225165] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3285.232453] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4a73fd6d4 [ 3285.239732] R13: 00000000004c505f R14: 00000000004dbba0 R15: 0000000000000005 [ 3285.318190] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:03:55 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf746010000000000) 15:03:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:55 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:55 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x590, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3000000, 0x500) 15:03:55 executing program 4 (fault-call:2 fault-nth:3): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) [ 3286.123722] FAULT_INJECTION: forcing a failure. [ 3286.123722] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3286.139095] CPU: 0 PID: 17167 Comm: syz-executor.4 Not tainted 4.19.95-syzkaller #0 [ 3286.146938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3286.156302] Call Trace: [ 3286.158909] dump_stack+0x197/0x210 [ 3286.162567] should_fail.cold+0xa/0x1b [ 3286.166478] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3286.171606] ? __might_sleep+0x95/0x190 [ 3286.171776] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3286.175613] __alloc_pages_nodemask+0x1ee/0x750 [ 3286.175638] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3286.175662] ? cache_grow_begin+0x597/0x8c0 [ 3286.195991] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3286.200592] ? trace_hardirqs_on+0x67/0x220 [ 3286.205024] cache_grow_begin+0x91/0x8c0 [ 3286.209128] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3286.214681] ? __cpuset_node_allowed+0x136/0x540 [ 3286.219463] fallback_alloc+0x1fd/0x2d0 [ 3286.223459] ____cache_alloc_node+0x1be/0x1e0 [ 3286.227978] kmem_cache_alloc_trace+0x215/0x760 [ 3286.232681] ksys_ioperm+0x2d3/0x6c0 [ 3286.236409] ? selinux_capable+0x36/0x40 [ 3286.240486] ? profile_pc+0xd0/0xd0 [ 3286.244576] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3286.250134] ? ns_capable_common+0x141/0x170 [ 3286.254565] vt_ioctl+0x7eb/0x2530 [ 3286.258119] ? complete_change_console+0x3a0/0x3a0 [ 3286.263063] ? avc_has_extended_perms+0xa78/0x10f0 [ 3286.268011] ? avc_ss_reset+0x190/0x190 [ 3286.271998] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 3286.277207] ? tty_jobctrl_ioctl+0x50/0xcd0 [ 3286.281545] ? complete_change_console+0x3a0/0x3a0 [ 3286.286491] tty_ioctl+0x7f3/0x1510 [ 3286.290139] ? tty_vhangup+0x30/0x30 [ 3286.293866] ? mark_held_locks+0x100/0x100 [ 3286.298116] ? proc_cwd_link+0x1d0/0x1d0 [ 3286.302195] ? __fget+0x340/0x540 [ 3286.305668] ? __might_sleep+0x95/0x190 [ 3286.309830] ? tty_vhangup+0x30/0x30 [ 3286.313565] do_vfs_ioctl+0xd5f/0x1380 [ 3286.317459] ? selinux_file_ioctl+0x46f/0x5e0 [ 3286.321962] ? selinux_file_ioctl+0x125/0x5e0 [ 3286.326466] ? ioctl_preallocate+0x210/0x210 [ 3286.330882] ? selinux_file_mprotect+0x620/0x620 [ 3286.335668] ? iterate_fd+0x360/0x360 [ 3286.339499] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3286.345144] ? fput+0x128/0x1a0 [ 3286.348452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3286.354005] ? security_file_ioctl+0x8d/0xc0 [ 3286.358435] ksys_ioctl+0xab/0xd0 [ 3286.361905] __x64_sys_ioctl+0x73/0xb0 [ 3286.365810] do_syscall_64+0xfd/0x620 [ 3286.369627] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3286.374820] RIP: 0033:0x45af49 [ 3286.378026] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3286.398029] RSP: 002b:00007fc4a73fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3286.405874] RAX: ffffffffffffffda RBX: 00007fc4a73fcc90 RCX: 000000000045af49 [ 3286.413168] RDX: 0000000020000040 RSI: 0000000000004b37 RDI: 0000000000000004 15:03:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3286.420447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3286.427724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc4a73fd6d4 [ 3286.435005] R13: 00000000004c505f R14: 00000000004dbba0 R15: 0000000000000005 [ 3286.468739] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3286.498055] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3286.503496] CPU: 0 PID: 17168 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3286.511303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3286.520674] Call Trace: [ 3286.523286] dump_stack+0x197/0x210 [ 3286.526933] dump_header+0x15e/0xa55 [ 3286.530666] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3286.535785] ? ___ratelimit+0x60/0x595 [ 3286.539689] ? do_raw_spin_unlock+0x181/0x270 [ 3286.544214] oom_kill_process.cold+0x10/0x6ef [ 3286.548732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3286.554287] ? task_will_free_mem+0x139/0x6e0 [ 3286.558807] out_of_memory+0x362/0x1330 [ 3286.562802] ? lock_downgrade+0x880/0x880 [ 3286.566967] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3286.572083] ? oom_killer_disable+0x280/0x280 [ 3286.576594] ? find_held_lock+0x35/0x130 [ 3286.580681] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3286.585569] ? memcg_event_wake+0x230/0x230 [ 3286.589918] ? do_raw_spin_unlock+0x181/0x270 [ 3286.594432] ? _raw_spin_unlock+0x2d/0x50 [ 3286.598597] try_charge+0xec5/0x1490 [ 3286.602324] ? lock_downgrade+0x880/0x880 [ 3286.606490] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3286.611382] ? rcu_read_unlock+0x33/0x60 [ 3286.615456] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3286.620328] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3286.626394] ? __free_object+0xe2/0x1f0 [ 3286.630382] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3286.635517] mem_cgroup_try_charge+0x259/0x6b0 [ 3286.640121] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3286.645062] wp_page_copy+0x430/0x16a0 [ 3286.648969] ? follow_pfn+0x2a0/0x2a0 [ 3286.652782] ? do_raw_spin_unlock+0x181/0x270 [ 3286.657286] do_wp_page+0x57d/0x10b0 [ 3286.661017] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3286.665695] ? kasan_check_write+0x14/0x20 [ 3286.669940] ? do_raw_spin_lock+0xd7/0x250 [ 3286.674193] __handle_mm_fault+0x2305/0x3f80 [ 3286.678614] ? copy_page_range+0x2030/0x2030 [ 3286.683052] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3286.687734] handle_mm_fault+0x1b5/0x690 [ 3286.691817] __do_page_fault+0x62a/0xe90 [ 3286.695896] ? vmalloc_fault+0x740/0x740 [ 3286.700000] ? trace_hardirqs_off_caller+0x65/0x220 [ 3286.705032] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3286.709987] ? page_fault+0x8/0x30 [ 3286.713561] do_page_fault+0x71/0x57d [ 3286.717384] ? page_fault+0x8/0x30 [ 3286.720939] page_fault+0x1e/0x30 [ 3286.724402] RIP: 0033:0x40d948 [ 3286.727605] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 3286.746531] RSP: 002b:00007ffe60373900 EFLAGS: 00010246 [ 3286.751905] RAX: 0000000000000004 RBX: 000000000075bf20 RCX: 0000000000000001 [ 3286.759183] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000075bf20 15:03:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3030000, 0x500) [ 3286.766634] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 3286.773915] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bf20 [ 3286.781193] R13: 000000000032259d R14: 00000000003225ca R15: 000000000075bf2c [ 3286.799512] Task in /syz0 killed as a result of limit of /syz0 [ 3286.805660] memory: usage 307200kB, limit 307200kB, failcnt 2880 15:03:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:56 executing program 4 (fault-call:2 fault-nth:4): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3370200, 0x500) [ 3286.823433] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3286.833353] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3286.854010] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:144KB inactive_file:0KB active_file:0KB unevictable:0KB 15:03:56 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3286.898914] Memory cgroup out of memory: Kill process 17168 (syz-executor.0) score 1103 or sacrifice child [ 3286.919363] Killed process 17168 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3286.962559] oom_reaper: reaped process 17168 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:03:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf846010000000000) 15:03:57 executing program 0 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)) 15:03:57 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:03:57 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4000000, 0x500) 15:03:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x591, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x2, &(0x7f0000000040)={0x0, 0x0}) [ 3288.300128] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:03:58 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3288.354599] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3288.381428] CPU: 0 PID: 17192 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3288.389280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3288.395127] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3288.398727] Call Trace: [ 3288.398753] dump_stack+0x197/0x210 [ 3288.398775] dump_header+0x15e/0xa55 [ 3288.398793] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3288.398808] ? ___ratelimit+0x60/0x595 [ 3288.398822] ? do_raw_spin_unlock+0x181/0x270 [ 3288.398844] oom_kill_process.cold+0x10/0x6ef [ 3288.433029] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3288.438590] ? task_will_free_mem+0x139/0x6e0 [ 3288.443111] out_of_memory+0x362/0x1330 [ 3288.447106] ? lock_downgrade+0x880/0x880 [ 3288.451266] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3288.456382] ? oom_killer_disable+0x280/0x280 [ 3288.460888] ? find_held_lock+0x35/0x130 [ 3288.464982] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3288.469838] ? memcg_event_wake+0x230/0x230 [ 3288.474183] ? do_raw_spin_unlock+0x181/0x270 [ 3288.478689] ? _raw_spin_unlock+0x2d/0x50 [ 3288.482848] try_charge+0xec5/0x1490 [ 3288.486573] ? lock_downgrade+0x880/0x880 [ 3288.490744] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3288.495606] ? rcu_read_unlock+0x33/0x60 [ 3288.499679] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3288.504561] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3288.510628] ? __free_object+0xe2/0x1f0 [ 3288.514608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3288.519740] mem_cgroup_try_charge+0x259/0x6b0 [ 3288.524339] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3288.529280] wp_page_copy+0x430/0x16a0 [ 3288.533194] ? follow_pfn+0x2a0/0x2a0 [ 3288.537014] ? do_raw_spin_unlock+0x181/0x270 [ 3288.541526] do_wp_page+0x57d/0x10b0 [ 3288.545366] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3288.550064] ? kasan_check_write+0x14/0x20 [ 3288.554316] ? do_raw_spin_lock+0xd7/0x250 [ 3288.558574] __handle_mm_fault+0x2305/0x3f80 [ 3288.563004] ? copy_page_range+0x2030/0x2030 [ 3288.567441] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3288.572124] handle_mm_fault+0x1b5/0x690 [ 3288.576205] __do_page_fault+0x62a/0xe90 [ 3288.580283] ? vmalloc_fault+0x740/0x740 [ 3288.584369] ? trace_hardirqs_off_caller+0x65/0x220 [ 3288.589396] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3288.594335] ? page_fault+0x8/0x30 [ 3288.597887] do_page_fault+0x71/0x57d [ 3288.601696] ? page_fault+0x8/0x30 [ 3288.605243] page_fault+0x1e/0x30 [ 3288.608699] RIP: 0033:0x40d948 [ 3288.611899] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 3288.630812] RSP: 002b:00007ffe60373900 EFLAGS: 00010246 [ 3288.636180] RAX: 0000000000000004 RBX: 000000000075bf20 RCX: 0000000000000001 [ 3288.643455] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000075bf20 15:03:58 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3288.650734] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 3288.658020] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bf20 [ 3288.665309] R13: 0000000000322ca2 R14: 0000000000322ccf R15: 000000000075bf2c 15:03:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4030000, 0x500) 15:03:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x0, 0x0}) 15:03:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3288.808113] Task in /syz0 killed as a result of limit of /syz0 [ 3288.816556] memory: usage 307200kB, limit 307200kB, failcnt 2893 [ 3288.838584] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3288.861549] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3288.882595] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:144KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3288.948082] Memory cgroup out of memory: Kill process 17192 (syz-executor.0) score 1103 or sacrifice child [ 3288.982773] Killed process 17192 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3289.014178] oom_reaper: reaped process 17192 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:03:59 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xf946010000000000) 15:03:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4370200, 0x500) 15:03:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b30, &(0x7f0000000040)={0x0, 0x0}) 15:03:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)) 15:03:59 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x592, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:03:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x2, &(0x7f0000000040)) 15:03:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:03:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b31, &(0x7f0000000040)={0x0, 0x0}) 15:03:59 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)={0x0, 0x0}) 15:03:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x5000000, 0x500) [ 3290.256264] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3290.309460] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3290.335371] CPU: 0 PID: 17238 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3290.343737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3290.353109] Call Trace: [ 3290.355717] dump_stack+0x197/0x210 [ 3290.359363] dump_header+0x15e/0xa55 [ 3290.363096] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3290.368212] ? ___ratelimit+0x60/0x595 [ 3290.372110] ? do_raw_spin_unlock+0x181/0x270 [ 3290.376623] oom_kill_process.cold+0x10/0x6ef [ 3290.381131] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3290.386688] ? task_will_free_mem+0x139/0x6e0 [ 3290.391210] out_of_memory+0x362/0x1330 [ 3290.395200] ? lock_downgrade+0x880/0x880 [ 3290.399364] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3290.404474] ? oom_killer_disable+0x280/0x280 [ 3290.409005] ? find_held_lock+0x35/0x130 [ 3290.413089] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3290.417948] ? memcg_event_wake+0x230/0x230 [ 3290.422282] ? do_raw_spin_unlock+0x181/0x270 [ 3290.426784] ? _raw_spin_unlock+0x2d/0x50 [ 3290.430951] try_charge+0xec5/0x1490 [ 3290.434673] ? lock_downgrade+0x880/0x880 [ 3290.438836] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3290.443684] ? rcu_read_unlock+0x33/0x60 [ 3290.447753] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3290.452607] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3290.458667] ? __free_object+0xe2/0x1f0 [ 3290.462645] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3290.467763] mem_cgroup_try_charge+0x259/0x6b0 [ 3290.472363] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3290.477308] wp_page_copy+0x430/0x16a0 [ 3290.481209] ? follow_pfn+0x2a0/0x2a0 [ 3290.485018] ? do_raw_spin_unlock+0x181/0x270 [ 3290.489525] do_wp_page+0x57d/0x10b0 [ 3290.493246] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3290.497924] ? kasan_check_write+0x14/0x20 [ 3290.502174] ? do_raw_spin_lock+0xd7/0x250 [ 3290.506428] __handle_mm_fault+0x2305/0x3f80 [ 3290.510854] ? copy_page_range+0x2030/0x2030 [ 3290.515291] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3290.519979] handle_mm_fault+0x1b5/0x690 [ 3290.524053] __do_page_fault+0x62a/0xe90 [ 3290.528131] ? vmalloc_fault+0x740/0x740 [ 3290.532202] ? trace_hardirqs_off_caller+0x65/0x220 [ 3290.537225] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3290.542164] ? page_fault+0x8/0x30 [ 3290.545843] do_page_fault+0x71/0x57d [ 3290.549654] ? page_fault+0x8/0x30 [ 3290.553207] page_fault+0x1e/0x30 [ 3290.556665] RIP: 0033:0x40d948 [ 3290.559865] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 3290.578778] RSP: 002b:00007ffe60373900 EFLAGS: 00010246 [ 3290.584152] RAX: 0000000000000004 RBX: 000000000075bf20 RCX: 0000000000000001 [ 3290.591431] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000075bf20 [ 3290.598706] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 3290.605983] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bf20 [ 3290.613259] R13: 000000000032345d R14: 000000000032348a R15: 000000000075bf2c [ 3290.625239] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3290.637488] Task in /syz0 killed as a result of limit of /syz0 [ 3290.649328] memory: usage 307180kB, limit 307200kB, failcnt 2947 [ 3290.683035] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3290.724156] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3290.867675] Memory cgroup stats for /syz0: cache:8KB rss:52KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:144KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3290.906668] Memory cgroup out of memory: Kill process 17238 (syz-executor.0) score 1103 or sacrifice child [ 3290.927883] Killed process 17238 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3290.956673] oom_reaper: reaped process 17238 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:01 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xfdffffff00000000) 15:04:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b33, &(0x7f0000000040)={0x0, 0x0}) 15:04:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x5030000, 0x500) 15:04:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x593, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)) 15:04:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)={0x0, 0x0}) [ 3291.906803] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3291.954903] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3291.989218] CPU: 1 PID: 17257 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 15:04:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3291.997054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3292.006421] Call Trace: [ 3292.009028] dump_stack+0x197/0x210 [ 3292.012680] dump_header+0x15e/0xa55 [ 3292.016414] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3292.021533] ? ___ratelimit+0x60/0x595 [ 3292.025436] ? do_raw_spin_unlock+0x181/0x270 [ 3292.029955] oom_kill_process.cold+0x10/0x6ef [ 3292.034471] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3292.040021] ? task_will_free_mem+0x139/0x6e0 [ 3292.044539] out_of_memory+0x362/0x1330 [ 3292.048530] ? lock_downgrade+0x880/0x880 15:04:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x5370200, 0x500) [ 3292.052699] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3292.057819] ? oom_killer_disable+0x280/0x280 [ 3292.062334] ? find_held_lock+0x35/0x130 [ 3292.066421] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3292.071282] ? memcg_event_wake+0x230/0x230 [ 3292.075771] ? do_raw_spin_unlock+0x181/0x270 [ 3292.080286] ? _raw_spin_unlock+0x2d/0x50 [ 3292.084451] try_charge+0xec5/0x1490 [ 3292.088188] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3292.088207] ? lock_downgrade+0x880/0x880 [ 3292.088224] ? kasan_check_read+0x11/0x20 15:04:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3292.088245] memcg_kmem_charge_memcg+0x83/0x170 [ 3292.088261] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3292.088281] ? __isolate_free_page+0x4c0/0x4c0 [ 3292.088297] memcg_kmem_charge+0x13b/0x370 [ 3292.088315] __alloc_pages_nodemask+0x3c3/0x750 [ 3292.088336] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3292.129127] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3292.133727] ? trace_hardirqs_on+0x67/0x220 [ 3292.138071] copy_process.part.0+0x3e0/0x7a30 [ 3292.142585] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3292.147708] ? delayacct_end+0x5c/0x100 [ 3292.151706] ? __delayacct_freepages_end+0xe0/0x140 [ 3292.156750] ? __lock_acquire+0x6ee/0x49c0 [ 3292.161016] ? __cleanup_sighand+0x70/0x70 [ 3292.165275] ? mark_held_locks+0x100/0x100 [ 3292.169546] _do_fork+0x257/0xfd0 [ 3292.173017] ? fork_idle+0x1d0/0x1d0 [ 3292.176767] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3292.182674] ? kasan_check_read+0x11/0x20 [ 3292.186838] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3292.191608] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3292.196386] ? do_syscall_64+0x26/0x620 [ 3292.200375] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3292.205750] ? do_syscall_64+0x26/0x620 [ 3292.209915] __x64_sys_clone+0xbf/0x150 [ 3292.213908] do_syscall_64+0xfd/0x620 [ 3292.217724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3292.222920] RIP: 0033:0x45d919 [ 3292.226120] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3292.245030] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3292.252753] RAX: ffffffffffffffda RBX: 00007f1c50bf4700 RCX: 000000000045d919 [ 3292.260058] RDX: 00007f1c50bf49d0 RSI: 00007f1c50bf3db0 RDI: 00000000003d0f00 [ 3292.267335] RBP: 00007ffe60373a10 R08: 00007f1c50bf4700 R09: 00007f1c50bf4700 [ 3292.274608] R10: 00007f1c50bf49d0 R11: 0000000000000202 R12: 0000000000000000 [ 3292.281881] R13: 00007ffe603738af R14: 00007f1c50bf49c0 R15: 000000000075bfd4 15:04:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b35, &(0x7f0000000040)={0x0, 0x0}) [ 3292.488290] Task in /syz0 killed as a result of limit of /syz0 [ 3292.494782] memory: usage 307196kB, limit 307200kB, failcnt 2969 [ 3292.522252] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3292.543739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3292.672371] Memory cgroup stats for /syz0: cache:8KB rss:184KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3292.696030] Memory cgroup out of memory: Kill process 17257 (syz-executor.0) score 1103 or sacrifice child [ 3292.713205] Killed process 17257 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3292.747762] oom_reaper: reaped process 17257 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 15:04:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6000000, 0x500) 15:04:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x0, 0x0}) 15:04:03 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xffffff7f00000000) 15:04:03 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x594, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b30, &(0x7f0000000040)) [ 3293.423921] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 15:04:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3a, &(0x7f0000000040)={0x0, 0x0}) [ 3293.466555] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3293.485105] CPU: 1 PID: 17286 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3293.492943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3293.494013] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3293.502304] Call Trace: [ 3293.502331] dump_stack+0x197/0x210 [ 3293.502353] dump_header+0x15e/0xa55 [ 3293.502368] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3293.502382] ? ___ratelimit+0x60/0x595 [ 3293.502396] ? do_raw_spin_unlock+0x181/0x270 [ 3293.502413] oom_kill_process.cold+0x10/0x6ef [ 3293.502431] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3293.502443] ? task_will_free_mem+0x139/0x6e0 [ 3293.502465] out_of_memory+0x362/0x1330 [ 3293.502484] ? lock_downgrade+0x880/0x880 [ 3293.502500] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3293.502517] ? oom_killer_disable+0x280/0x280 [ 3293.502531] ? find_held_lock+0x35/0x130 [ 3293.502556] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3293.502573] ? memcg_event_wake+0x230/0x230 [ 3293.502592] ? do_raw_spin_unlock+0x181/0x270 [ 3293.502608] ? _raw_spin_unlock+0x2d/0x50 [ 3293.502625] try_charge+0xec5/0x1490 [ 3293.502649] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3293.502669] ? lock_downgrade+0x880/0x880 [ 3293.502688] ? kasan_check_read+0x11/0x20 [ 3293.502708] memcg_kmem_charge_memcg+0x83/0x170 [ 3293.502725] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3293.502745] ? __isolate_free_page+0x4c0/0x4c0 [ 3293.502761] memcg_kmem_charge+0x13b/0x370 [ 3293.502782] __alloc_pages_nodemask+0x3c3/0x750 [ 3293.625916] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3293.630958] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3293.635555] ? trace_hardirqs_on+0x67/0x220 [ 3293.639899] copy_process.part.0+0x3e0/0x7a30 [ 3293.644408] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3293.649527] ? delayacct_end+0x5c/0x100 [ 3293.653522] ? __delayacct_freepages_end+0xe0/0x140 [ 3293.658559] ? __lock_acquire+0x6ee/0x49c0 [ 3293.662816] ? __cleanup_sighand+0x70/0x70 [ 3293.667065] ? mark_held_locks+0x100/0x100 [ 3293.671328] _do_fork+0x257/0xfd0 [ 3293.674798] ? fork_idle+0x1d0/0x1d0 [ 3293.678532] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3293.684432] ? kasan_check_read+0x11/0x20 [ 3293.688612] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3293.693390] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3293.698163] ? do_syscall_64+0x26/0x620 [ 3293.702156] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3293.707531] ? do_syscall_64+0x26/0x620 [ 3293.711529] __x64_sys_clone+0xbf/0x150 [ 3293.715518] do_syscall_64+0xfd/0x620 [ 3293.719336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3293.724532] RIP: 0033:0x45d919 [ 3293.727731] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3293.746645] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3293.754370] RAX: ffffffffffffffda RBX: 00007f1c50bf4700 RCX: 000000000045d919 15:04:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3b, &(0x7f0000000040)={0x0, 0x0}) 15:04:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3293.761767] RDX: 00007f1c50bf49d0 RSI: 00007f1c50bf3db0 RDI: 00000000003d0f00 [ 3293.769051] RBP: 00007ffe60373a10 R08: 00007f1c50bf4700 R09: 00007f1c50bf4700 [ 3293.776406] R10: 00007f1c50bf49d0 R11: 0000000000000202 R12: 0000000000000000 [ 3293.783693] R13: 00007ffe603738af R14: 00007f1c50bf49c0 R15: 000000000075bfd4 [ 3293.796532] Task in /syz0 killed as a result of limit of /syz0 [ 3293.816167] memory: usage 307188kB, limit 307200kB, failcnt 2992 15:04:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3293.841383] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3293.870858] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:03 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x7000000, 0x500) 15:04:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3c, &(0x7f0000000040)={0x0, 0x0}) [ 3293.891193] Memory cgroup stats for /syz0: cache:8KB rss:184KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3293.968125] Memory cgroup out of memory: Kill process 17286 (syz-executor.0) score 1103 or sacrifice child [ 3293.998160] Killed process 17286 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:03 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3d, &(0x7f0000000040)={0x0, 0x0}) 15:04:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3294.033273] oom_reaper: reaped process 17286 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:03 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b31, &(0x7f0000000040)) [ 3294.106271] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3294.188660] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3294.225478] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3294.240369] CPU: 0 PID: 17317 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3294.248217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3294.257582] Call Trace: [ 3294.260199] dump_stack+0x197/0x210 [ 3294.263849] dump_header+0x15e/0xa55 [ 3294.267584] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3294.272708] ? ___ratelimit+0x60/0x595 [ 3294.276613] ? do_raw_spin_unlock+0x181/0x270 [ 3294.281131] oom_kill_process.cold+0x10/0x6ef [ 3294.285641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3294.291190] ? task_will_free_mem+0x139/0x6e0 [ 3294.295705] out_of_memory+0x362/0x1330 [ 3294.299687] ? lock_downgrade+0x880/0x880 [ 3294.303975] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3294.309093] ? oom_killer_disable+0x280/0x280 [ 3294.313610] ? find_held_lock+0x35/0x130 [ 3294.317806] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3294.322675] ? memcg_event_wake+0x230/0x230 [ 3294.327018] ? do_raw_spin_unlock+0x181/0x270 [ 3294.331530] ? _raw_spin_unlock+0x2d/0x50 [ 3294.335829] try_charge+0xec5/0x1490 [ 3294.339680] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3294.344545] ? lock_downgrade+0x880/0x880 [ 3294.348721] ? kasan_check_read+0x11/0x20 [ 3294.353016] memcg_kmem_charge_memcg+0x83/0x170 [ 3294.357849] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3294.362370] ? __isolate_free_page+0x4c0/0x4c0 [ 3294.366972] memcg_kmem_charge+0x13b/0x370 [ 3294.371226] __alloc_pages_nodemask+0x3c3/0x750 [ 3294.375918] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3294.380952] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3294.385544] ? trace_hardirqs_on+0x67/0x220 [ 3294.389884] copy_process.part.0+0x3e0/0x7a30 [ 3294.394393] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3294.399512] ? delayacct_end+0x5c/0x100 [ 3294.403502] ? __delayacct_freepages_end+0xe0/0x140 [ 3294.408542] ? __lock_acquire+0x6ee/0x49c0 [ 3294.412800] ? __cleanup_sighand+0x70/0x70 [ 3294.417049] ? mark_held_locks+0x100/0x100 [ 3294.421514] _do_fork+0x257/0xfd0 [ 3294.424988] ? fork_idle+0x1d0/0x1d0 [ 3294.428731] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3294.434653] ? kasan_check_read+0x11/0x20 [ 3294.438814] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3294.443584] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3294.448348] ? do_syscall_64+0x26/0x620 [ 3294.452329] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3294.457702] ? do_syscall_64+0x26/0x620 [ 3294.461690] __x64_sys_clone+0xbf/0x150 [ 3294.465680] do_syscall_64+0xfd/0x620 [ 3294.469501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3294.474728] RIP: 0033:0x45d919 [ 3294.477929] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3294.496840] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3294.504555] RAX: ffffffffffffffda RBX: 00007f1c50bf4700 RCX: 000000000045d919 [ 3294.511851] RDX: 00007f1c50bf49d0 RSI: 00007f1c50bf3db0 RDI: 00000000003d0f00 [ 3294.519129] RBP: 00007ffe60373a10 R08: 00007f1c50bf4700 R09: 00007f1c50bf4700 [ 3294.526402] R10: 00007f1c50bf49d0 R11: 0000000000000202 R12: 0000000000000000 [ 3294.526412] R13: 00007ffe603738af R14: 00007f1c50bf49c0 R15: 000000000075bfd4 [ 3294.541534] Task in /syz0 killed as a result of limit of /syz0 [ 3294.547714] memory: usage 307188kB, limit 307200kB, failcnt 3015 [ 3294.554385] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3294.561648] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3294.568274] Memory cgroup stats for /syz0: cache:8KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3294.588666] Memory cgroup out of memory: Kill process 17317 (syz-executor.0) score 1103 or sacrifice child [ 3294.599532] Killed process 17317 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:04 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xffffffff00000000) 15:04:04 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x0, 0x0}) 15:04:04 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, 0x0) 15:04:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x9000000, 0x500) 15:04:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)) 15:04:04 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x595, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, 0x0) 15:04:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x0, 0x0}) 15:04:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b33, &(0x7f0000000040)) [ 3295.388267] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:05 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, 0x0) 15:04:05 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b44, &(0x7f0000000040)={0x0, 0x0}) 15:04:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa000000, 0x500) [ 3295.786166] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xffffffff87a00000) 15:04:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)) 15:04:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b45, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1e260000, 0x500) 15:04:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x596, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:06 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0xfffffffffffff000) 15:04:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b46, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b35, &(0x7f0000000040)) 15:04:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x20000000, 0x500) 15:04:06 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) setxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0xd7eb9dea96474767) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x31, 0x0, 0x1, 0x0, 0x0, 0x40001}, 0x8080) 15:04:06 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x597, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b47, &(0x7f0000000040)={0x0, 0x0}) 15:04:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)) [ 3297.224144] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:06 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)) 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)) 15:04:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffe74, &(0x7f0000000100)={&(0x7f00000001c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x0, 0x40, 0x0, 0x0, @u64=0x39}, @typed={0x0, 0x71, 0x0, 0x0, @u64=0x8}, @typed={0x0, 0xf, 0x0, 0x0, @ipv4=@local}, @generic="6ccbd052552335178347c7836c5db99f295cc4f954b3e56a186fcef05d659f8890c655977ee08b24004391387c17c4d3caff03036c1fc45296fcf335f2fce9d983a02907e70876ad90dbcd6f4885f945a4190e4557060d4f7385c93977766df4290ec00acb72518953065d277ddf234af59d18b3365c6898205be364f734fd534f991b3fc11a", @generic="d20be67687e2eb2788bb210cc6c1d8e49b63dc1f7074407e1ce16f2fed9ff9659dffd11d91bdab29b05226c8a6fa988e42077653939c903b2122e8b170156ca04de7d3fa75c534ba200ac7c8c2b4fcbec4e4d7679be077aa58bf6080ad49157267e798cb79a72bfe0823c40ad45e1e7d261f9be3e29010ce57f29df44503eff584e7d8e2d4c431fb5a0d519ba8eba87b6a6254ed6e5e20884d805ba74d8db75572565c264e9fa910b9e500d3500d2aae409ef7ac633aa865911a567d85c03ff88dbd4472c98db5b5809334bd6602ce42034f7b089147324506c7c2b4437872e5ddce1087ba7505"]}, 0x28}, 0x1, 0xfdffffff00000000, 0x0, 0x4000}, 0x0) 15:04:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b48, &(0x7f0000000040)={0x0, 0x0}) 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)) 15:04:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x22000000, 0x500) 15:04:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)) [ 3297.490111] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 15:04:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x598, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x0, 0x0}) 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)) 15:04:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3a, &(0x7f0000000040)) [ 3297.661451] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3297.743495] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b30, &(0x7f0000000040)) 15:04:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4a, &(0x7f0000000040)={0x0, 0x0}) 15:04:07 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000022002908000000000000000004000000140011005f64080fa4579b6bbb38b3c065a55b369c64c4cf8254509e3ad52b8b03e2f53e886109abee57bee4afc83261a189573b8f7c808f5094e503db746b83211c849c"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:07 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x599, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x23000000, 0x500) 15:04:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3b, &(0x7f0000000040)) 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x0, 0x0}) 15:04:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3c, &(0x7f0000000040)) 15:04:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3b, &(0x7f0000000040)) [ 3298.104821] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x0, 0x0}) 15:04:07 executing program 2 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3d, &(0x7f0000000040)) 15:04:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2a040000, 0x500) [ 3298.444523] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3298.503138] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3298.528045] CPU: 0 PID: 17460 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3298.535886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3298.545249] Call Trace: [ 3298.547858] dump_stack+0x197/0x210 [ 3298.551504] dump_header+0x15e/0xa55 [ 3298.555225] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3298.560341] ? ___ratelimit+0x60/0x595 [ 3298.564234] ? do_raw_spin_unlock+0x181/0x270 [ 3298.568747] oom_kill_process.cold+0x10/0x6ef [ 3298.573264] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3298.578825] ? task_will_free_mem+0x139/0x6e0 [ 3298.583358] out_of_memory+0x362/0x1330 [ 3298.587355] ? lock_downgrade+0x880/0x880 [ 3298.591515] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3298.596630] ? oom_killer_disable+0x280/0x280 [ 3298.601147] ? find_held_lock+0x35/0x130 [ 3298.605245] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3298.610108] ? memcg_event_wake+0x230/0x230 [ 3298.614446] ? do_raw_spin_unlock+0x181/0x270 [ 3298.618954] ? _raw_spin_unlock+0x2d/0x50 [ 3298.623113] try_charge+0xec5/0x1490 [ 3298.626837] ? lock_downgrade+0x880/0x880 [ 3298.631004] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3298.635855] ? rcu_read_unlock+0x33/0x60 [ 3298.639925] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3298.644780] ? mark_held_locks+0x100/0x100 [ 3298.649027] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3298.655108] mem_cgroup_try_charge+0x259/0x6b0 [ 3298.659710] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3298.664653] wp_page_copy+0x430/0x16a0 [ 3298.668564] ? follow_pfn+0x2a0/0x2a0 [ 3298.672383] ? do_raw_spin_unlock+0x181/0x270 [ 3298.676887] do_wp_page+0x57d/0x10b0 [ 3298.680624] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3298.685302] ? kasan_check_write+0x14/0x20 [ 3298.689544] ? do_raw_spin_lock+0xd7/0x250 [ 3298.693793] __handle_mm_fault+0x2305/0x3f80 [ 3298.698217] ? copy_page_range+0x2030/0x2030 [ 3298.702649] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3298.707327] handle_mm_fault+0x1b5/0x690 [ 3298.711406] __do_page_fault+0x62a/0xe90 [ 3298.715477] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3298.721374] ? vmalloc_fault+0x740/0x740 [ 3298.725445] ? trace_hardirqs_off_caller+0x65/0x220 [ 3298.730467] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3298.735403] ? page_fault+0x8/0x30 [ 3298.738958] do_page_fault+0x71/0x57d [ 3298.742768] ? page_fault+0x8/0x30 [ 3298.746314] page_fault+0x1e/0x30 [ 3298.749773] RIP: 0033:0x40e0d0 [ 3298.752983] Code: 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 68 89 48 24 8b 4c 24 28 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f [ 3298.771903] RSP: 002b:00007ffe60373930 EFLAGS: 00010287 [ 3298.777324] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000004b3d [ 3298.784610] RDX: 00000000000000a8 RSI: 00007f1c50bf3db0 RDI: 000000000075bfd0 [ 3298.792586] RBP: 000000000075bfd4 R08: 0000000000000000 R09: 00007f1c50bf4700 [ 3298.800211] R10: 00007f1c50bf49d0 R11: 0000000000000202 R12: 000000000075bfc8 [ 3298.807485] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000075bfd4 [ 3298.876793] Task in /syz0 killed as a result of limit of /syz0 [ 3298.890366] memory: usage 307164kB, limit 307200kB, failcnt 3162 [ 3298.905821] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3298.920537] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3298.934485] Memory cgroup stats for /syz0: cache:8KB rss:132KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3298.978125] Memory cgroup out of memory: Kill process 17460 (syz-executor.0) score 1103 or sacrifice child [ 3298.999401] Killed process 17460 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3299.024612] oom_reaper: reaped process 17460 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 15:04:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b2f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x0, 0x0}) 15:04:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2c000000, 0x500) 15:04:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)) 15:04:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59a, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:09 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000014001100"/24], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r2}], 0x1, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000140)={0x11, 0x4, 0x1}) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0xbc, r1, 0x300, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x1c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x228}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x29ac0000}]}, @TIPC_NLA_LINK={0x1c, 0x4, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x3c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x735}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xcbb4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffffffe0}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xa2}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0xc0}, 0x4000000) r3 = dup(0xffffffffffffffff) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=@can_delroute={0x24, 0x19, 0x609, 0x0, 0x0, {}, [@CGW_DST_IF={0x8, 0xa, r6}, @CGW_SRC_IF={0x8, 0x9, r8}]}, 0x24}}, 0x0) ioctl$sock_SIOCDELRT(r3, 0x890c, &(0x7f0000000340)={0x0, @can={0x1d, r6}, @generic={0x16, "8d2c76c5523d5115c6a4314053af"}, @xdp={0x2c, 0x4, 0x0, 0x3}, 0x4, 0x0, 0x0, 0x0, 0xb4c, &(0x7f0000000300)='veth1_to_bond\x00', 0x7f, 0x4, 0x8001}) sendmsg$nl_route_sched(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x22110408}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)=@deltfilter={0x318, 0x2d, 0x400, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r9, {0xb, 0x3}, {0x2, 0xf}, {0x8, 0x8}}, [@TCA_RATE={0x6, 0x5, {0xf8, 0x25}}, @filter_kind_options=@f_matchall={{0xd, 0x1, 'matchall\x00'}, {0x2d4, 0x2, [@TCA_MATCHALL_ACT={0x128, 0x2, @m_vlan={0x124, 0x1a, 0x0, 0x0, {{0x9, 0x1, 'vlan\x00'}, {0x94, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x2, 0x2259e30f, 0x20000000, 0x8}, 0x2}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xea2}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x1}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x963}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x9, 0x1, 0x3, 0x4000, 0x6}, 0x1}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xbe3}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x3ff, 0x3, 0xe44bee3ff4257d94, 0x9d, 0x5}, 0x2}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x8, 0x607, 0x6, 0x9, 0x9}, 0x2}}]}, {0x7e, 0x6, "d842f33fc8eb8b0e0da79c9c2bd14e914325300835d713398d445699970b9600db96d1505533d0474620b18b078cbd7f840e3bb8fc654bd3abecddb2b653f9f97fb8eae1ad5c1104eadca0876a2460fb931cec8349b32091013213ca74d84fb4c8cf4b21ebe89a7b3ecaafbf98e634a68c1f71383e84f098f989"}}}}, @TCA_MATCHALL_ACT={0x1a8, 0x2, @m_csum={0x1a4, 0x20, 0x0, 0x0, {{0x9, 0x1, 'csum\x00'}, {0x11c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1, 0x9, 0x1, 0x1f, 0x3}, 0x57}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x6, 0x3, 0x8, 0x2, 0x6}, 0xa}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x101, 0x20, 0x8, 0x7, 0xf00}, 0x74}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0xffff, 0x2, 0x5, 0x0, 0x6}, 0x6}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x5, 0x8, 0x20000000, 0x7, 0x1}, 0x2d}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x4, 0x4, 0x6}, 0x42}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7, 0x1ff, 0x8, 0x2, 0x10000}, 0x61}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x3de, 0x46, 0x0, 0x4, 0xfffff633}, 0x5f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fffffff, 0x9, 0x20000000, 0x8, 0x8001}, 0x5f}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x1000, 0x40, 0xffffffffffffffff, 0x5d, 0x8}, 0x3f}}]}, {0x78, 0x6, "a4bc510f944f66c2c77d9b3fee7037ec6f95d06ac46ae6e2aa23612400e94f4cbdd1e52b6cef21a4308174f1d3adac98c5c1a12e26c083fca2bcf9d33fd44623d63e99cc44669cbad2addfa9075602a1ab8d9656441f645520c36a4e1eb3f9b8442b759d1ad40e425d3cdf9d1ef2ceb7ab7aaa41"}}}}]}}, @TCA_RATE={0x6, 0x5, {0x5, 0x3}}]}, 0x318}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 15:04:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4e, &(0x7f0000000040)={0x0, 0x0}) 15:04:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b44, &(0x7f0000000040)) [ 3300.008234] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x0, 0x0}) 15:04:09 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59b, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:09 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b30, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f000000, 0x500) 15:04:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b45, &(0x7f0000000040)) 15:04:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b60, &(0x7f0000000040)={0x0, 0x0}) [ 3300.323798] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing 15:04:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b31, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b46, &(0x7f0000000040)) 15:04:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x294, 0x0}, 0x800) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000002200290800000000000000000000000014001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x40000000, 0x500) 15:04:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59c, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x0, 0x0}) 15:04:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b32, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3300.577288] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3300.651057] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3300.672235] CPU: 1 PID: 17512 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3300.676055] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3300.680089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3300.680095] Call Trace: [ 3300.680118] dump_stack+0x197/0x210 [ 3300.680137] dump_header+0x15e/0xa55 [ 3300.680155] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3300.680169] ? ___ratelimit+0x60/0x595 [ 3300.680182] ? do_raw_spin_unlock+0x181/0x270 [ 3300.680205] oom_kill_process.cold+0x10/0x6ef [ 3300.680226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3300.680240] ? task_will_free_mem+0x139/0x6e0 [ 3300.680263] out_of_memory+0x362/0x1330 [ 3300.680282] ? lock_downgrade+0x880/0x880 [ 3300.680299] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 15:04:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59d, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3300.680314] ? oom_killer_disable+0x280/0x280 [ 3300.680329] ? find_held_lock+0x35/0x130 [ 3300.680356] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3300.680371] ? memcg_event_wake+0x230/0x230 [ 3300.680390] ? do_raw_spin_unlock+0x181/0x270 [ 3300.680405] ? _raw_spin_unlock+0x2d/0x50 [ 3300.680422] try_charge+0xec5/0x1490 [ 3300.680446] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3300.680466] ? lock_downgrade+0x880/0x880 [ 3300.680483] ? kasan_check_read+0x11/0x20 [ 3300.680506] memcg_kmem_charge_memcg+0x83/0x170 [ 3300.680523] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3300.680543] ? __isolate_free_page+0x4c0/0x4c0 [ 3300.680561] memcg_kmem_charge+0x13b/0x370 [ 3300.680581] __alloc_pages_nodemask+0x3c3/0x750 [ 3300.680603] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3300.680624] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3300.680645] ? trace_hardirqs_on+0x67/0x220 [ 3300.827802] copy_process.part.0+0x3e0/0x7a30 [ 3300.832313] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3300.837434] ? delayacct_end+0x5c/0x100 [ 3300.841430] ? __delayacct_freepages_end+0xe0/0x140 [ 3300.846642] ? __lock_acquire+0x6ee/0x49c0 [ 3300.850900] ? __cleanup_sighand+0x70/0x70 [ 3300.855149] ? mark_held_locks+0x100/0x100 [ 3300.859409] _do_fork+0x257/0xfd0 [ 3300.862877] ? fork_idle+0x1d0/0x1d0 [ 3300.866608] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3300.872502] ? kasan_check_read+0x11/0x20 [ 3300.876662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3300.881422] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3300.886187] ? do_syscall_64+0x26/0x620 [ 3300.890179] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3300.895554] ? do_syscall_64+0x26/0x620 [ 3300.899542] __x64_sys_clone+0xbf/0x150 [ 3300.903535] do_syscall_64+0xfd/0x620 [ 3300.907355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3300.912681] RIP: 0033:0x45d919 [ 3300.915884] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3300.934796] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3300.942519] RAX: ffffffffffffffda RBX: 00007f1c50bf4700 RCX: 000000000045d919 15:04:10 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59e, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b33, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b62, &(0x7f0000000040)={0x0, 0x0}) [ 3300.949799] RDX: 00007f1c50bf49d0 RSI: 00007f1c50bf3db0 RDI: 00000000003d0f00 [ 3300.957075] RBP: 00007ffe60373a10 R08: 00007f1c50bf4700 R09: 00007f1c50bf4700 [ 3300.964351] R10: 00007f1c50bf49d0 R11: 0000000000000202 R12: 0000000000000000 [ 3300.971630] R13: 00007ffe603738af R14: 00007f1c50bf49c0 R15: 000000000075bfd4 15:04:10 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28002b31fbc2f5777e960000000000000900000014001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) r2 = dup(0xffffffffffffffff) setsockopt$packet_int(r2, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) io_setup(0x8, &(0x7f0000000440)=0x0) r4 = dup(0xffffffffffffffff) setsockopt$packet_int(r4, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) r5 = accept4$unix(r4, &(0x7f0000000500)=@abs, &(0x7f0000000480)=0x6e, 0x80800) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000001640)='/dev/btrfs-control\x00', 0x88400, 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000016c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r6, &(0x7f0000001980)={&(0x7f0000001680)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001940)={&(0x7f00000019c0)={0x22c, r7, 0x2, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x70, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0xff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xa965}]}, @TIPC_NLA_SOCK={0x2c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6ae1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1ff}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_ID={0xfffffffffffffda3, 0x1, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffffffffd72b3f16}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4fb7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x68000000000}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x36c0}, @TIPC_NLA_NODE_ADDR={0xfffffffffffffeb5, 0x1, 0x7f}]}, @TIPC_NLA_MEDIA={0xc}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x0, 0x2, 0x3}, @TIPC_NLA_SOCK_ADDR={0xffffff1c, 0x1, 0xa0}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x275b}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x18, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MEDIA={0x60, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5ce}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}]}, 0x22c}, 0x1, 0x0, 0x0, 0x8020}, 0xbdea308ec1b4096) r8 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580)='/proc/self/net/pfkey\x00', 0x244240, 0x0) io_cancel(r3, &(0x7f00000015c0)={0x0, 0x0, 0x0, 0x1, 0x6, r5, &(0x7f0000000580)="caa8ef28c04a211d15aa649a095564e67ffbf893ccc3f324d5700ef5c0c35d82baef7bdc5f0862ba549a3093b4e6b973b6af1a113f0731fe58ac94e147f1776f8f0afb7820d291c28cd564a8fa36811ac54c4b1db414adcade14231c1e3b5d7facb75a0ab6775b1bc6841089a0d33ccbd87898bce38162135747cdd1b59fadb3f20d64845019924680b4c71bc8ee725746d25d3fd2affd5ccae5e4ea711ba2aa4fbf5b2a1a630045b12178b164181aa6e23e0f1226cdb9bf0e7c7ba499ce08d53711141bb6b84ec6696d9dcf6371e781b22c3e206134c5d2e38fc1b5f85d604c17f5eb0137bfc6532edf099f900aa6348c836ce438a51ea6b8b3aa2bb07b49fa509f7d365a5124b95c390e294ecf8ad3660a9cee778ae6ece17a68b20930f5f8260b8cc1b4155cad3851de48e4a955093cd3f232b9645bdb288734f03a038b7931174d6ebbdae78c7e49d33c0600706a8f95e63163f727e7eec5c7562c7423d4ef4526cb69051d97770ca8804cae0c28a2026edb1b0d3e50c78cd30e49a8cc58afe9fd33e7ecccbd2c0a7907f96861eb081929a4086dce01690a25a8e0ff6dcf4b7b3d96b62daea59d4e2a8ea8f988241e2270ecb6c92530218a0c3f0b73fb32a3480e91841a597b84ad18c6e2aeab6b9a2179202694d66239926705c5865f4aa66aeb923baaade9af0332ac2dd19bdb6e5147e049dd8bd98f8ef73d27415b3fee9f41cbc3ea5801082cc089af9ba70a5747a8520d7dd10a68944ec81506d0e1f75fa285ddcc80be73dff22c1a506e6b5599f72c007ecff6cf2a51e3f5fa9c90f46669d1126fe7b72d0f62ca6cada64dfcad3d7564340b228f3c523a4922043b127ebea77c85153c915260d1ab905ba2cfe8d8f28e5c29f20786016944aa31c7181edfcde37dc893ebf71f87f5031b8208c9fb3d3b19eb246ac1ebc1f871d8f0f503914a779a2f5bd7ceb320de6119331c9698f2ab63f78cbac06b49ca057934db782c266312e5ecb53214ac12483fd3aa3c05f113e62eb0c3527ece658f629e78fea5ca39b8db571701ae30f438dda61d03a9bd41390677cf94eea3c8d07bea9ac97c61434a223dfb08405b5641e73e7efeb168987da9667d84d05a57b870de1b6b625e0b5b433a770563b13afc88820d357f04b9a39e644e3595eb897b9c8661419a2eebc7d1fdd5d8cae2ed9c2f2814604aa1773115a06bd73a1245b5a7f6ed7ae398c788ee685b9d66a00ad3f66b46af6d36316272f6b7fa046901a08982ad5ca98c07eb0a6144e6cee51399b36e9a0a5098313e59f01a1fe75a8b807c4d9a5538b61822a5696d3dfdf2c268db6786dc35f5429e811e209f24df9402350978436102f7c8fa6f986241b8f7d72e1b374a534834a263ac7888415d54dfa0eebda76feddedfa45abb3d597836c67a6ab7a2a3ae3708ba45613ca98e2f620829215a9a60ebf0dfa4c6f922969d50f4990d0bb6332b697a44c708474bcf51748b868c8f3683f2f82d13964ab20802230aff958b88f3e2be7ccdde0b293799472eecf8c8bbae668d4d6880e2c2bc25570ad7a821e40c77a1618ccc16f22349dc1dc8552c0d8bcf321ecc2b60eaadecbffe3d95cdf015999256fcaa667ba7dab5eecbe8354b02b121e5d6a9261fb96f0cdf1ba588a90bd7e1d98c95c9c4dfaf2aa8d403dc620819f686007cea540731ce78fad8cb9ceb234434a6bf784714c7a4ede64483b27a57db13708070d070f0a404f15035f05e21bb02f699cc8562299e463a171736c5fc354ea4971036607062a8b7b8e4aa06c9040e1ba7fe51e90eb7706e49ec1a4867649213145c88ef489524bfba4d45c3e37c99653143ec9c1684cf113a32194610552f77dbb55a930e251ec78b7ea31cb1a3bc809264af416ba19b09a55fc540cf39d57d7c0e0061153f643296b60af5b5de5ce15624aa923810f2d4540a652e2fb49c69cc286c340a875a1b7abec58a3436b0a29c85b8a21ecbdb69a0f3d84c59d30a5c605ba1782f5dc2234bedeeeea1156f1b6b95b09b55f56d20b6d47471ddd5b7b25777b7600fd83e091fa554931db9615e3b8f3009ae28bbf2dd719224d98ca0d20d60821b0a32ea9d537ab414ec4e920d75e97270f97252609add3ddc688300e8c47edf1f169739518aaf49751eed506e8cf29bb7dcbdfdfef06ffcccab33724c1999c0bac4763d4ca43e2eb9ca86843137f4f18a25510d6821bc440ebe5314fba6ea3bc4cb32bc1a658266bba9bdcdb8b939093a33fce3c636785d83c10b5efad90b9b76bcd5583dac5497cdfb149b12270b3e62693e61bfccf6a1fad459a45604edc1fa86d21dfd8a8835cea9747ba4b118f7bea8960de7abb041b783624a47ed4f8ebbc528ca70f528e7bb0ad5a1e8678a933bc05e4abaec069c557bef7eeffd2e51d5f260cd16429ae0eb123e6184c8499b003d2ca094352d3124c63c858cbe253d1dc9ad6650c0ce872bb730894a3988085dd0f8fdd3d39e7d6535d2243c3495a3e17dd88ef8e944e914be420f96b1895e8e49be6c3d2eedb7626ba5edcd59e0f9cc8555b7d5c98c5b2011e0da31c460ad875fb25c82d056b98594ddf605a20764e22f29435e9d111a65cac049aec72b4c6462126cd3319b4763f1f86165c8ef9a7a9cdcb49cabe17e2687cf2705f82bf4aa2d2d44a12ac79cfe318d27af6faffb86f78efe1c0d12ba85776dbed699f18ad87f56e4572fa4ce4623d8eb57590cab05e4c65d99664fcdf25a40e2ddac9c90f95c613170d0bb69b6f4e0531df768eca87a2590e070f6fb5133d8d1d414a8c08ae5e5352220a7c910a0aea82eac357da68897481a52fab8665a76df221277c85be8a5160644981be0ffc28ceaa6da0138ba921c48c0c18d1e7ba4ed90d1e431f8d7ebf944cc5db5c6ea75f4660e69ea6d6787c78be28281d51ccc03285d89eaa8f4414895465cb135adb1b3e792477bb8ba4950affc846aa5d427eb6cef14785e55818ade3cdbed83e8caa80e2ca74b63fb9c63f7837a1166504167ee5763a7773799dba40ca8ae2a5af91b419eb9e6b9206b7ae8e058816785b6bf5fa4613920d805f61fd9512078d88b6964c0d4b5550a3b7049d996607803f191a4916346df02c78d9412c3d28efeb93abce847124dcfb49fdec4678964ca8ff27a2935ca56e7dce45dd712f1d0aad82ed5c2d6a2475c02e2bfaa567572841c535a46a4f4253c967ff3cb93b23bc9a4becc71a1328e84b3160c2f2c5425b6a1abf4753915c296044d094f5c17090df994ebbe23ba2459a5013bdead49c8054cfabdb0a96a279a081bfdb814a64812a159c24e9aa6b3555a920864ce88696636fbed709ba54bb1b71d234e79eaa078f9641f0292f6f637e379732325f0abc5f8605a978b36942268d991e43bdd7c0b3e0fc1cf50302dccee6fa43068c9bf0b342be0a14c40466b7ced4a3e99de16447bbc6167084368491c649431f4b7eb39223a31900d381867770fa1e521f95171655659942bdde2bcb764387591ea5a5d26be33e8ddf1407a1356c9a66166baf2f23f622a24bcc2e4e5f9f16f9198683d69aec7c74cae229d415a1264789d994b7073ad66f2a9d8ec9930e54398860c7cac816a68029b8fefb523e6c799e2490609bfa25c61e290e727e5be004bae4be1decea9937fada0098ec722e3a8bee976ae7aa7f32d4ff2bfe2236ef8707a00bff1c46c3916f68e596c61d7a17fae872bf221a2c772d35fdecd00dde5db98664565893603338bcde1312746d1d9ecda21ba5f6ec481f99d1ceaf3bc146610f9490e676c4ab9f8246e1584b600e29d7670be1bbe281d04fa8fbc2ceacfa93eb23d2fe8ab76df6798ead4faa0701f77a0b6e23067d8db7034b4cb6e921cf6874a93d954aebc3ca2157c975b70e123bc445479675deccf9612abf4fb362127c8eb71b151e3c3634495c8db05d243900a70f4a7cd6f9c7ca1b95e0d8a33a8c4f1a18adc150410add1aca0792d42a9152685c5b7686ab17b506a438e94e84e51feadd8f984e8d827b7c96dcb84bcd0f11b58240fb4917f36c60aa2ec4e7179591b4305ca08c14be7528b893ed6ee01aaac43a57dbe360d6ca47a426f789003f5a56428d6e796dbdd346a642bd7503afce4a660da514859be58e472e26d06f31aa1f2261c770f182ea893a637e7abd0baae239aa3d0b606f16d4d7f001ee884884b03ac6cab8c59cd68b5b2addf7a64b949b6aca24feb3e6cd59e7b64471dc660cb3d99163cc7f20e6f929c8d5d53cdf9739389a29a23ffec696f04eb3b8cd8aae2c779805a08a92d15028e993f3acf003d0d672d13b8ec07cc8db12c7036c6fb7b43922ed85e7cd59509306daf7055a2166206e136aa2fee908d6304b2a3d4937084ab84ea5147a3bcca7e99573a49b40bf09f185bae0c95ea9caf66bdf34d685959c2d2d77bdd2e59634bfdfeb2ea16f266b379776fb3f5bf3f24b924198788b728ef27e72639a8fb943065554029e53eab6ee77944f7bd6e1b914ae9d79be848c6842f83e5c7075e6173390550aeb10418a0a0c36a3d67216875c9a5df1c4bbb6d145f0f0accfd80c6bae0d7c067321076f6cd0e73fe2d2d4783b38ac456fc208f1c36d8531fca3ab7d0a3ab19f7b23aecf7f8850049ebac8c7c904a71badef2bca1f10ee4ddf811d88488a13c6f76205385953e8226ae28a5beba830ee30eb27b3d50d9899854a0b762accde0553d9b3125c395b139ed0949d49f00cc66dceda93b5a8ff2e7d2030c24bf7493c690d8c4fe12e1d620ddb568bf7ad0796212a07da1f1fc1f12502ab278b438018357d94e00904274f87fe7b771d631a677dbb77d43c97e881c85a15fb852fbce2fad0d7ddf589199a289133e22c54da391279217a4f2cf516baf87dbe71606bac8b7416cd639c0021c8d12014dc1ab7eaac9f40ae2a8620e5190f2aaa64cb7a789c88f61ebd2951c767178c2363271dbb60c97394cde63e950329892725a03c5c13ba280696e7e311177aeac9a3da99e3498a460086e089d2ff27e52c3643b1b2b68018d5f72a715d54a4691d9a37026c5ba7acdbf3121984f8e64da529d34e8c82dc55f1d8c3b18f66ef31b1ca9ca9340207b3448628a88c0a980a6d731f3cdc5d970764cd57e8edf504107f8604c4d3ea9575144581b8b0335df4401feb4a079a01f07abb5aae926dededcdee9eafefcff9b6c7cd9eebf498d891825214786488d3ebe5f7974ae76ac1205636af5d0619f32b801caaad83d5e5491d87aff97589d17323000a0dbe6564b3641a50a54222210033fadb49e3075f15efe4c7496959d30a8845918160411cf1763cb653f3040f17f88d2f9cec57105a8278c739ac0f5b80521c5225ba7be4d29dc5c319ead0a0127b0ec5345396fd922e69f8d575038b04501ccd94605505af41b69445866e7d616ec6f7c731355110072b163d859d530719bcda41fc67dd6e88edc628be4e8bce295f5df5ae23025c3bec7c3c1467a0d722dcd62d4736c35fd3621a2adabb89611675bba5b86f129c590999cbbc45efcdde683db413a2cdb9efe850c98ae2c1b5c57853e423dc6964088abc9403c9830c02f128a28ac52d65db825edad6336377919ee6c5b807ab837c4d8febc603a6331cbe3a0cab5f2c7140ca9f462a9f81bb9232c1fb22c1108c4eb7aa68dacfc7011948221ad1e182d62352ff2eb724c1a747203e1349ba67087695f9995ed3ebed1d8196b9c58d8b0276d752f05c2530c5cf8f0178e0a2f9a3440e216fa56ef76d76070ee70d34b7027e3921e3721454392ee63db2bd6f7fa0141d311", 0x1000, 0x7ff000, 0x0, 0x85d2f347a33af6ed, r8}, &(0x7f0000001600)) sendmsg$nl_generic(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x7bdf8d84689988ef}, 0xc, &(0x7f00000003c0)={&(0x7f0000000280)={0x11c, 0x1b, 0x200, 0xba5, 0x25dfdbff, {0xe}, [@nested={0x106, 0x26, 0x0, 0x1, [@typed={0xc, 0x94, 0x0, 0x0, @u64=0x3}, @generic="2283ecc3aa2f916012041d801eac9e67c76c9f82ba3f5a5e249e1f9b5e3676227a2b6ab9a990868b95325fa6832bae542c6c22a6c42a10337029e5dbe45df862a38ee13f92ce95c1ea4cb8564df7cb7cba7f706c0b9d6212e9fef453ce4f42afdfb025b2a6ab31d5726d50b1bb7329a71a7372c14ad06778e4829bd03b66d4f6a20caff94d44fdb69d11c8677e663fb44f711853ddfd036c68a42fbbd6b6c1852e7d36ba4006cd7529cfa329d44ab4ff0730cd19ab68f56d7a0e2901ec1139dd184611ad77ed8d5bbccdeffb0e5c093ba4e6668049688ff9f65f4145cd1974333aad7c22639e", @typed={0xf, 0x73, 0x0, 0x0, @str='/dev/hwrng\x00'}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x796165df851a902e}, 0x800) r9 = dup(0xffffffffffffffff) setsockopt$packet_int(r9, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) ioctl$EVIOCGPROP(r9, 0x80404509, &(0x7f0000001c00)=""/4096) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x7, 0x1, 0x200, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0xa}, ["", "", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0xe8bca238def29b64}, 0x8000040) [ 3301.024183] Task in /syz0 killed as a result of limit of /syz0 [ 3301.031046] memory: usage 307188kB, limit 307200kB, failcnt 3221 15:04:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x42040000, 0x500) [ 3301.066609] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.097198] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.146452] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3301.221042] Memory cgroup out of memory: Kill process 17512 (syz-executor.0) score 1103 or sacrifice child [ 3301.268300] Killed process 17512 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3301.296552] oom_reaper: reaped process 17512 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 15:04:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b47, &(0x7f0000000040)) 15:04:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b34, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b63, &(0x7f0000000040)={0x0, 0x0}) 15:04:11 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x59f, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x43040000, 0x500) 15:04:11 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x204002, 0x0) write$FUSE_NOTIFY_POLL(r1, &(0x7f00000001c0)={0x18}, 0x18) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r2}], 0x1, &(0x7f0000000280), 0x0, 0x0) ioctl$UI_SET_MSCBIT(r2, 0x40045568, 0x26) r3 = dup(0xffffffffffffffff) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) ioctl$SNDRV_PCM_IOCTL_HW_REFINE_OLD(r3, 0xc1004110, &(0x7f0000000000)={0x473, [0x1, 0x296], [{0x80, 0x9b2, 0x0, 0x0, 0x1, 0x1}, {0x65, 0x2, 0x0, 0x1, 0x1}, {0xe2, 0x9}, {0x200, 0x10000, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x8, 0xffff, 0x0, 0x1, 0x1, 0x1}, {0x3, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1, 0xfffffffb, 0x1, 0x1, 0x0, 0x1}, {0x6, 0x4, 0x1}, {0x3e0, 0x2, 0x1, 0x1, 0x1}, {0x401, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x8001, 0x40, 0x0, 0x1}], 0x40}) 15:04:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b64, &(0x7f0000000040)={0x0, 0x0}) 15:04:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b35, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3301.502799] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3301.530636] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3301.558321] CPU: 0 PID: 17557 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3301.566155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3301.575515] Call Trace: [ 3301.578124] dump_stack+0x197/0x210 [ 3301.581766] dump_header+0x15e/0xa55 [ 3301.585492] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3301.590605] ? ___ratelimit+0x60/0x595 [ 3301.594500] ? do_raw_spin_unlock+0x181/0x270 [ 3301.599007] oom_kill_process.cold+0x10/0x6ef [ 3301.603512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3301.609055] ? task_will_free_mem+0x139/0x6e0 [ 3301.613654] out_of_memory+0x362/0x1330 [ 3301.617642] ? lock_downgrade+0x880/0x880 [ 3301.621799] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3301.626911] ? oom_killer_disable+0x280/0x280 [ 3301.631418] ? find_held_lock+0x35/0x130 [ 3301.635497] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3301.640351] ? memcg_event_wake+0x230/0x230 [ 3301.644687] ? do_raw_spin_unlock+0x181/0x270 [ 3301.649191] ? _raw_spin_unlock+0x2d/0x50 [ 3301.653346] try_charge+0xec5/0x1490 [ 3301.657078] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3301.661942] ? lock_downgrade+0x880/0x880 [ 3301.666104] ? kasan_check_read+0x11/0x20 [ 3301.670616] memcg_kmem_charge_memcg+0x83/0x170 [ 3301.675296] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3301.679807] ? __isolate_free_page+0x4c0/0x4c0 [ 3301.684398] memcg_kmem_charge+0x13b/0x370 [ 3301.688648] __alloc_pages_nodemask+0x3c3/0x750 [ 3301.693346] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3301.698392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3301.703954] ? vma_set_page_prot+0x18c/0x240 [ 3301.708384] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3301.713414] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3301.719056] alloc_pages_current+0x107/0x210 [ 3301.723485] pte_alloc_one+0x1b/0x1a0 [ 3301.727296] __pte_alloc+0x2a/0x360 [ 3301.730935] __handle_mm_fault+0x340b/0x3f80 [ 3301.735370] ? copy_page_range+0x2030/0x2030 [ 3301.739896] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3301.744580] handle_mm_fault+0x1b5/0x690 [ 3301.748654] __do_page_fault+0x62a/0xe90 [ 3301.752729] ? vmalloc_fault+0x740/0x740 [ 3301.756812] ? trace_hardirqs_off_caller+0x65/0x220 [ 3301.761845] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3301.766784] ? page_fault+0x8/0x30 [ 3301.770339] do_page_fault+0x71/0x57d [ 3301.774172] ? page_fault+0x8/0x30 [ 3301.777721] page_fault+0x1e/0x30 [ 3301.781184] RIP: 0033:0x41273f [ 3301.784382] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 3301.803378] RSP: 002b:00007ffe60373840 EFLAGS: 00010206 15:04:11 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3301.808751] RAX: 00007f1c50bd4000 RBX: 0000000000020000 RCX: 000000000045af9a [ 3301.816026] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 3301.823324] RBP: 00007ffe60373920 R08: ffffffffffffffff R09: 0000000000000000 [ 3301.830611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe60373a10 [ 3301.837982] R13: 00007f1c50bf4700 R14: 0000000000000001 R15: 000000000075bfd4 15:04:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b36, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x44040000, 0x500) 15:04:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b65, &(0x7f0000000040)={0x0, 0x0}) [ 3301.911854] Task in /syz0 killed as a result of limit of /syz0 [ 3301.928832] memory: usage 307200kB, limit 307200kB, failcnt 3240 [ 3301.939655] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.952879] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3301.994156] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:152KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3302.037452] Memory cgroup out of memory: Kill process 17557 (syz-executor.0) score 1103 or sacrifice child [ 3302.077881] Killed process 17557 (syz-executor.0) total-vm:72720kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b48, &(0x7f0000000040)) 15:04:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x45040000, 0x500) 15:04:11 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b66, &(0x7f0000000040)={0x0, 0x0}) [ 3302.128685] oom_reaper: reaped process 17557 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3302.310741] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3302.343908] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3302.356488] CPU: 0 PID: 17585 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3302.364327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3302.373701] Call Trace: [ 3302.376303] dump_stack+0x197/0x210 [ 3302.379950] dump_header+0x15e/0xa55 [ 3302.383681] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3302.388802] ? ___ratelimit+0x60/0x595 [ 3302.392784] ? do_raw_spin_unlock+0x181/0x270 [ 3302.397294] oom_kill_process.cold+0x10/0x6ef [ 3302.401813] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3302.407360] ? task_will_free_mem+0x139/0x6e0 [ 3302.411873] out_of_memory+0x362/0x1330 [ 3302.415859] ? lock_downgrade+0x880/0x880 [ 3302.420014] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3302.425125] ? oom_killer_disable+0x280/0x280 [ 3302.429625] ? find_held_lock+0x35/0x130 [ 3302.433709] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3302.438649] ? memcg_event_wake+0x230/0x230 [ 3302.442983] ? do_raw_spin_unlock+0x181/0x270 [ 3302.447487] ? _raw_spin_unlock+0x2d/0x50 [ 3302.451647] try_charge+0xec5/0x1490 [ 3302.455369] ? lock_downgrade+0x880/0x880 [ 3302.459532] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3302.464387] ? rcu_read_unlock+0x33/0x60 [ 3302.468454] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3302.473307] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3302.479387] mem_cgroup_try_charge+0x259/0x6b0 [ 3302.483983] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3302.488922] wp_page_copy+0x430/0x16a0 [ 3302.492829] ? follow_pfn+0x2a0/0x2a0 [ 3302.496652] ? do_raw_spin_unlock+0x181/0x270 [ 3302.501174] do_wp_page+0x57d/0x10b0 [ 3302.505003] ? lock_acquire+0x16f/0x3f0 [ 3302.508991] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3302.513669] ? kasan_check_write+0x14/0x20 [ 3302.517917] ? do_raw_spin_lock+0xd7/0x250 [ 3302.522191] __handle_mm_fault+0x2305/0x3f80 [ 3302.526638] ? copy_page_range+0x2030/0x2030 [ 3302.531083] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3302.535767] handle_mm_fault+0x1b5/0x690 [ 3302.539841] __do_page_fault+0x62a/0xe90 [ 3302.543934] ? vmalloc_fault+0x740/0x740 [ 3302.548012] ? trace_hardirqs_off_caller+0x65/0x220 [ 3302.553045] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3302.557984] ? page_fault+0x8/0x30 [ 3302.561564] do_page_fault+0x71/0x57d [ 3302.565381] ? page_fault+0x8/0x30 [ 3302.568932] page_fault+0x1e/0x30 [ 3302.572389] RIP: 0033:0x40ff98 [ 3302.575592] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3302.595551] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3302.600917] RAX: 00000000d98a1dd1 RBX: 00000000a433242e RCX: 0000001b32720000 [ 3302.608196] RDX: 0000000000000000 RSI: 0000000000001dd1 RDI: ffffffffd98a1dd1 [ 3302.615476] RBP: 0000000000000016 R08: 00000000d98a1dd1 R09: 00000000d98a1dd5 [ 3302.623027] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3302.630307] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000016 [ 3302.908147] Task in /syz0 killed as a result of limit of /syz0 [ 3302.914357] memory: usage 307200kB, limit 307200kB, failcnt 3268 [ 3302.928106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3302.944924] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3302.958139] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3303.000708] Memory cgroup out of memory: Kill process 17585 (syz-executor.0) score 1103 or sacrifice child [ 3303.022721] Killed process 17585 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3303.050040] oom_reaper: reaped process 17585 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a1, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x46040000, 0x500) 15:04:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x0, 0x0}) 15:04:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)) 15:04:13 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) ioctl$FBIOBLANK(r1, 0x4611, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1004a814}, 0x0) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r2}], 0x1, &(0x7f0000000280), 0x0, 0x0) r3 = dup(0xffffffffffffffff) setsockopt$packet_int(r3, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) r4 = syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x64241fd42556df48, r4) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080)='NLBL_CALIPSO\x00') ppoll(&(0x7f0000000200)=[{r5}], 0x1, &(0x7f0000000280), 0x0, 0x0) r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r6}], 0x1, &(0x7f0000000280), 0x0, 0x0) r7 = socket(0x10, 0x2, 0x0) sendto(r7, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="280000002200290000000064dccf850004000000b92f354f04b0e8e03283a663487d3f6dfe733d447ecaaee815b3521ade407ee5af3915f3220700680000009bfe1f0600000000000000e8d37c00a8096495fd5c9de023f102fe25a5096f3583e2e06b0782978369c6ce2b8a3cc5486a59bbe4c38a9e947c638bcc504128d12567131fd09aa776589dc666dda42c073a3e2c8e66eb3ca1532e0d8c6ea4de19b56877666c83", @ANYPTR64=&(0x7f0000000400)=ANY=[@ANYRESHEX, @ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYPTR, @ANYPTR64, @ANYPTR, @ANYRESDEC=r0, @ANYRES32=r3, @ANYRES32=r1, @ANYRES64=r3], @ANYPTR=&(0x7f0000000b00)=ANY=[@ANYBLOB="95cd18813ec107295026df01fd1273f6afdb1367fa7b24bd80bfe4547a34054a7567c76439b88d57046988090dc4ff265639e415a26065095551bbd3ea2df274c0ef9b6fbd09ccce349f7a2a5ef8656e9bdc445bcf2d91a2cbae1acbc30a7c1568dd99a7d231e18a41377c1008878cf8064bab1b4c4a79000000000000000000", @ANYPTR, @ANYRES64=r4, @ANYRES16=r5, @ANYBLOB="a5557a7d5314f0b85d3e7b644a872b3557616e92427cd278122a143006aedea8dc88207a3f6f10b381aea71b466d496e2f29f3aeac310b750a0b8dc3c9a1462eeab28e2bbea283dbf31cf25e77ba5166018ce68fcd6739d8328086949bd0518da470065b3db9f9fc14b935be6d56695df8ff1ef524642e80ecc43d31e6da6fdff4b5084cbb9b8bdbdb3ece3091dff50f49c4a86ab623c79ad2d141130a15602adce5d8c0a22a269f1830c056750fc5ec34ff91e5a580ab45ebb1a64f29b68da72701f4e7885317ae65ad7cdb85686dddde9c03817fbf3e7d025bdb2af85cd1cfd706493fa550fbe367445e8b024472636a15de46515ab7182daebd28e3f560fc4629a51ff2bc8372270bef4181d65c1324f8eba1e106de2a606ef4370662c4d4e7bf24fe6e1d47b0aa33d7224dc9b8dcff3a733d267cb69ed136db0895181d74b1641cd41e4cfcb1422aa84db7f051bf4c9a3b48ca74ae3cbeeb79eed42df047d6", @ANYRES64=r7, @ANYPTR64, @ANYBLOB="39f05c8fdcb10e5c09c732da0d54d02f4954e92aec9176c13ad99a185a2cce4cbee465f7acc6d1e8d871df15b9c7a4c4a8c4994345a55988b38b2bbff1e191f99c1c013a030ffba65015d55253d0651106bc4ae094cffa315ff18a0af22981542891c738fda800af574200ad9575f3f16dc07c15baf2ea00fb96929b14bbb84a0814e09442b1fec4ccf6184237b12beee7f910bc1b242b0dabb1a0f7ac10e1badb23b695d95b184b4f6075eafff9508bfa123ec6cbe95e711c49741bacae6621a4fae2ca1202d7960051207a712bf82865d8d161b07d62263931ec0b63723173d7d9adac2ebb1bc4a711fc67bcef5a61f15374256a555397d2b99a"], @ANYRESHEX=r6, @ANYBLOB="2e03b6e0f63c9d61142dca6318d06e55798661c791571f68d6891f7e0332a29a9814ea3b5350c53d233920a14781cbb4597a08ddba52c63dcd98808e9e564255071baabeae68b1a6e2d52ec45edf0f59dd97fb60d2ef2ba3d12e4bc7aa", @ANYRESOCT=0x0, @ANYRESOCT]], 0x2}, 0x1, 0xfdffffff00000000}, 0x8000) 15:04:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, &(0x7f0000000040)={0x0, 0x0}) 15:04:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x47040000, 0x500) [ 3303.694491] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3303.773565] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3303.779638] CPU: 0 PID: 17601 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3303.787459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3303.796829] Call Trace: [ 3303.799437] dump_stack+0x197/0x210 [ 3303.803092] dump_header+0x15e/0xa55 [ 3303.806826] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3303.812113] ? ___ratelimit+0x60/0x595 [ 3303.816014] ? do_raw_spin_unlock+0x181/0x270 [ 3303.820537] oom_kill_process.cold+0x10/0x6ef [ 3303.825258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3303.830823] ? task_will_free_mem+0x139/0x6e0 [ 3303.835348] out_of_memory+0x362/0x1330 [ 3303.839882] ? lock_downgrade+0x880/0x880 [ 3303.844050] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3303.849288] ? oom_killer_disable+0x280/0x280 [ 3303.853797] ? find_held_lock+0x35/0x130 [ 3303.857886] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3303.862742] ? memcg_event_wake+0x230/0x230 [ 3303.867079] ? do_raw_spin_unlock+0x181/0x270 [ 3303.871674] ? _raw_spin_unlock+0x2d/0x50 [ 3303.875837] try_charge+0xec5/0x1490 [ 3303.879562] ? lock_downgrade+0x880/0x880 [ 3303.883725] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3303.888584] ? rcu_read_unlock+0x33/0x60 [ 3303.892651] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3303.897788] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3303.903865] mem_cgroup_try_charge+0x259/0x6b0 [ 3303.908500] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3303.913442] wp_page_copy+0x430/0x16a0 [ 3303.917353] ? follow_pfn+0x2a0/0x2a0 [ 3303.921165] ? do_raw_spin_unlock+0x181/0x270 [ 3303.925673] do_wp_page+0x57d/0x10b0 [ 3303.929403] ? lock_acquire+0x16f/0x3f0 [ 3303.933388] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3303.938067] ? kasan_check_write+0x14/0x20 [ 3303.942309] ? do_raw_spin_lock+0xd7/0x250 [ 3303.946562] __handle_mm_fault+0x2305/0x3f80 [ 3303.950986] ? copy_page_range+0x2030/0x2030 [ 3303.955427] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3303.960111] handle_mm_fault+0x1b5/0x690 [ 3303.964186] __do_page_fault+0x62a/0xe90 [ 3303.968266] ? vmalloc_fault+0x740/0x740 [ 3303.972457] ? trace_hardirqs_off_caller+0x65/0x220 [ 3303.977495] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3303.982440] ? page_fault+0x8/0x30 [ 3303.986006] do_page_fault+0x71/0x57d [ 3303.989818] ? page_fault+0x8/0x30 [ 3303.993369] page_fault+0x1e/0x30 [ 3303.996833] RIP: 0033:0x40ff98 [ 3304.000036] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3304.021988] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3304.027362] RAX: 00000000d98a1dd1 RBX: 00000000a433242e RCX: 0000001b32720000 [ 3304.034642] RDX: 0000000000000000 RSI: 0000000000001dd1 RDI: ffffffffd98a1dd1 [ 3304.041920] RBP: 0000000000000016 R08: 00000000d98a1dd1 R09: 00000000d98a1dd5 [ 3304.049204] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3304.056572] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000016 [ 3304.072354] Task in /syz0 killed as a result of limit of /syz0 15:04:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x48040000, 0x500) 15:04:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b3d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3304.095856] memory: usage 307200kB, limit 307200kB, failcnt 3300 [ 3304.126140] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b69, &(0x7f0000000040)={0x0, 0x0}) [ 3304.160037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3304.194453] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:13 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a2, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b40, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6a, &(0x7f0000000040)={0x0, 0x0}) [ 3304.277278] Memory cgroup out of memory: Kill process 17601 (syz-executor.0) score 1103 or sacrifice child 15:04:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x49040000, 0x500) [ 3304.357620] Killed process 17601 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3304.428057] oom_reaper: reaped process 17601 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4a, &(0x7f0000000040)) 15:04:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b41, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6b, &(0x7f0000000040)={0x0, 0x0}) 15:04:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4a040000, 0x500) 15:04:14 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a3, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:14 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000002200290800000000000000000400000094001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) ioctl$RTC_PLL_SET(0xffffffffffffffff, 0x40207012, &(0x7f0000000000)={0x3, 0x0, 0xc9f6, 0x3, 0xffff, 0x7fffffff, 0x1}) [ 3305.061864] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3305.069574] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4b040000, 0x500) 15:04:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6c, &(0x7f0000000040)={0x0, 0x0}) [ 3305.129926] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3305.135385] CPU: 0 PID: 17648 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3305.143193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3305.152562] Call Trace: [ 3305.155173] dump_stack+0x197/0x210 [ 3305.158818] dump_header+0x15e/0xa55 [ 3305.162550] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3305.167667] ? ___ratelimit+0x60/0x595 [ 3305.171567] ? do_raw_spin_unlock+0x181/0x270 [ 3305.176083] oom_kill_process.cold+0x10/0x6ef [ 3305.180597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3305.186264] ? task_will_free_mem+0x139/0x6e0 [ 3305.190902] out_of_memory+0x362/0x1330 [ 3305.194900] ? lock_downgrade+0x880/0x880 [ 3305.199072] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3305.204192] ? oom_killer_disable+0x280/0x280 [ 3305.208710] ? find_held_lock+0x35/0x130 [ 3305.212976] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3305.217951] ? memcg_event_wake+0x230/0x230 [ 3305.222296] ? do_raw_spin_unlock+0x181/0x270 [ 3305.226811] ? _raw_spin_unlock+0x2d/0x50 [ 3305.231013] try_charge+0xec5/0x1490 [ 3305.234765] ? lock_downgrade+0x880/0x880 [ 3305.238943] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3305.243809] ? rcu_read_unlock+0x33/0x60 [ 3305.247893] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3305.252764] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3305.258851] mem_cgroup_try_charge+0x259/0x6b0 [ 3305.263480] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3305.268441] wp_page_copy+0x430/0x16a0 [ 3305.272354] ? follow_pfn+0x2a0/0x2a0 [ 3305.276179] ? do_raw_spin_unlock+0x181/0x270 [ 3305.280708] do_wp_page+0x57d/0x10b0 [ 3305.284538] ? lock_acquire+0x16f/0x3f0 [ 3305.288538] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3305.293237] ? kasan_check_write+0x14/0x20 [ 3305.297485] ? do_raw_spin_lock+0xd7/0x250 [ 3305.301749] __handle_mm_fault+0x2305/0x3f80 [ 3305.306182] ? copy_page_range+0x2030/0x2030 [ 3305.310636] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3305.315331] handle_mm_fault+0x1b5/0x690 [ 3305.319416] __do_page_fault+0x62a/0xe90 [ 3305.323517] ? vmalloc_fault+0x740/0x740 [ 3305.327596] ? trace_hardirqs_off_caller+0x65/0x220 [ 3305.332637] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3305.337586] ? page_fault+0x8/0x30 [ 3305.341240] do_page_fault+0x71/0x57d [ 3305.345062] ? page_fault+0x8/0x30 [ 3305.348626] page_fault+0x1e/0x30 [ 3305.352092] RIP: 0033:0x40ff98 [ 3305.355300] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3305.374332] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 15:04:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b44, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3305.379709] RAX: 00000000d98a1dd1 RBX: 00000000a433242e RCX: 0000001b32720000 [ 3305.386992] RDX: 0000000000000000 RSI: 0000000000001dd1 RDI: ffffffffd98a1dd1 [ 3305.394272] RBP: 0000000000000016 R08: 00000000d98a1dd1 R09: 00000000d98a1dd5 [ 3305.401553] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3305.408834] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000016 15:04:15 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6d, &(0x7f0000000040)={0x0, 0x0}) [ 3305.449281] Task in /syz0 killed as a result of limit of /syz0 [ 3305.455501] memory: usage 307200kB, limit 307200kB, failcnt 3338 [ 3305.461786] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3305.473483] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3305.479895] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4c040000, 0x500) [ 3305.500344] Memory cgroup out of memory: Kill process 17648 (syz-executor.0) score 1103 or sacrifice child [ 3305.511129] Killed process 17648 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3305.525286] oom_reaper: reaped process 17648 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)) 15:04:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b45, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:15 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b70, &(0x7f0000000040)={0x0, 0x0}) 15:04:15 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4d040000, 0x500) [ 3305.701623] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b46, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3305.806864] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3305.828111] CPU: 1 PID: 17673 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3305.835950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3305.845330] Call Trace: [ 3305.847938] dump_stack+0x197/0x210 [ 3305.851578] dump_header+0x15e/0xa55 [ 3305.855314] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3305.860437] ? ___ratelimit+0x60/0x595 [ 3305.864340] ? do_raw_spin_unlock+0x181/0x270 [ 3305.868852] oom_kill_process.cold+0x10/0x6ef [ 3305.873371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3305.878919] ? task_will_free_mem+0x139/0x6e0 [ 3305.883438] out_of_memory+0x362/0x1330 [ 3305.887424] ? lock_downgrade+0x880/0x880 [ 3305.891589] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3305.896701] ? oom_killer_disable+0x280/0x280 [ 3305.901216] ? find_held_lock+0x35/0x130 [ 3305.905297] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3305.910151] ? memcg_event_wake+0x230/0x230 [ 3305.914490] ? do_raw_spin_unlock+0x181/0x270 [ 3305.918996] ? _raw_spin_unlock+0x2d/0x50 [ 3305.923158] try_charge+0xec5/0x1490 [ 3305.926879] ? lock_downgrade+0x880/0x880 [ 3305.931042] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3305.935900] ? rcu_read_unlock+0x33/0x60 [ 3305.939982] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3305.944850] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3305.950932] mem_cgroup_try_charge+0x259/0x6b0 [ 3305.955529] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3305.960481] wp_page_copy+0x430/0x16a0 [ 3305.964513] ? follow_pfn+0x2a0/0x2a0 [ 3305.968334] ? do_raw_spin_unlock+0x181/0x270 [ 3305.972941] do_wp_page+0x57d/0x10b0 [ 3305.976679] ? lock_acquire+0x16f/0x3f0 [ 3305.980668] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3305.985346] ? kasan_check_write+0x14/0x20 [ 3305.989604] ? do_raw_spin_lock+0xd7/0x250 [ 3305.993860] __handle_mm_fault+0x2305/0x3f80 [ 3305.998287] ? copy_page_range+0x2030/0x2030 [ 3306.002728] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3306.007409] handle_mm_fault+0x1b5/0x690 [ 3306.011488] __do_page_fault+0x62a/0xe90 [ 3306.015569] ? vmalloc_fault+0x740/0x740 [ 3306.019642] ? trace_hardirqs_off_caller+0x65/0x220 [ 3306.024667] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3306.029609] ? page_fault+0x8/0x30 [ 3306.033163] do_page_fault+0x71/0x57d [ 3306.036969] ? page_fault+0x8/0x30 [ 3306.040516] page_fault+0x1e/0x30 [ 3306.043974] RIP: 0033:0x40ff98 [ 3306.047172] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3306.066083] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3306.071455] RAX: 00000000d98a1dd1 RBX: 00000000a433242e RCX: 0000001b32720000 [ 3306.078732] RDX: 0000000000000000 RSI: 0000000000001dd1 RDI: ffffffffd98a1dd1 [ 3306.086009] RBP: 0000000000000016 R08: 00000000d98a1dd1 R09: 00000000d98a1dd5 [ 3306.093284] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3306.100564] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000016 [ 3306.447275] Task in /syz0 killed as a result of limit of /syz0 [ 3306.456776] memory: usage 307200kB, limit 307200kB, failcnt 3375 [ 3306.472195] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3306.485840] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3306.504373] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3306.528145] Memory cgroup out of memory: Kill process 17673 (syz-executor.0) score 1103 or sacrifice child [ 3306.548051] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3306.557628] Killed process 17673 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a4, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3306.601505] oom_reaper: reaped process 17673 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:16 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a5, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:16 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x60000000, 0x500) 15:04:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b71, &(0x7f0000000040)={0x0, 0x0}) 15:04:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b47, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)) 15:04:16 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="c38a0e75000000000000010000000c009900ffffffff030000400c00990000800200030000000c009900ff030000000000000c009900040000000000005bf975a648efafde00"], 0x4c}}, 0x0) sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80020000}, 0xc, &(0x7f0000000040)={&(0x7f0000000500)={0x118, r2, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac08}, @NL80211_ATTR_IE_PROBE_RESP={0xfb, 0x7f, "3f7b0c713f3eb27623f735891ef32592c3bc72e2b58ed5059a3fd4a41019fee012d59c26853d27769214094cdd63d5a876056b3dbcc6ddff075df9366dab3d7fcb934e8734a8ed56d758c7ffc3480afd877ef9d5dffd4208a8501833fca76453060331fa2c3b9b517675c7003a3108b06495d4affb53b476f81a79b0d4b101e49c9b75cd99be78b2fdd4dcfd45d6f3b7a639227f4f693c40a7711a11e108ee80030bb9de07ce121260be8f525a0da74ada0aa1388b36193c19856cbc0817b3744a9d44d308f41ec5adbc37e9d6aa84c31dd14458678d89566a59f5aea566441734bbe1b812ce44895b71d0086d4ce2bcf801dcef8f4eae"}]}, 0x118}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000000) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x1c, 0x22, 0x400, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x8, 0x11, 0x0, 0x0, @u32=0x80000000}]}, 0x1c}, 0x1, 0xfdffffff00000000, 0x0, 0x40}, 0x0) [ 3307.253953] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b72, &(0x7f0000000040)={0x0, 0x0}) 15:04:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b48, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3307.336451] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3307.368099] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3307.373620] CPU: 0 PID: 17693 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3307.381427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3307.390799] Call Trace: [ 3307.393406] dump_stack+0x197/0x210 [ 3307.397060] dump_header+0x15e/0xa55 [ 3307.400793] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3307.405930] ? ___ratelimit+0x60/0x595 [ 3307.409836] ? do_raw_spin_unlock+0x181/0x270 [ 3307.414352] oom_kill_process.cold+0x10/0x6ef [ 3307.418874] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3307.424421] ? task_will_free_mem+0x139/0x6e0 [ 3307.428954] out_of_memory+0x362/0x1330 [ 3307.432947] ? lock_downgrade+0x880/0x880 [ 3307.437108] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3307.442225] ? oom_killer_disable+0x280/0x280 [ 3307.446735] ? find_held_lock+0x35/0x130 [ 3307.450828] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3307.455689] ? memcg_event_wake+0x230/0x230 [ 3307.460028] ? do_raw_spin_unlock+0x181/0x270 [ 3307.464535] ? _raw_spin_unlock+0x2d/0x50 [ 3307.468693] try_charge+0xec5/0x1490 [ 3307.472421] ? lock_downgrade+0x880/0x880 [ 3307.476587] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3307.481438] ? rcu_read_unlock+0x33/0x60 [ 3307.485505] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3307.490358] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3307.496432] mem_cgroup_try_charge+0x259/0x6b0 [ 3307.501033] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3307.505980] wp_page_copy+0x430/0x16a0 [ 3307.509886] ? follow_pfn+0x2a0/0x2a0 [ 3307.513707] ? do_raw_spin_unlock+0x181/0x270 [ 3307.518214] do_wp_page+0x57d/0x10b0 [ 3307.521948] ? lock_acquire+0x16f/0x3f0 [ 3307.525932] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3307.530612] ? kasan_check_write+0x14/0x20 [ 3307.534850] ? do_raw_spin_lock+0xd7/0x250 [ 3307.539100] __handle_mm_fault+0x2305/0x3f80 [ 3307.543521] ? copy_page_range+0x2030/0x2030 [ 3307.547955] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3307.552634] handle_mm_fault+0x1b5/0x690 [ 3307.556711] __do_page_fault+0x62a/0xe90 [ 3307.560788] ? vmalloc_fault+0x740/0x740 [ 3307.564857] ? trace_hardirqs_off_caller+0x65/0x220 [ 3307.569903] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3307.574839] ? page_fault+0x8/0x30 [ 3307.578393] do_page_fault+0x71/0x57d [ 3307.582214] ? page_fault+0x8/0x30 [ 3307.585767] page_fault+0x1e/0x30 [ 3307.589232] RIP: 0033:0x40ff98 [ 3307.592431] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3307.611336] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 [ 3307.616707] RAX: 00000000d98a1dd1 RBX: 00000000a433242e RCX: 0000001b32720000 [ 3307.623980] RDX: 0000000000000000 RSI: 0000000000001dd1 RDI: ffffffffd98a1dd1 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfa, &(0x7f0000000040)={0x0, 0x0}) [ 3307.631254] RBP: 0000000000000016 R08: 00000000d98a1dd1 R09: 00000000d98a1dd5 [ 3307.638530] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3307.645802] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000016 [ 3307.660096] Task in /syz0 killed as a result of limit of /syz0 15:04:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6b6b6b00, 0x500) [ 3307.689511] memory: usage 307200kB, limit 307200kB, failcnt 3391 [ 3307.719210] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b49, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfb, &(0x7f0000000040)={0x0, 0x0}) 15:04:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a6, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3307.752585] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3307.781485] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:136KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5409, &(0x7f0000000040)={0x0, 0x0}) [ 3307.878234] Memory cgroup out of memory: Kill process 17693 (syz-executor.0) score 1103 or sacrifice child [ 3307.898694] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 15:04:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x8cffffff, 0x500) [ 3307.951561] Killed process 17693 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)) [ 3308.083010] oom_reaper: reaped process 17693 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:17 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000022002908000000000000000004000000140011002c1d45b84dc8b1727ee6e3f677544427961c42085e1fe8d28f3f6089023d4fd5b5e8f913fdd2a7195500000000000000009b1a58ef1cc4555bfcba46da3046f216945c48b883879145546a9f49ac0d69f415b72a8f74a763b1e5af72434abf30d2c04fe507fe00"/138], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540b, &(0x7f0000000040)={0x0, 0x0}) 15:04:17 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a7, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xc0ed0000, 0x500) 15:04:17 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540c, &(0x7f0000000040)={0x0, 0x0}) [ 3308.242028] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3308.285002] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3308.328094] CPU: 1 PID: 17737 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3308.335939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3308.345303] Call Trace: [ 3308.347909] dump_stack+0x197/0x210 [ 3308.350631] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing [ 3308.351586] dump_header+0x15e/0xa55 [ 3308.351607] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3308.351620] ? ___ratelimit+0x60/0x595 [ 3308.351638] ? do_raw_spin_unlock+0x181/0x270 [ 3308.375173] oom_kill_process.cold+0x10/0x6ef [ 3308.379690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3308.385250] ? task_will_free_mem+0x139/0x6e0 [ 3308.389791] out_of_memory+0x362/0x1330 [ 3308.393853] ? lock_downgrade+0x880/0x880 [ 3308.398047] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3308.403172] ? oom_killer_disable+0x280/0x280 [ 3308.407689] ? find_held_lock+0x35/0x130 [ 3308.411783] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3308.416651] ? memcg_event_wake+0x230/0x230 [ 3308.420994] ? do_raw_spin_unlock+0x181/0x270 [ 3308.425506] ? _raw_spin_unlock+0x2d/0x50 [ 3308.429671] try_charge+0xec5/0x1490 [ 3308.433404] ? lock_downgrade+0x880/0x880 [ 3308.437575] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3308.442537] ? rcu_read_unlock+0x33/0x60 [ 3308.446608] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3308.451464] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3308.457543] mem_cgroup_try_charge+0x259/0x6b0 [ 3308.462147] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3308.467098] wp_page_copy+0x430/0x16a0 [ 3308.471002] ? follow_pfn+0x2a0/0x2a0 [ 3308.474823] ? do_raw_spin_unlock+0x181/0x270 [ 3308.479354] do_wp_page+0x57d/0x10b0 [ 3308.483085] ? lock_acquire+0x16f/0x3f0 [ 3308.487069] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3308.491752] ? kasan_check_write+0x14/0x20 [ 3308.495994] ? do_raw_spin_lock+0xd7/0x250 [ 3308.500245] __handle_mm_fault+0x2305/0x3f80 [ 3308.504670] ? copy_page_range+0x2030/0x2030 [ 3308.509108] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3308.513800] handle_mm_fault+0x1b5/0x690 [ 3308.517879] __do_page_fault+0x62a/0xe90 [ 3308.521962] ? vmalloc_fault+0x740/0x740 15:04:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3308.526034] ? trace_hardirqs_off_caller+0x65/0x220 [ 3308.531064] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3308.536005] ? page_fault+0x8/0x30 [ 3308.539650] do_page_fault+0x71/0x57d [ 3308.543475] ? page_fault+0x8/0x30 [ 3308.547030] page_fault+0x1e/0x30 [ 3308.550512] RIP: 0033:0x40ff98 [ 3308.553710] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3308.572624] RSP: 002b:00007ffe60373860 EFLAGS: 00010246 15:04:18 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540d, &(0x7f0000000040)={0x0, 0x0}) [ 3308.577994] RAX: 000000009cbbf6b7 RBX: 00000000a709c79f RCX: 0000001b32720000 [ 3308.585272] RDX: 0000000000000000 RSI: 00000000000016b7 RDI: ffffffff9cbbf6b7 [ 3308.592550] RBP: 0000000000000005 R08: 000000009cbbf6b7 R09: 000000009cbbf6bb [ 3308.599833] R10: 00007ffe60373a00 R11: 0000000000000246 R12: 000000000075bfa8 [ 3308.607108] R13: 0000000080000000 R14: 00007f1c52c16008 R15: 0000000000000005 15:04:18 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xf5ffffff, 0x500) 15:04:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4e, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3308.718134] Task in /syz0 killed as a result of limit of /syz0 [ 3308.725532] memory: usage 307196kB, limit 307200kB, failcnt 3429 [ 3308.788891] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3308.809006] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3308.843320] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3308.885558] Memory cgroup out of memory: Kill process 17737 (syz-executor.0) score 1103 or sacrifice child [ 3308.899135] Killed process 17737 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b4e, &(0x7f0000000040)) [ 3308.947072] oom_reaper: reaped process 17737 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3309.063835] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3309.090105] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3309.128080] CPU: 0 PID: 17769 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3309.135921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3309.145280] Call Trace: [ 3309.147880] dump_stack+0x197/0x210 [ 3309.151523] dump_header+0x15e/0xa55 [ 3309.155250] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3309.160362] ? ___ratelimit+0x60/0x595 [ 3309.164252] ? do_raw_spin_unlock+0x181/0x270 [ 3309.168758] oom_kill_process.cold+0x10/0x6ef [ 3309.173266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3309.178814] ? task_will_free_mem+0x139/0x6e0 [ 3309.183325] out_of_memory+0x362/0x1330 [ 3309.187311] ? lock_downgrade+0x880/0x880 [ 3309.191727] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3309.196852] ? oom_killer_disable+0x280/0x280 [ 3309.201370] ? find_held_lock+0x35/0x130 [ 3309.205569] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3309.210428] ? memcg_event_wake+0x230/0x230 [ 3309.214764] ? do_raw_spin_unlock+0x181/0x270 [ 3309.219274] ? _raw_spin_unlock+0x2d/0x50 [ 3309.223437] try_charge+0xec5/0x1490 [ 3309.227166] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3309.232049] ? lock_downgrade+0x880/0x880 [ 3309.236208] ? kasan_check_read+0x11/0x20 [ 3309.240373] memcg_kmem_charge_memcg+0x83/0x170 [ 3309.245056] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3309.249574] ? __isolate_free_page+0x4c0/0x4c0 [ 3309.254191] memcg_kmem_charge+0x13b/0x370 [ 3309.258446] __alloc_pages_nodemask+0x3c3/0x750 [ 3309.263160] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3309.268197] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3309.272795] ? trace_hardirqs_on+0x67/0x220 [ 3309.277136] copy_process.part.0+0x3e0/0x7a30 [ 3309.281651] ? lock_downgrade+0x880/0x880 [ 3309.285812] ? migration_entry_to_page+0x320/0x320 [ 3309.290757] ? lru_cache_add+0x21c/0x590 [ 3309.294833] ? do_raw_spin_unlock+0x181/0x270 [ 3309.299339] ? _raw_spin_unlock+0x2d/0x50 [ 3309.303501] ? __cleanup_sighand+0x70/0x70 [ 3309.307768] ? __do_page_fault+0x676/0xe90 [ 3309.312016] ? find_held_lock+0x35/0x130 [ 3309.316084] ? __do_page_fault+0x676/0xe90 [ 3309.320342] _do_fork+0x257/0xfd0 [ 3309.323829] ? fork_idle+0x1d0/0x1d0 [ 3309.327581] ? up_read+0x1a/0x110 [ 3309.331050] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3309.336606] ? __do_page_fault+0x484/0xe90 [ 3309.340860] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3309.345643] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3309.350422] ? do_syscall_64+0x26/0x620 [ 3309.354412] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3309.359790] ? do_syscall_64+0x26/0x620 [ 3309.363785] __x64_sys_clone+0xbf/0x150 [ 3309.367777] do_syscall_64+0xfd/0x620 [ 3309.371587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3309.376799] RIP: 0033:0x45d919 [ 3309.380001] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3309.398915] RSP: 002b:00007ffe603737f8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3309.406633] RAX: ffffffffffffffda RBX: 00007f1c50c15700 RCX: 000000000045d919 [ 3309.413907] RDX: 00007f1c50c159d0 RSI: 00007f1c50c14db0 RDI: 00000000003d0f00 [ 3309.421182] RBP: 00007ffe60373a10 R08: 00007f1c50c15700 R09: 00007f1c50c15700 [ 3309.428456] R10: 00007f1c50c159d0 R11: 0000000000000202 R12: 0000000000000000 [ 3309.435728] R13: 00007ffe603738af R14: 00007f1c50c159c0 R15: 000000000075bf2c [ 3309.445324] Task in /syz0 killed as a result of limit of /syz0 [ 3309.452184] memory: usage 307180kB, limit 307200kB, failcnt 3437 [ 3309.459340] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3309.466299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3309.472699] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3309.494734] Memory cgroup out of memory: Kill process 17769 (syz-executor.0) score 1103 or sacrifice child [ 3309.505086] Killed process 17769 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3309.525007] oom_reaper: reaped process 17769 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:19 executing program 3: r0 = request_key(&(0x7f00000000c0)='logon\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f00000001c0)='\x00', 0xfffffffffffffffa) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="99a65f2dd2bef916fdcef425b93786f69295213831e1869a3c3ed8a8211022ebd1f11ccb37252498f5e90f082b13e533ff28048fcb31e9b6a8e06c5f", 0x3c, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540e, &(0x7f0000000040)={0x0, 0x0}) 15:04:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:19 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xf6ffffff, 0x500) 15:04:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b52, &(0x7f0000000040)) 15:04:19 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a8, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540f, &(0x7f0000000040)={0x0, 0x0}) [ 3310.125536] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:19 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfb250000, 0x500) 15:04:19 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b60, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3310.166197] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3310.182526] CPU: 1 PID: 17774 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3310.190367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3310.199730] Call Trace: [ 3310.202334] dump_stack+0x197/0x210 [ 3310.206115] dump_header+0x15e/0xa55 [ 3310.209852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3310.214970] ? ___ratelimit+0x60/0x595 [ 3310.218875] ? do_raw_spin_unlock+0x181/0x270 [ 3310.223388] oom_kill_process.cold+0x10/0x6ef [ 3310.227906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3310.233464] ? task_will_free_mem+0x139/0x6e0 [ 3310.237980] out_of_memory+0x362/0x1330 [ 3310.241975] ? lock_downgrade+0x880/0x880 [ 3310.246144] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3310.251266] ? oom_killer_disable+0x280/0x280 [ 3310.255781] ? find_held_lock+0x35/0x130 [ 3310.259867] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3310.264838] ? memcg_event_wake+0x230/0x230 [ 3310.264859] ? do_raw_spin_unlock+0x181/0x270 15:04:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b60, &(0x7f0000000040)) [ 3310.264874] ? _raw_spin_unlock+0x2d/0x50 15:04:20 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5410, &(0x7f0000000040)={0x0, 0x0}) [ 3310.264891] try_charge+0xec5/0x1490 [ 3310.264907] ? lock_downgrade+0x880/0x880 [ 3310.264930] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 15:04:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfeffffff, 0x500) [ 3310.264947] ? rcu_read_unlock+0x33/0x60 [ 3310.264960] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3310.264979] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3310.265004] mem_cgroup_try_charge+0x259/0x6b0 [ 3310.265026] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3310.265043] wp_page_copy+0x430/0x16a0 [ 3310.265084] ? follow_pfn+0x2a0/0x2a0 [ 3310.265101] ? do_raw_spin_unlock+0x181/0x270 [ 3310.265117] do_wp_page+0x57d/0x10b0 [ 3310.265135] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3310.265152] ? kasan_check_write+0x14/0x20 [ 3310.265165] ? do_raw_spin_lock+0xd7/0x250 [ 3310.265185] __handle_mm_fault+0x2305/0x3f80 [ 3310.265207] ? copy_page_range+0x2030/0x2030 [ 3310.265239] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3310.265257] handle_mm_fault+0x1b5/0x690 [ 3310.265279] __do_page_fault+0x62a/0xe90 [ 3310.265301] ? vmalloc_fault+0x740/0x740 [ 3310.265318] ? trace_hardirqs_off_caller+0x65/0x220 [ 3310.265332] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3310.265349] ? page_fault+0x8/0x30 [ 3310.265370] do_page_fault+0x71/0x57d [ 3310.265383] ? page_fault+0x8/0x30 [ 3310.265400] page_fault+0x1e/0x30 [ 3310.265411] RIP: 0033:0x432026 [ 3310.265426] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 c6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 51 64 00 85 c0 0f 84 [ 3310.265435] RSP: 002b:00007ffe60373720 EFLAGS: 00010206 [ 3310.265447] RAX: 00000000000205b1 RBX: 000000000071c640 RCX: 0000000000000121 [ 3310.265456] RDX: 0000000002867930 RSI: 0000000002867a50 RDI: 0000000000000000 [ 3310.265465] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 3310.265473] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071c698 [ 3310.265481] R13: 000000000071c698 R14: 0000000000000000 R15: 0000000000002710 [ 3310.306386] Task in /syz0 killed as a result of limit of /syz0 [ 3310.306418] memory: usage 307200kB, limit 307200kB, failcnt 3470 [ 3310.306427] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.306436] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.306442] Memory cgroup stats for /syz0: cache:8KB rss:120KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3310.306518] Memory cgroup out of memory: Kill process 17774 (syz-executor.0) score 1103 or sacrifice child [ 3310.306578] Killed process 17774 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3310.307307] oom_reaper: reaped process 17774 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 3310.424028] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3310.424038] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3310.424066] CPU: 1 PID: 17795 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3310.424075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3310.424080] Call Trace: [ 3310.424102] dump_stack+0x197/0x210 [ 3310.424123] dump_header+0x15e/0xa55 [ 3310.424142] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3310.424157] ? ___ratelimit+0x60/0x595 [ 3310.424171] ? do_raw_spin_unlock+0x181/0x270 [ 3310.424191] oom_kill_process.cold+0x10/0x6ef [ 3310.424210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3310.424225] ? task_will_free_mem+0x139/0x6e0 [ 3310.424248] out_of_memory+0x362/0x1330 [ 3310.424267] ? lock_downgrade+0x880/0x880 [ 3310.424284] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3310.424299] ? oom_killer_disable+0x280/0x280 [ 3310.424313] ? find_held_lock+0x35/0x130 [ 3310.424340] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3310.424357] ? memcg_event_wake+0x230/0x230 [ 3310.424378] ? do_raw_spin_unlock+0x181/0x270 [ 3310.424394] ? _raw_spin_unlock+0x2d/0x50 [ 3310.424412] try_charge+0xec5/0x1490 [ 3310.424428] ? lock_downgrade+0x880/0x880 [ 3310.424451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3310.424468] ? rcu_read_unlock+0x33/0x60 [ 3310.424481] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3310.424501] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3310.424526] mem_cgroup_try_charge+0x259/0x6b0 [ 3310.424548] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3310.424573] wp_page_copy+0x430/0x16a0 [ 3310.424598] ? follow_pfn+0x2a0/0x2a0 [ 3310.424617] ? do_raw_spin_unlock+0x181/0x270 [ 3310.424636] do_wp_page+0x57d/0x10b0 [ 3310.424656] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3310.424673] ? kasan_check_write+0x14/0x20 [ 3310.424687] ? do_raw_spin_lock+0xd7/0x250 [ 3310.424709] __handle_mm_fault+0x2305/0x3f80 [ 3310.424731] ? copy_page_range+0x2030/0x2030 [ 3310.424766] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3310.424786] handle_mm_fault+0x1b5/0x690 [ 3310.424809] __do_page_fault+0x62a/0xe90 [ 3310.424833] ? vmalloc_fault+0x740/0x740 [ 3310.424851] ? trace_hardirqs_off_caller+0x65/0x220 [ 3310.424866] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3310.424881] ? page_fault+0x8/0x30 [ 3310.424902] do_page_fault+0x71/0x57d [ 3310.424917] ? page_fault+0x8/0x30 [ 3310.424933] page_fault+0x1e/0x30 [ 3310.424945] RIP: 0033:0x411003 [ 3310.424961] Code: bb ae 30 00 48 89 05 ac ae 30 00 c7 05 c2 ae 30 00 01 00 00 00 48 c7 05 97 16 66 00 00 00 00 00 c7 05 95 16 66 00 00 00 00 00 05 b3 56 66 00 00 00 00 00 c3 49 c7 81 c0 02 00 00 80 26 a7 00 [ 3310.424974] RSP: 002b:00007ffe60373a88 EFLAGS: 00010202 [ 3310.424987] RAX: 0000000002866c00 RBX: 00007ffe60373a90 RCX: 0000000000a72680 [ 3310.424996] RDX: 0000000000000001 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3310.425005] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3310.425014] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3310.425023] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3310.427338] Task in /syz0 killed as a result of limit of /syz0 [ 3310.427369] memory: usage 307200kB, limit 307200kB, failcnt 3500 [ 3310.427379] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.427388] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3310.427394] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3310.427473] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3310.427531] Killed process 17795 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3310.427940] oom_reaper: reaped process 17795 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 15:04:21 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r1}], 0x1, &(0x7f0000000280), 0x0, 0x0) r2 = socket(0x10, 0x2, 0x0) sendto(r2, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={0x0, 0x3}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000080)={r3, 0x2f, "ec3fb481ab80372091ee31b4211d8b5eadbc5144e41617b18ad0a8a96188ac2cde03917fa9917dd7df8707c57af604"}, &(0x7f00000000c0)=0x37) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5412, &(0x7f0000000040)={0x0, 0x0}) 15:04:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)) 15:04:21 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xff070400, 0x500) 15:04:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5a9, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b61, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3312.021598] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3312.077452] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3312.088109] CPU: 1 PID: 17813 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3312.095942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3312.105302] Call Trace: [ 3312.107904] dump_stack+0x197/0x210 [ 3312.111548] dump_header+0x15e/0xa55 [ 3312.115279] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3312.120391] ? ___ratelimit+0x60/0x595 [ 3312.124291] ? do_raw_spin_unlock+0x181/0x270 [ 3312.128807] oom_kill_process.cold+0x10/0x6ef [ 3312.133325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3312.138886] ? task_will_free_mem+0x139/0x6e0 [ 3312.143409] out_of_memory+0x362/0x1330 [ 3312.147416] ? lock_downgrade+0x880/0x880 [ 3312.151579] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3312.156698] ? oom_killer_disable+0x280/0x280 [ 3312.161209] ? find_held_lock+0x35/0x130 [ 3312.165297] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3312.170151] ? memcg_event_wake+0x230/0x230 [ 3312.174489] ? do_raw_spin_unlock+0x181/0x270 [ 3312.178994] ? _raw_spin_unlock+0x2d/0x50 [ 3312.183167] try_charge+0xec5/0x1490 [ 3312.186897] ? lock_downgrade+0x880/0x880 [ 3312.191175] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3312.196040] ? rcu_read_unlock+0x33/0x60 [ 3312.200123] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3312.204990] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3312.211074] mem_cgroup_try_charge+0x259/0x6b0 [ 3312.215676] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3312.220620] wp_page_copy+0x430/0x16a0 [ 3312.224529] ? follow_pfn+0x2a0/0x2a0 15:04:21 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5aa, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:21 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5413, &(0x7f0000000040)={0x0, 0x0}) [ 3312.228342] ? do_raw_spin_unlock+0x181/0x270 [ 3312.232857] do_wp_page+0x57d/0x10b0 [ 3312.236591] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3312.241273] ? kasan_check_write+0x14/0x20 [ 3312.245515] ? do_raw_spin_lock+0xd7/0x250 [ 3312.249766] __handle_mm_fault+0x2305/0x3f80 [ 3312.254189] ? copy_page_range+0x2030/0x2030 [ 3312.258739] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3312.263418] handle_mm_fault+0x1b5/0x690 [ 3312.267575] __do_page_fault+0x62a/0xe90 [ 3312.271754] ? vmalloc_fault+0x740/0x740 [ 3312.275833] ? trace_hardirqs_off_caller+0x65/0x220 [ 3312.280868] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3312.285807] ? page_fault+0x8/0x30 [ 3312.289364] do_page_fault+0x71/0x57d [ 3312.293184] ? page_fault+0x8/0x30 [ 3312.296733] page_fault+0x1e/0x30 [ 3312.300196] RIP: 0033:0x411003 [ 3312.303409] Code: bb ae 30 00 48 89 05 ac ae 30 00 c7 05 c2 ae 30 00 01 00 00 00 48 c7 05 97 16 66 00 00 00 00 00 c7 05 95 16 66 00 00 00 00 00 05 b3 56 66 00 00 00 00 00 c3 49 c7 81 c0 02 00 00 80 26 a7 00 [ 3312.322324] RSP: 002b:00007ffe60373a88 EFLAGS: 00010202 15:04:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b62, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3312.327701] RAX: 0000000002866c00 RBX: 00007ffe60373a90 RCX: 0000000000a72680 [ 3312.334993] RDX: 0000000000000001 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3312.342281] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3312.349565] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3312.356848] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 15:04:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xff0f0000, 0x500) 15:04:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b63, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5414, &(0x7f0000000040)={0x0, 0x0}) [ 3312.803118] Task in /syz0 killed as a result of limit of /syz0 [ 3312.816050] memory: usage 307196kB, limit 307200kB, failcnt 3536 [ 3312.829230] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.843952] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3312.857070] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:72KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3312.898114] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3312.907928] Killed process 17813 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3312.953701] oom_reaper: reaped process 17813 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 15:04:22 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB='(\x00\x00\x00\"\x00)\b]\t\x00\x00\x00\x00'], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2105004}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x84, r1, 0x400, 0x70bd2b, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x55}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x16}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x8000}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x1}, 0x10) 15:04:22 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xffff1f00, 0x500) 15:04:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b64, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5415, &(0x7f0000000040)={0x0, 0x0}) 15:04:22 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b62, &(0x7f0000000040)) [ 3313.270326] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 15:04:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ab, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5416, &(0x7f0000000040)={0x0, 0x0}) 15:04:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b65, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3313.339019] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3313.358379] CPU: 1 PID: 17848 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3313.366234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3313.375618] Call Trace: [ 3313.378212] dump_stack+0x197/0x210 [ 3313.381839] dump_header+0x15e/0xa55 [ 3313.385545] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3313.390641] ? ___ratelimit+0x60/0x595 [ 3313.394531] ? do_raw_spin_unlock+0x181/0x270 [ 3313.399022] oom_kill_process.cold+0x10/0x6ef [ 3313.403512] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3313.409040] ? task_will_free_mem+0x139/0x6e0 [ 3313.413532] out_of_memory+0x362/0x1330 [ 3313.417501] ? lock_downgrade+0x880/0x880 [ 3313.421640] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3313.426735] ? oom_killer_disable+0x280/0x280 [ 3313.431219] ? find_held_lock+0x35/0x130 [ 3313.435277] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3313.440115] ? memcg_event_wake+0x230/0x230 [ 3313.444430] ? do_raw_spin_unlock+0x181/0x270 [ 3313.448919] ? _raw_spin_unlock+0x2d/0x50 [ 3313.453061] try_charge+0xec5/0x1490 [ 3313.456779] ? lock_downgrade+0x880/0x880 [ 3313.460922] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3313.465755] ? rcu_read_unlock+0x33/0x60 [ 3313.469825] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3313.474676] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3313.480752] mem_cgroup_try_charge+0x259/0x6b0 [ 3313.485339] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3313.490270] wp_page_copy+0x430/0x16a0 [ 3313.494158] ? follow_pfn+0x2a0/0x2a0 [ 3313.497960] ? do_raw_spin_unlock+0x181/0x270 [ 3313.502455] do_wp_page+0x57d/0x10b0 [ 3313.506164] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3313.511786] ? kasan_check_write+0x14/0x20 [ 3313.516011] ? do_raw_spin_lock+0xd7/0x250 [ 3313.520243] __handle_mm_fault+0x2305/0x3f80 [ 3313.524649] ? copy_page_range+0x2030/0x2030 [ 3313.529071] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3313.533742] handle_mm_fault+0x1b5/0x690 [ 3313.537809] __do_page_fault+0x62a/0xe90 [ 3313.541874] ? vmalloc_fault+0x740/0x740 [ 3313.545944] ? trace_hardirqs_off_caller+0x65/0x220 [ 3313.550953] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3313.555873] ? page_fault+0x8/0x30 [ 3313.559409] do_page_fault+0x71/0x57d [ 3313.563212] ? page_fault+0x8/0x30 [ 3313.566742] page_fault+0x1e/0x30 [ 3313.570186] RIP: 0033:0x411003 [ 3313.573369] Code: bb ae 30 00 48 89 05 ac ae 30 00 c7 05 c2 ae 30 00 01 00 00 00 48 c7 05 97 16 66 00 00 00 00 00 c7 05 95 16 66 00 00 00 00 00 05 b3 56 66 00 00 00 00 00 c3 49 c7 81 c0 02 00 00 80 26 a7 00 [ 3313.592277] RSP: 002b:00007ffe60373a88 EFLAGS: 00010202 [ 3313.597632] RAX: 0000000002866c00 RBX: 00007ffe60373a90 RCX: 0000000000a72680 [ 3313.604891] RDX: 0000000000000001 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3313.612180] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3313.619502] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3313.626781] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 15:04:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xffffff7f, 0x500) 15:04:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5418, &(0x7f0000000040)={0x0, 0x0}) [ 3313.698610] Task in /syz0 killed as a result of limit of /syz0 [ 3313.705876] memory: usage 307200kB, limit 307200kB, failcnt 3557 [ 3313.738439] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b66, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3313.760816] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3313.788168] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541b, &(0x7f0000000040)={0x0, 0x0}) [ 3313.836397] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3313.851994] Killed process 17848 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3313.875260] oom_reaper: reaped process 17848 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 15:04:23 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(0xffffffffffffffff) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) ioctl$USBDEVFS_CLAIM_PORT(r1, 0x80045518, &(0x7f0000000000)=0x9) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x20000, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, &(0x7f00000000c0)) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000040)) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000022002908000000000200000004000000140011009b7db07f2d75370cdd752311382ff6ec56cc2af6c8816295cf71f8cc217b3f497b308bdedf050468d85932b76d1275cc7ce8ecb0b68cd6331bf96b9410db2dd8fa963ddc7a65b6eec485134eb46779c0305708e46a3e667b7b14e809e6b0953320eafd649d20afab5572fe3c009549eca7574eca9406d89859e0cf4948a001b74405a6c5b9bc1d5e0c63f7b1b8880ed009775625432c89bff09400362d768fd5eff4141d37b9099bb1eff0d0ae96f256df580a985599f084700b18cde19a01e3d37a0bfeed01ef3bde1b824afcf1cdc9694823f1c3ba83ba39c8cde156df4f25c564b7"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b63, &(0x7f0000000040)) 15:04:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xffffff8c, 0x500) 15:04:23 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ac, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541c, &(0x7f0000000040)={0x0, 0x0}) 15:04:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:23 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541d, &(0x7f0000000040)={0x0, 0x0}) 15:04:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3314.180603] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3314.212990] syz-executor.0 cpuset=syz0 mems_allowed=0-1 15:04:23 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfffffff5, 0x500) [ 3314.231515] CPU: 0 PID: 17881 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3314.239361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3314.248729] Call Trace: [ 3314.251340] dump_stack+0x197/0x210 [ 3314.254993] dump_header+0x15e/0xa55 [ 3314.258726] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3314.263849] ? ___ratelimit+0x60/0x595 [ 3314.267755] ? do_raw_spin_unlock+0x181/0x270 [ 3314.272277] oom_kill_process.cold+0x10/0x6ef [ 3314.276799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3314.282351] ? task_will_free_mem+0x139/0x6e0 [ 3314.286877] out_of_memory+0x362/0x1330 [ 3314.290871] ? lock_downgrade+0x880/0x880 [ 3314.295041] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3314.300168] ? oom_killer_disable+0x280/0x280 [ 3314.304679] ? find_held_lock+0x35/0x130 [ 3314.308767] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3314.313627] ? memcg_event_wake+0x230/0x230 [ 3314.317968] ? do_raw_spin_unlock+0x181/0x270 [ 3314.322477] ? _raw_spin_unlock+0x2d/0x50 [ 3314.326653] try_charge+0xec5/0x1490 [ 3314.330393] ? lock_downgrade+0x880/0x880 [ 3314.334572] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3314.339429] ? rcu_read_unlock+0x33/0x60 [ 3314.343499] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3314.348355] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3314.354438] mem_cgroup_try_charge+0x259/0x6b0 [ 3314.359040] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3314.363996] wp_page_copy+0x430/0x16a0 [ 3314.367908] ? follow_pfn+0x2a0/0x2a0 [ 3314.371727] ? do_raw_spin_unlock+0x181/0x270 [ 3314.376237] do_wp_page+0x57d/0x10b0 [ 3314.379969] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3314.384648] ? kasan_check_write+0x14/0x20 [ 3314.388893] ? do_raw_spin_lock+0xd7/0x250 [ 3314.393141] __handle_mm_fault+0x2305/0x3f80 [ 3314.397561] ? copy_page_range+0x2030/0x2030 [ 3314.401995] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3314.406711] handle_mm_fault+0x1b5/0x690 [ 3314.410811] __do_page_fault+0x62a/0xe90 [ 3314.414904] ? vmalloc_fault+0x740/0x740 [ 3314.418991] ? trace_hardirqs_off_caller+0x65/0x220 [ 3314.424022] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3314.428963] ? page_fault+0x8/0x30 [ 3314.432520] do_page_fault+0x71/0x57d [ 3314.436329] ? page_fault+0x8/0x30 [ 3314.439882] page_fault+0x1e/0x30 [ 3314.443340] RIP: 0033:0x411003 [ 3314.446541] Code: bb ae 30 00 48 89 05 ac ae 30 00 c7 05 c2 ae 30 00 01 00 00 00 48 c7 05 97 16 66 00 00 00 00 00 c7 05 95 16 66 00 00 00 00 00 05 b3 56 66 00 00 00 00 00 c3 49 c7 81 c0 02 00 00 80 26 a7 00 [ 3314.465449] RSP: 002b:00007ffe60373a88 EFLAGS: 00010202 [ 3314.470824] RAX: 0000000002866c00 RBX: 00007ffe60373a90 RCX: 0000000000a72680 [ 3314.478115] RDX: 0000000000000001 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3314.485394] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3314.492674] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3314.499953] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 15:04:24 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfffffff6, 0x500) 15:04:24 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541e, &(0x7f0000000040)={0x0, 0x0}) [ 3314.585007] Task in /syz0 killed as a result of limit of /syz0 [ 3314.598323] memory: usage 307200kB, limit 307200kB, failcnt 3581 [ 3314.611293] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3314.626188] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b69, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3314.641238] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3314.702933] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3314.738538] Killed process 17881 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3314.778382] oom_reaper: reaped process 17881 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3315.457834] sysfs: cannot create duplicate filename '/class/ieee80211/›}°-u7 Ýu#8!öì' [ 3315.498272] CPU: 1 PID: 17910 Comm: syz-executor.3 Not tainted 4.19.95-syzkaller #0 [ 3315.506117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3315.515481] Call Trace: [ 3315.518093] dump_stack+0x197/0x210 [ 3315.521754] sysfs_warn_dup.cold+0x1c/0x31 [ 3315.526015] sysfs_do_create_link_sd.isra.0+0x118/0x130 [ 3315.531402] sysfs_create_link+0x65/0xc0 [ 3315.535546] device_add+0x7ce/0x1760 [ 3315.539287] ? get_device_parent.isra.0+0x570/0x570 [ 3315.544312] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.549922] wiphy_register+0x16fa/0x21d0 [ 3315.554088] ? show_schedstat+0x902/0xbb0 [ 3315.558261] ? wiphy_unregister+0xfd0/0xfd0 [ 3315.564070] ? rcu_read_lock_sched_held+0x110/0x130 [ 3315.569096] ? __kmalloc+0x5e1/0x750 [ 3315.572826] ? trace_hardirqs_on+0x67/0x220 [ 3315.579772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.585385] ? ieee80211_cs_list_valid+0x1a1/0x280 [ 3315.590367] ieee80211_register_hw+0x156e/0x3800 [ 3315.595149] ? ieee80211_ifa6_changed+0x7d0/0x7d0 [ 3315.600016] ? hrtimer_init+0x8b/0x300 [ 3315.603967] ? mac80211_hwsim_addr_match+0x200/0x200 [ 3315.609089] mac80211_hwsim_new_radio+0x1d83/0x3df0 [ 3315.614130] ? cred_has_capability+0x193/0x320 [ 3315.618938] ? hwsim_exit_net+0xc50/0xc50 [ 3315.623115] ? __mutex_lock+0xa67/0x1300 [ 3315.627216] hwsim_new_radio_nl+0x5eb/0x893 [ 3315.631552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.637103] ? security_capable+0x92/0xc0 [ 3315.641270] ? mac80211_hwsim_new_radio+0x3df0/0x3df0 [ 3315.646571] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.652128] ? nla_parse+0x1fc/0x2f0 [ 3315.656040] genl_family_rcv_msg+0x6db/0xd30 [ 3315.660469] ? genl_unregister_family+0x790/0x790 [ 3315.665328] ? __local_bh_enable_ip+0x15a/0x270 [ 3315.670096] ? __dev_queue_xmit+0x892/0x2fe0 [ 3315.674561] genl_rcv_msg+0xca/0x170 [ 3315.678292] netlink_rcv_skb+0x17d/0x460 [ 3315.682371] ? genl_family_rcv_msg+0xd30/0xd30 [ 3315.686976] ? netlink_ack+0xb30/0xb30 [ 3315.690890] genl_rcv+0x29/0x40 [ 3315.694189] netlink_unicast+0x53a/0x730 [ 3315.698272] ? netlink_attachskb+0x770/0x770 [ 3315.702690] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.708245] netlink_sendmsg+0x8ae/0xd70 [ 3315.712324] ? netlink_unicast+0x730/0x730 [ 3315.716576] ? selinux_socket_sendmsg+0x36/0x40 [ 3315.721256] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3315.726811] ? security_socket_sendmsg+0x8d/0xc0 [ 3315.731582] ? netlink_unicast+0x730/0x730 [ 3315.735844] sock_sendmsg+0xd7/0x130 [ 3315.739575] ___sys_sendmsg+0x803/0x920 [ 3315.743571] ? copy_msghdr_from_user+0x430/0x430 [ 3315.748352] ? lock_downgrade+0x880/0x880 [ 3315.752518] ? kasan_check_read+0x11/0x20 [ 3315.756682] ? __fget+0x367/0x540 [ 3315.760161] ? iterate_fd+0x360/0x360 [ 3315.764001] ? lock_downgrade+0x880/0x880 [ 3315.768184] ? __fget_light+0x1a9/0x230 [ 3315.772180] ? __fdget+0x1b/0x20 [ 3315.775564] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3315.781129] __sys_sendmsg+0x105/0x1d0 [ 3315.785035] ? __ia32_sys_shutdown+0x80/0x80 [ 3315.789473] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3315.794253] ? do_syscall_64+0x26/0x620 [ 3315.798242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3315.803616] ? do_syscall_64+0x26/0x620 [ 3315.807610] __x64_sys_sendmsg+0x78/0xb0 [ 3315.811688] do_syscall_64+0xfd/0x620 [ 3315.815505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3315.820697] RIP: 0033:0x45af49 [ 3315.823904] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:04:25 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0xc185c093ea85922f) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:25 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5421, &(0x7f0000000040)={0x0, 0x0}) 15:04:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:25 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xfffffffe, 0x500) 15:04:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b64, &(0x7f0000000040)) 15:04:25 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ad, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3315.842815] RSP: 002b:00007f47a540ec78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3315.850534] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 3315.857808] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 3315.865086] RBP: 000000000075c118 R08: 0000000000000000 R09: 0000000000000000 [ 3315.872361] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47a540f6d4 [ 3315.879634] R13: 00000000004ca9e7 R14: 00000000004e3e80 R15: 00000000ffffffff [ 3315.966323] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3316.027693] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3316.047381] CPU: 0 PID: 17917 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3316.055308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3316.064696] Call Trace: [ 3316.067310] dump_stack+0x197/0x210 [ 3316.070962] dump_header+0x15e/0xa55 [ 3316.074697] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3316.079815] ? ___ratelimit+0x60/0x595 [ 3316.083709] ? do_raw_spin_unlock+0x181/0x270 [ 3316.088219] oom_kill_process.cold+0x10/0x6ef [ 3316.092732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3316.098282] ? task_will_free_mem+0x139/0x6e0 [ 3316.102792] out_of_memory+0x362/0x1330 [ 3316.106780] ? lock_downgrade+0x880/0x880 [ 3316.110939] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3316.116574] ? oom_killer_disable+0x280/0x280 [ 3316.122054] ? find_held_lock+0x35/0x130 [ 3316.126663] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3316.131517] ? memcg_event_wake+0x230/0x230 [ 3316.135938] ? do_raw_spin_unlock+0x181/0x270 [ 3316.140439] ? _raw_spin_unlock+0x2d/0x50 [ 3316.144596] try_charge+0xec5/0x1490 [ 3316.148325] ? lock_downgrade+0x880/0x880 [ 3316.152488] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3316.157338] ? rcu_read_unlock+0x33/0x60 [ 3316.161408] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3316.166437] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3316.172514] mem_cgroup_try_charge+0x259/0x6b0 [ 3316.177111] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3316.182052] wp_page_copy+0x430/0x16a0 [ 3316.185953] ? follow_pfn+0x2a0/0x2a0 [ 3316.189770] ? do_raw_spin_unlock+0x181/0x270 [ 3316.195083] do_wp_page+0x57d/0x10b0 [ 3316.198819] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3316.203500] ? kasan_check_write+0x14/0x20 [ 3316.207744] ? do_raw_spin_lock+0xd7/0x250 [ 3316.211994] __handle_mm_fault+0x2305/0x3f80 [ 3316.216419] ? copy_page_range+0x2030/0x2030 [ 3316.220855] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3316.225542] handle_mm_fault+0x1b5/0x690 [ 3316.229617] __do_page_fault+0x62a/0xe90 [ 3316.233691] ? vmalloc_fault+0x740/0x740 [ 3316.237762] ? trace_hardirqs_off_caller+0x65/0x220 [ 3316.242791] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3316.248424] ? page_fault+0x8/0x30 [ 3316.251975] do_page_fault+0x71/0x57d [ 3316.255781] ? page_fault+0x8/0x30 [ 3316.259336] page_fault+0x1e/0x30 [ 3316.262789] RIP: 0033:0x4595f5 15:04:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:26 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5422, &(0x7f0000000040)={0x0, 0x0}) [ 3316.265997] Code: 39 2c 00 00 00 00 00 c7 05 b4 39 2c 00 01 00 00 00 74 23 66 90 48 8b 03 48 8b 50 18 48 85 d2 74 05 ff d2 48 8b 03 48 8b 5b 08 40 28 01 00 00 00 48 85 db 75 df c7 05 75 db 61 00 00 00 00 00 [ 3316.284910] RSP: 002b:00007ffe60373a90 EFLAGS: 00010202 [ 3316.290395] RAX: 0000000000a771a8 RBX: 0000000000000000 RCX: 0000000000a72680 [ 3316.297680] RDX: 0000000000000001 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3316.304961] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3316.312242] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3316.319517] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 15:04:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xedc000000000, 0x500) 15:04:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:26 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5423, &(0x7f0000000040)={0x0, 0x0}) 15:04:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3316.595742] Task in /syz0 killed as a result of limit of /syz0 [ 3316.616490] memory: usage 307200kB, limit 307200kB, failcnt 3615 [ 3316.717406] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3316.732165] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3316.758121] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3316.798151] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3316.818143] Killed process 17917 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3316.838426] oom_reaper: reaped process 17917 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 15:04:26 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000022004408000000000000000054a92ee7905e0400000014001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:26 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1000000000000, 0x500) 15:04:26 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5424, &(0x7f0000000040)={0x0, 0x0}) 15:04:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b70, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:26 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ae, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:26 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b65, &(0x7f0000000040)) [ 3317.313590] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3317.348500] syz-executor.0 cpuset=syz0 mems_allowed=0-1 15:04:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5425, &(0x7f0000000040)={0x0, 0x0}) 15:04:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2000000000000, 0x500) [ 3317.372074] CPU: 0 PID: 17948 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3317.379914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3317.389378] Call Trace: [ 3317.391986] dump_stack+0x197/0x210 [ 3317.395637] dump_header+0x15e/0xa55 [ 3317.399369] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3317.404490] ? ___ratelimit+0x60/0x595 [ 3317.408406] ? do_raw_spin_unlock+0x181/0x270 [ 3317.412936] oom_kill_process.cold+0x10/0x6ef [ 3317.417456] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3317.423013] ? task_will_free_mem+0x139/0x6e0 [ 3317.427632] out_of_memory+0x362/0x1330 [ 3317.431628] ? lock_downgrade+0x880/0x880 [ 3317.435806] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3317.440924] ? oom_killer_disable+0x280/0x280 [ 3317.445720] ? find_held_lock+0x35/0x130 [ 3317.449807] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3317.454665] ? memcg_event_wake+0x230/0x230 [ 3317.459006] ? do_raw_spin_unlock+0x181/0x270 [ 3317.463527] ? _raw_spin_unlock+0x2d/0x50 [ 3317.467705] try_charge+0xec5/0x1490 [ 3317.471461] ? lock_downgrade+0x880/0x880 [ 3317.475631] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3317.480495] ? rcu_read_unlock+0x33/0x60 [ 3317.484568] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3317.489428] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3317.495513] mem_cgroup_try_charge+0x259/0x6b0 [ 3317.500213] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3317.505158] wp_page_copy+0x430/0x16a0 [ 3317.509589] ? kasan_check_read+0x11/0x20 [ 3317.513762] ? follow_pfn+0x2a0/0x2a0 [ 3317.517583] ? do_raw_spin_unlock+0x181/0x270 15:04:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5427, &(0x7f0000000040)={0x0, 0x0}) [ 3317.522099] do_wp_page+0x57d/0x10b0 [ 3317.525836] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3317.530518] ? kasan_check_write+0x14/0x20 [ 3317.534764] ? do_raw_spin_lock+0xd7/0x250 [ 3317.539111] __handle_mm_fault+0x2305/0x3f80 [ 3317.543551] ? copy_page_range+0x2030/0x2030 [ 3317.548094] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3317.552997] handle_mm_fault+0x1b5/0x690 [ 3317.557080] __do_page_fault+0x62a/0xe90 [ 3317.561165] ? vmalloc_fault+0x740/0x740 [ 3317.565346] ? trace_hardirqs_off_caller+0x65/0x220 [ 3317.570383] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3317.575326] ? page_fault+0x8/0x30 [ 3317.578883] do_page_fault+0x71/0x57d [ 3317.582807] ? page_fault+0x8/0x30 [ 3317.586370] page_fault+0x1e/0x30 [ 3317.589842] RIP: 0033:0x40df3b [ 3317.593045] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a8 00 00 00 41 83 fe 10 75 d7 bf ee 08 4c 00 31 c0 e8 85 3e ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 3317.611957] RSP: 002b:00007ffe60373930 EFLAGS: 00010246 15:04:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5428, &(0x7f0000000040)={0x0, 0x0}) 15:04:27 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = dup(0xffffffffffffffff) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) ioctl$IOC_PR_PREEMPT_ABORT(r4, 0x401870cc, &(0x7f0000000240)={0x1, 0x7fffffff, 0x3, 0x8}) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r5}], 0x1, &(0x7f0000000280), 0x0, 0x0) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000040)={0x2, 0x0, 0x4, 0x800, 0x6, {r2, r3/1000+10000}, {0x3, 0x0, 0x3, 0x3, 0x81, 0x5, "c0202ffa"}, 0xd9, 0x0, @userptr=0x8, 0x7, 0x0, r5}) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f00000000c0)={0x6, 0x200, 0x2}, &(0x7f0000000140)=0x10) 15:04:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b71, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3317.617335] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffe603739e8 [ 3317.624849] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3317.632135] RBP: 000000000075bf2c R08: 00007ffe603739f0 R09: 0000000000760888 [ 3317.639423] R10: 0000000000439da0 R11: 000000000000000f R12: 000000000075bf20 [ 3317.646708] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 15:04:27 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5af, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4000000000000, 0x500) 15:04:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b72, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5429, &(0x7f0000000040)={0x0, 0x0}) 15:04:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3318.118060] Task in /syz0 killed as a result of limit of /syz0 [ 3318.124263] memory: usage 307200kB, limit 307200kB, failcnt 3642 [ 3318.138329] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.153157] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.166201] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3318.207027] Memory cgroup out of memory: Kill process 17948 (syz-executor.0) score 1103 or sacrifice child 15:04:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b66, &(0x7f0000000040)) 15:04:27 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5437, &(0x7f0000000040)={0x0, 0x0}) 15:04:27 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x8040000000000, 0x500) 15:04:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfb, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3318.227078] Killed process 17948 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3318.257427] oom_reaper: reaped process 17948 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:28 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5441, &(0x7f0000000040)={0x0, 0x0}) [ 3318.447694] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3318.498453] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3318.514238] CPU: 1 PID: 18000 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3318.514248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3318.514254] Call Trace: [ 3318.514275] dump_stack+0x197/0x210 [ 3318.514296] dump_header+0x15e/0xa55 [ 3318.514314] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3318.514330] ? ___ratelimit+0x60/0x595 [ 3318.514344] ? do_raw_spin_unlock+0x181/0x270 [ 3318.514364] oom_kill_process.cold+0x10/0x6ef [ 3318.514384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3318.514398] ? task_will_free_mem+0x139/0x6e0 [ 3318.514421] out_of_memory+0x362/0x1330 [ 3318.514441] ? lock_downgrade+0x880/0x880 [ 3318.514458] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3318.514474] ? oom_killer_disable+0x280/0x280 [ 3318.514488] ? find_held_lock+0x35/0x130 [ 3318.514521] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3318.514539] ? memcg_event_wake+0x230/0x230 [ 3318.514558] ? do_raw_spin_unlock+0x181/0x270 [ 3318.514574] ? _raw_spin_unlock+0x2d/0x50 [ 3318.514592] try_charge+0xec5/0x1490 [ 3318.514608] ? lock_downgrade+0x880/0x880 [ 3318.514631] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3318.514647] ? rcu_read_unlock+0x33/0x60 [ 3318.514661] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3318.514680] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3318.514705] mem_cgroup_try_charge+0x259/0x6b0 [ 3318.514727] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3318.514744] wp_page_copy+0x430/0x16a0 [ 3318.514762] ? kasan_check_read+0x11/0x20 [ 3318.514781] ? follow_pfn+0x2a0/0x2a0 [ 3318.514798] ? do_raw_spin_unlock+0x181/0x270 [ 3318.514815] do_wp_page+0x57d/0x10b0 [ 3318.514834] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3318.514849] ? kasan_check_write+0x14/0x20 [ 3318.514862] ? do_raw_spin_lock+0xd7/0x250 [ 3318.514883] __handle_mm_fault+0x2305/0x3f80 [ 3318.514903] ? copy_page_range+0x2030/0x2030 [ 3318.514937] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3318.514955] handle_mm_fault+0x1b5/0x690 [ 3318.514977] __do_page_fault+0x62a/0xe90 [ 3318.514999] ? vmalloc_fault+0x740/0x740 [ 3318.515016] ? trace_hardirqs_off_caller+0x65/0x220 [ 3318.515030] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3318.515044] ? page_fault+0x8/0x30 [ 3318.515064] do_page_fault+0x71/0x57d [ 3318.515078] ? page_fault+0x8/0x30 [ 3318.515094] page_fault+0x1e/0x30 [ 3318.515105] RIP: 0033:0x40df3b [ 3318.515120] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a8 00 00 00 41 83 fe 10 75 d7 bf ee 08 4c 00 31 c0 e8 85 3e ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 3318.515128] RSP: 002b:00007ffe60373930 EFLAGS: 00010246 [ 3318.515140] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffe603739e8 [ 3318.515149] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3318.515158] RBP: 000000000075bf2c R08: 00007ffe603739f0 R09: 0000000000760888 [ 3318.515167] R10: 0000000000439da0 R11: 000000000000000f R12: 000000000075bf20 [ 3318.515176] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 3318.516464] Task in /syz0 killed as a result of limit of /syz0 [ 3318.516491] memory: usage 307200kB, limit 307200kB, failcnt 3656 [ 3318.516505] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.516515] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3318.516521] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3318.516598] Memory cgroup out of memory: Kill process 18000 (syz-executor.0) score 1103 or sacrifice child [ 3318.516650] Killed process 18000 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3318.518769] oom_reaper: reaped process 18000 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:29 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14254cc1c5502af1c3002000ab0e000000000000"], 0x14}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5409, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000040)) 15:04:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xe000000000000, 0x500) 15:04:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5450, &(0x7f0000000040)={0x0, 0x0}) 15:04:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3319.545748] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 3319.602755] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3319.621752] CPU: 0 PID: 18006 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3319.629591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3319.638955] Call Trace: [ 3319.641558] dump_stack+0x197/0x210 [ 3319.645207] dump_header+0x15e/0xa55 [ 3319.648937] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3319.654071] ? ___ratelimit+0x60/0x595 [ 3319.657973] ? do_raw_spin_unlock+0x181/0x270 [ 3319.662491] oom_kill_process.cold+0x10/0x6ef [ 3319.667022] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3319.672573] ? task_will_free_mem+0x139/0x6e0 [ 3319.677972] out_of_memory+0x362/0x1330 [ 3319.682081] ? lock_downgrade+0x880/0x880 [ 3319.686246] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3319.691367] ? oom_killer_disable+0x280/0x280 [ 3319.695877] ? find_held_lock+0x35/0x130 [ 3319.699963] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3319.704847] ? memcg_event_wake+0x230/0x230 [ 3319.709196] ? do_raw_spin_unlock+0x181/0x270 [ 3319.713706] ? _raw_spin_unlock+0x2d/0x50 [ 3319.717873] try_charge+0xec5/0x1490 [ 3319.721608] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3319.726470] ? lock_downgrade+0x880/0x880 [ 3319.730651] ? kasan_check_read+0x11/0x20 [ 3319.734817] memcg_kmem_charge_memcg+0x83/0x170 [ 3319.739500] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3319.744016] ? __isolate_free_page+0x4c0/0x4c0 [ 3319.748614] memcg_kmem_charge+0x13b/0x370 [ 3319.752865] __alloc_pages_nodemask+0x3c3/0x750 [ 3319.757566] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3319.762615] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3319.768181] alloc_pages_current+0x107/0x210 [ 3319.772621] pte_alloc_one+0x1b/0x1a0 [ 3319.776442] __pte_alloc+0x2a/0x360 [ 3319.780201] __handle_mm_fault+0x340b/0x3f80 [ 3319.784627] ? copy_page_range+0x2030/0x2030 [ 3319.789069] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3319.793771] handle_mm_fault+0x1b5/0x690 [ 3319.797849] __do_page_fault+0x62a/0xe90 [ 3319.801942] ? vmalloc_fault+0x740/0x740 [ 3319.806022] ? trace_hardirqs_off_caller+0x65/0x220 [ 3319.811043] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3319.815979] ? page_fault+0x8/0x30 [ 3319.819534] do_page_fault+0x71/0x57d [ 3319.823354] ? page_fault+0x8/0x30 [ 3319.826913] page_fault+0x1e/0x30 [ 3319.830374] RIP: 0033:0x400644 [ 3319.833571] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b 15:04:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b1, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3319.852564] RSP: 002b:00007ffe603738f0 EFLAGS: 00010206 [ 3319.857930] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000000 [ 3319.865204] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 3319.872485] RBP: 0000000000760000 R08: 0000000000000000 R09: 0000000000000000 [ 3319.879779] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 3319.887055] R13: 00007ffe60373b10 R14: 0000000000760008 R15: 00007ffe60373b20 15:04:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5451, &(0x7f0000000040)={0x0, 0x0}) [ 3319.904142] Task in /syz0 killed as a result of limit of /syz0 15:04:29 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x40000000000000, 0x500) 15:04:29 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = dup(0xffffffffffffffff) setsockopt$packet_int(r0, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r1}], 0x1, &(0x7f0000000280), 0x0, 0x0) openat$cgroup_ro(r1, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x6, 0x0) r3 = syz_open_dev$sndseq(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x64241fd42556df48, r3) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r3], 0x1}, 0x1, 0xfdffffff00000000, 0x0, 0x41584}, 0x3e5eba24706fd673) 15:04:29 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5452, &(0x7f0000000040)={0x0, 0x0}) 15:04:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3320.098136] memory: usage 307200kB, limit 307200kB, failcnt 3684 [ 3320.098146] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.098154] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.098159] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:29 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b2, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3320.279015] Memory cgroup out of memory: Kill process 18006 (syz-executor.0) score 1103 or sacrifice child [ 3320.303709] Killed process 18006 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b68, &(0x7f0000000040)) 15:04:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6b6b6b00000000, 0x500) 15:04:30 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x880001, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x24, r3, 0xa8b81e909517552f, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x24010}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x400, 0x70bd25, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4000) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x545d, &(0x7f0000000040)={0x0, 0x0}) 15:04:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540e, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3320.326368] oom_reaper: reaped process 18006 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:30 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b3, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5460, &(0x7f0000000040)={0x0, 0x0}) 15:04:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:30 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x100000000000000, 0x500) [ 3320.579952] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 15:04:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5600, &(0x7f0000000040)={0x0, 0x0}) [ 3320.625205] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3320.639602] CPU: 0 PID: 18061 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3320.647429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3320.656788] Call Trace: [ 3320.659396] dump_stack+0x197/0x210 [ 3320.663040] dump_header+0x15e/0xa55 [ 3320.666777] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 15:04:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5410, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3320.671910] ? ___ratelimit+0x60/0x595 [ 3320.676073] ? do_raw_spin_unlock+0x181/0x270 [ 3320.680589] oom_kill_process.cold+0x10/0x6ef [ 3320.685106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3320.690660] ? task_will_free_mem+0x139/0x6e0 [ 3320.700407] out_of_memory+0x362/0x1330 [ 3320.704409] ? lock_downgrade+0x880/0x880 [ 3320.708572] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3320.713692] ? oom_killer_disable+0x280/0x280 [ 3320.718202] ? find_held_lock+0x35/0x130 [ 3320.722285] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3320.727143] ? memcg_event_wake+0x230/0x230 [ 3320.731481] ? do_raw_spin_unlock+0x181/0x270 [ 3320.735985] ? _raw_spin_unlock+0x2d/0x50 [ 3320.740149] try_charge+0xec5/0x1490 [ 3320.743880] ? lock_downgrade+0x880/0x880 [ 3320.748047] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3320.752904] ? rcu_read_unlock+0x33/0x60 [ 3320.756971] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3320.761827] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3320.768023] mem_cgroup_try_charge+0x259/0x6b0 15:04:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5412, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3320.772838] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3320.777791] wp_page_copy+0x430/0x16a0 [ 3320.781713] ? follow_pfn+0x2a0/0x2a0 [ 3320.785623] ? do_raw_spin_unlock+0x181/0x270 [ 3320.790134] do_wp_page+0x57d/0x10b0 [ 3320.793863] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3320.798548] ? kasan_check_write+0x14/0x20 [ 3320.802809] ? do_raw_spin_lock+0xd7/0x250 [ 3320.807067] __handle_mm_fault+0x2305/0x3f80 [ 3320.811494] ? copy_page_range+0x2030/0x2030 [ 3320.815932] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3320.820619] handle_mm_fault+0x1b5/0x690 [ 3320.824701] __do_page_fault+0x62a/0xe90 [ 3320.828786] ? vmalloc_fault+0x740/0x740 [ 3320.832873] ? trace_hardirqs_off_caller+0x65/0x220 [ 3320.832889] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3320.832905] ? page_fault+0x8/0x30 15:04:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b69, &(0x7f0000000040)) 15:04:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5601, &(0x7f0000000040)={0x0, 0x0}) [ 3320.832927] do_page_fault+0x71/0x57d [ 3320.832941] ? page_fault+0x8/0x30 [ 3320.832957] page_fault+0x1e/0x30 [ 3320.832968] RIP: 0033:0x410f58 [ 3320.832982] Code: 48 8b 05 63 af 30 00 48 89 08 48 8b 15 61 af 30 00 48 89 42 08 48 8b 05 46 af 30 00 48 89 05 4f af 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 17 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 3320.832991] RSP: 002b:00007ffe60373a88 EFLAGS: 00010246 [ 3320.833003] RAX: 0000000002866c00 RBX: 00007ffe60373a90 RCX: 000000000071bea0 [ 3320.833013] RDX: 0000000000410d90 RSI: 000000000071be90 RDI: 0000000002866c20 [ 3320.833021] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3320.833029] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3320.833038] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3320.913922] Task in /syz0 killed as a result of limit of /syz0 [ 3320.913954] memory: usage 307192kB, limit 307200kB, failcnt 3709 [ 3320.913964] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.913974] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.913980] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3320.914057] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3320.914118] Killed process 18061 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3320.914475] oom_reaper: reaped process 18061 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3320.969585] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3320.969595] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3320.969627] CPU: 1 PID: 18079 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3320.969637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3320.969642] Call Trace: [ 3320.969663] dump_stack+0x197/0x210 [ 3320.969685] dump_header+0x15e/0xa55 [ 3320.969703] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3320.969718] ? ___ratelimit+0x60/0x595 [ 3320.969733] ? do_raw_spin_unlock+0x181/0x270 [ 3320.969752] oom_kill_process.cold+0x10/0x6ef [ 3320.969773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3320.969787] ? task_will_free_mem+0x139/0x6e0 [ 3320.969811] out_of_memory+0x362/0x1330 [ 3320.969830] ? lock_downgrade+0x880/0x880 [ 3320.969846] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3320.969862] ? oom_killer_disable+0x280/0x280 [ 3320.969876] ? find_held_lock+0x35/0x130 [ 3320.969904] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3320.969921] ? memcg_event_wake+0x230/0x230 [ 3320.969942] ? do_raw_spin_unlock+0x181/0x270 [ 3320.969958] ? _raw_spin_unlock+0x2d/0x50 [ 3320.969975] try_charge+0xec5/0x1490 [ 3320.969992] ? lock_downgrade+0x880/0x880 [ 3320.970015] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3320.970031] ? rcu_read_unlock+0x33/0x60 [ 3320.970045] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3320.970064] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3320.970090] mem_cgroup_try_charge+0x259/0x6b0 [ 3320.970112] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3320.970129] wp_page_copy+0x430/0x16a0 [ 3320.970147] ? kasan_check_read+0x11/0x20 [ 3320.970167] ? follow_pfn+0x2a0/0x2a0 [ 3320.970186] ? do_raw_spin_unlock+0x181/0x270 [ 3320.970204] do_wp_page+0x57d/0x10b0 [ 3320.970223] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3320.970239] ? kasan_check_write+0x14/0x20 [ 3320.970252] ? do_raw_spin_lock+0xd7/0x250 [ 3320.970274] __handle_mm_fault+0x2305/0x3f80 [ 3320.970294] ? copy_page_range+0x2030/0x2030 [ 3320.970328] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3320.970353] handle_mm_fault+0x1b5/0x690 [ 3320.970375] __do_page_fault+0x62a/0xe90 [ 3320.970398] ? vmalloc_fault+0x740/0x740 [ 3320.970415] ? trace_hardirqs_off_caller+0x65/0x220 [ 3320.970429] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3320.970443] ? page_fault+0x8/0x30 [ 3320.970464] do_page_fault+0x71/0x57d [ 3320.970477] ? page_fault+0x8/0x30 [ 3320.970494] page_fault+0x1e/0x30 [ 3320.970505] RIP: 0033:0x45959b 15:04:31 executing program 3: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) r1 = socket(0x10, 0x2, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) ioctl$FICLONE(r0, 0x40049409, r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x200000000000000, 0x500) 15:04:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6a, &(0x7f0000000040)) 15:04:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b4, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3320.970520] Code: 25 20 06 00 00 b8 c0 58 41 00 48 89 15 0e f4 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 ea 39 2c 00 00 00 00 00 48 c7 05 cf 39 2c 00 00 00 00 00 [ 3320.970528] RSP: 002b:00007ffe60373a90 EFLAGS: 00010206 [ 3320.970540] RAX: 0000000000000000 RBX: 00007ffe60373a90 RCX: 00000000004158d3 [ 3320.970549] RDX: 000006f48e802589 RSI: 0000000000000018 RDI: 0000000002866c20 [ 3320.970558] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3320.970566] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 15:04:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x300000000000000, 0x500) [ 3320.970575] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3320.974249] Task in /syz0 killed as a result of limit of /syz0 15:04:31 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b5, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3320.974278] memory: usage 307200kB, limit 307200kB, failcnt 3729 [ 3320.974287] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.974296] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3320.974302] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:31 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x303000000000000, 0x500) [ 3320.974383] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3320.974423] Killed process 18079 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3320.974760] oom_reaper: reaped process 18079 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3321.874940] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3321.874951] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3321.874979] CPU: 0 PID: 18091 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3321.874989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3321.874994] Call Trace: [ 3321.875014] dump_stack+0x197/0x210 [ 3321.875036] dump_header+0x15e/0xa55 [ 3321.875054] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3321.875070] ? ___ratelimit+0x60/0x595 [ 3321.875084] ? do_raw_spin_unlock+0x181/0x270 [ 3321.875104] oom_kill_process.cold+0x10/0x6ef 15:04:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x337020000000000, 0x500) [ 3321.875124] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3321.875139] ? task_will_free_mem+0x139/0x6e0 [ 3321.875162] out_of_memory+0x362/0x1330 [ 3321.875182] ? lock_downgrade+0x880/0x880 [ 3321.875199] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3321.875215] ? oom_killer_disable+0x280/0x280 [ 3321.875228] ? find_held_lock+0x35/0x130 [ 3321.875257] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3321.875274] ? memcg_event_wake+0x230/0x230 [ 3321.875294] ? do_raw_spin_unlock+0x181/0x270 [ 3321.875310] ? _raw_spin_unlock+0x2d/0x50 [ 3321.875334] try_charge+0xec5/0x1490 [ 3321.875351] ? lock_downgrade+0x880/0x880 [ 3321.875374] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3321.875390] ? rcu_read_unlock+0x33/0x60 [ 3321.875404] ? get_mem_cgroup_from_mm+0x185/0x510 15:04:32 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x400000000000000, 0x500) [ 3321.875423] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3321.875448] mem_cgroup_try_charge+0x259/0x6b0 [ 3321.875471] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3321.875488] wp_page_copy+0x430/0x16a0 [ 3321.875506] ? kasan_check_read+0x11/0x20 [ 3321.875526] ? follow_pfn+0x2a0/0x2a0 [ 3321.875545] ? do_raw_spin_unlock+0x181/0x270 [ 3321.875562] do_wp_page+0x57d/0x10b0 [ 3321.875581] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3321.875597] ? kasan_check_write+0x14/0x20 [ 3321.875611] ? do_raw_spin_lock+0xd7/0x250 [ 3321.875633] __handle_mm_fault+0x2305/0x3f80 [ 3321.875653] ? copy_page_range+0x2030/0x2030 [ 3321.875687] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3321.875706] handle_mm_fault+0x1b5/0x690 [ 3321.875726] __do_page_fault+0x62a/0xe90 [ 3321.875748] ? vmalloc_fault+0x740/0x740 [ 3321.875766] ? trace_hardirqs_off_caller+0x65/0x220 [ 3321.875780] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3321.875794] ? page_fault+0x8/0x30 [ 3321.875815] do_page_fault+0x71/0x57d [ 3321.875828] ? page_fault+0x8/0x30 [ 3321.875844] page_fault+0x1e/0x30 [ 3321.875856] RIP: 0033:0x45959b [ 3321.875871] Code: 25 20 06 00 00 b8 c0 58 41 00 48 89 15 0e f4 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 ea 39 2c 00 00 00 00 00 48 c7 05 cf 39 2c 00 00 00 00 00 [ 3321.875879] RSP: 002b:00007ffe60373a90 EFLAGS: 00010206 [ 3321.875891] RAX: 0000000000000000 RBX: 00007ffe60373a90 RCX: 00000000004158d3 [ 3321.875900] RDX: 000006f50c120662 RSI: 0000000000000018 RDI: 0000000002866c20 [ 3321.875910] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3321.875918] R10: 0000000002866c10 R11: 0000000000000202 R12: 0000000000000001 [ 3321.875927] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3321.875948] Task in /syz0 killed as a result of limit of /syz0 [ 3321.875972] memory: usage 307200kB, limit 307200kB, failcnt 3757 [ 3321.875979] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.875985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.875989] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3321.876045] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3321.876076] Killed process 18091 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3321.876385] oom_reaper: reaped process 18091 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3321.885512] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3321.885522] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3321.885549] CPU: 0 PID: 16476 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3321.885559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3321.885564] Call Trace: [ 3321.885585] dump_stack+0x197/0x210 [ 3321.885607] dump_header+0x15e/0xa55 [ 3321.885625] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3321.885639] ? ___ratelimit+0x60/0x595 [ 3321.885653] ? do_raw_spin_unlock+0x181/0x270 [ 3321.885676] oom_kill_process.cold+0x10/0x6ef [ 3321.885696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3321.885711] ? task_will_free_mem+0x139/0x6e0 [ 3321.885734] out_of_memory+0x362/0x1330 [ 3321.885757] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3321.885772] ? oom_killer_disable+0x280/0x280 [ 3321.885787] ? find_held_lock+0x35/0x130 [ 3321.885816] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3321.885833] ? memcg_event_wake+0x230/0x230 [ 3321.885853] ? do_raw_spin_unlock+0x181/0x270 [ 3321.885869] ? _raw_spin_unlock+0x2d/0x50 [ 3321.885887] try_charge+0xc6e/0x1490 [ 3321.885903] ? lock_downgrade+0x880/0x880 [ 3321.885926] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3321.885943] ? rcu_read_unlock+0x33/0x60 [ 3321.885957] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3321.885972] ? mark_held_locks+0x100/0x100 [ 3321.885991] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3321.886017] mem_cgroup_try_charge+0x259/0x6b0 [ 3321.886039] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3321.886057] wp_page_copy+0x430/0x16a0 [ 3321.886081] ? follow_pfn+0x2a0/0x2a0 [ 3321.886100] ? do_raw_spin_unlock+0x181/0x270 [ 3321.886117] do_wp_page+0x57d/0x10b0 [ 3321.886136] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3321.886153] ? kasan_check_write+0x14/0x20 [ 3321.886166] ? do_raw_spin_lock+0xd7/0x250 [ 3321.886188] __handle_mm_fault+0x2305/0x3f80 [ 3321.886208] ? copy_page_range+0x2030/0x2030 [ 3321.886243] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3321.886262] handle_mm_fault+0x1b5/0x690 [ 3321.886284] __do_page_fault+0x62a/0xe90 [ 3321.886303] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3321.886331] ? vmalloc_fault+0x740/0x740 [ 3321.886348] ? trace_hardirqs_off_caller+0x65/0x220 [ 3321.886362] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3321.886377] ? page_fault+0x8/0x30 [ 3321.886397] do_page_fault+0x71/0x57d [ 3321.886411] ? page_fault+0x8/0x30 [ 3321.886428] page_fault+0x1e/0x30 [ 3321.886439] RIP: 0033:0x45967a [ 3321.886454] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 3321.886462] RSP: 002b:00007ffe60373a90 EFLAGS: 00010246 [ 3321.886474] RAX: 0000000000000000 RBX: 00007ffe60373a90 RCX: 000000000045951a [ 3321.886483] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 3321.886492] RBP: 00007ffe60373ad0 R08: 0000000000000001 R09: 0000000002866940 [ 3321.886499] R10: 0000000002866c10 R11: 0000000000000246 R12: 00000000000000ca [ 3321.886508] R13: 0000000000000084 R14: 0000000000000000 R15: 00007ffe60373b20 [ 3321.891440] Task in /syz0 killed as a result of limit of /syz0 [ 3321.891468] memory: usage 307188kB, limit 307200kB, failcnt 3757 [ 3321.891478] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.891487] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3321.891493] Memory cgroup stats for /syz0: cache:8KB rss:0KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:48KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3321.891568] Memory cgroup out of memory: Kill process 16476 (syz-executor.0) score 117 or sacrifice child [ 3321.891613] Killed process 16476 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 3321.892358] oom_reaper: reaped process 16476 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 15:04:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5413, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:33 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x403000000000000, 0x500) 15:04:33 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6b, &(0x7f0000000040)) 15:04:33 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b6, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:33 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5602, &(0x7f0000000040)={0x0, 0x0}) 15:04:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5603, &(0x7f0000000040)={0x0, 0x0}) 15:04:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5414, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x437020000000000, 0x500) 15:04:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5415, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:34 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b7, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5605, &(0x7f0000000040)={0x0, 0x0}) 15:04:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5416, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:34 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x500000000000000, 0x500) 15:04:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5606, &(0x7f0000000040)={0x0, 0x0}) [ 3326.672141] IPVS: ftp: loaded support on port[0] = 21 [ 3327.065261] chnl_net:caif_netlink_parms(): no params data found [ 3327.232863] bridge0: port 1(bridge_slave_0) entered blocking state [ 3327.248179] bridge0: port 1(bridge_slave_0) entered disabled state [ 3327.269402] device bridge_slave_0 entered promiscuous mode [ 3327.330013] bridge0: port 2(bridge_slave_1) entered blocking state [ 3327.336418] bridge0: port 2(bridge_slave_1) entered disabled state [ 3327.360974] device bridge_slave_1 entered promiscuous mode [ 3327.445508] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3327.460255] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3327.531097] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3327.541317] team0: Port device team_slave_0 added [ 3327.549710] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3327.560260] team0: Port device team_slave_1 added [ 3327.606642] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3327.630589] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3327.793533] device hsr_slave_0 entered promiscuous mode [ 3327.839794] device hsr_slave_1 entered promiscuous mode [ 3327.879843] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3327.898810] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3328.256753] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3328.639704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3328.728045] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3328.806816] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3328.814111] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3328.831203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3328.857628] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3328.878723] 8021q: adding VLAN 0 to HW filter on device team0 [ 3328.949012] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3328.956940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3328.971393] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3328.990057] bridge0: port 1(bridge_slave_0) entered blocking state [ 3328.996464] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3329.082274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3329.103439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3329.119170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3329.139434] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3329.158441] bridge0: port 2(bridge_slave_1) entered blocking state [ 3329.164848] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3329.227155] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3329.248291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3329.330340] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3329.338789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3329.357447] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3329.393205] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3329.404261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3329.473002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3329.489188] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3329.508897] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3329.529852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3329.598796] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3329.606478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3329.631061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3329.647825] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3329.669249] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3329.680106] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3329.754173] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3329.768968] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3329.871106] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3329.913151] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3329.936357] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3329.949424] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3329.980939] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3330.218121] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3330.248773] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3330.256675] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3330.270820] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3330.510396] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3330.519980] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3330.530060] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3330.601631] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3330.611009] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3330.621494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3330.632625] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3330.642289] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3330.656284] device veth0_vlan entered promiscuous mode [ 3330.724649] device veth1_vlan entered promiscuous mode [ 3330.740310] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 3330.821985] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 3330.975226] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3330.996808] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3331.003956] CPU: 0 PID: 18175 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3331.011788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3331.021150] Call Trace: [ 3331.023861] dump_stack+0x197/0x210 [ 3331.027506] dump_header+0x15e/0xa55 [ 3331.031235] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3331.036352] ? ___ratelimit+0x60/0x595 [ 3331.040249] ? do_raw_spin_unlock+0x181/0x270 [ 3331.044758] oom_kill_process.cold+0x10/0x6ef [ 3331.049266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3331.054825] ? task_will_free_mem+0x139/0x6e0 [ 3331.059337] out_of_memory+0x362/0x1330 [ 3331.063324] ? lock_downgrade+0x880/0x880 [ 3331.067483] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3331.072595] ? oom_killer_disable+0x280/0x280 [ 3331.077097] ? find_held_lock+0x35/0x130 [ 3331.081179] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3331.086133] ? memcg_event_wake+0x230/0x230 [ 3331.090481] ? do_raw_spin_unlock+0x181/0x270 [ 3331.094986] ? _raw_spin_unlock+0x2d/0x50 [ 3331.099147] try_charge+0xec5/0x1490 [ 3331.102869] ? lock_downgrade+0x880/0x880 [ 3331.107056] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3331.111912] ? rcu_read_unlock+0x33/0x60 [ 3331.115980] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3331.120836] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3331.126912] mem_cgroup_try_charge+0x259/0x6b0 [ 3331.131508] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3331.136447] wp_page_copy+0x430/0x16a0 [ 3331.140352] ? follow_pfn+0x2a0/0x2a0 [ 3331.144166] ? do_raw_spin_unlock+0x181/0x270 [ 3331.148675] do_wp_page+0x57d/0x10b0 [ 3331.152402] ? lock_acquire+0x16f/0x3f0 [ 3331.156382] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3331.161061] ? kasan_check_write+0x14/0x20 [ 3331.165304] ? do_raw_spin_lock+0xd7/0x250 [ 3331.169553] __handle_mm_fault+0x2305/0x3f80 [ 3331.173980] ? copy_page_range+0x2030/0x2030 [ 3331.178416] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3331.183123] handle_mm_fault+0x1b5/0x690 [ 3331.187211] __do_page_fault+0x62a/0xe90 [ 3331.191401] ? vmalloc_fault+0x740/0x740 [ 3331.195480] ? trace_hardirqs_off_caller+0x65/0x220 [ 3331.200512] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3331.205458] ? page_fault+0x8/0x30 [ 3331.209014] do_page_fault+0x71/0x57d [ 3331.212950] ? page_fault+0x8/0x30 [ 3331.216505] page_fault+0x1e/0x30 [ 3331.219973] RIP: 0033:0x40ff98 [ 3331.223180] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3331.242268] RSP: 002b:00007fffffa9a440 EFLAGS: 00010246 [ 3331.247642] RAX: 00000000934ce80a RBX: 000000001dbb57c6 RCX: 0000001b33a20000 [ 3331.254917] RDX: 0000000000000000 RSI: 000000000000080a RDI: ffffffff934ce80a [ 3331.262192] RBP: 0000000000000004 R08: 00000000934ce80a R09: 00000000934ce80e [ 3331.269466] R10: 00007fffffa9a5e0 R11: 0000000000000246 R12: 000000000075bfa8 [ 3331.276737] R13: 0000000080000000 R14: 00007f8e82614008 R15: 0000000000000004 [ 3331.290763] Task in /syz0 killed as a result of limit of /syz0 [ 3331.296852] memory: usage 307200kB, limit 307200kB, failcnt 3791 [ 3331.303631] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3331.310870] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3331.317138] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3331.338196] Memory cgroup out of memory: Kill process 18175 (syz-executor.0) score 1103 or sacrifice child [ 3331.352940] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 3331.359942] Killed process 18175 (syz-executor.0) total-vm:72592kB, anon-rss:92kB, file-rss:34816kB, shmem-rss:0kB 15:04:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6c, &(0x7f0000000040)) 15:04:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5607, &(0x7f0000000040)={0x0, 0x0}) 15:04:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x503000000000000, 0x500) 15:04:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5418, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b8, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:41 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x200000, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000140)) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bridge_slave_1\x00', 0x0}) r6 = getuid() setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000300)={{{@in=@multicast2, @in6=@empty, 0x4e23, 0xfff, 0x4e23, 0x0, 0x2, 0x0, 0x20, 0x3a, r5, r6}, {0x40, 0x5, 0x6, 0x3, 0x5, 0x20, 0xdbe3, 0x1}, {0x9, 0x401, 0x5b, 0x3}, 0x0, 0x6e6bbd, 0x1, 0x1, 0x2, 0x3}, {{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4d6, 0x33}, 0xa, @in6=@dev={0xfe, 0x80, [], 0xf}, 0x3502, 0x1, 0x2, 0x40, 0x7f, 0x71f, 0x4}}, 0xe8) setsockopt$bt_hci_HCI_TIME_STAMP(r4, 0x0, 0x3, &(0x7f00000000c0)=0x81, 0x4) ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000400)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r3, 0xc010641d, &(0x7f0000000540)={r7, &(0x7f0000000440)=""/212}) ioctl$DRM_IOCTL_DMA(r1, 0xc0406429, &(0x7f00000001c0)={r7, 0x1, &(0x7f0000000040)=[0x3], &(0x7f0000000080)=[0x80], 0x1, 0x1, 0x9, &(0x7f00000000c0)=[0x213a1706], &(0x7f0000000140)=[0xa76, 0xffffffff]}) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800220029080000090000000300040000001400110000"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3331.373666] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 3331.389391] oom_reaper: reaped process 18175 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5608, &(0x7f0000000040)={0x0, 0x0}) [ 3331.570400] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3331.629792] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3331.655462] CPU: 0 PID: 18190 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3331.663301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3331.674140] Call Trace: [ 3331.676741] dump_stack+0x197/0x210 [ 3331.680381] dump_header+0x15e/0xa55 [ 3331.684105] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3331.689222] ? ___ratelimit+0x60/0x595 [ 3331.693118] ? do_raw_spin_unlock+0x181/0x270 [ 3331.697636] oom_kill_process.cold+0x10/0x6ef [ 3331.702150] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3331.707709] ? task_will_free_mem+0x139/0x6e0 [ 3331.712231] out_of_memory+0x362/0x1330 [ 3331.716220] ? lock_downgrade+0x880/0x880 [ 3331.720385] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3331.725501] ? oom_killer_disable+0x280/0x280 [ 3331.730008] ? find_held_lock+0x35/0x130 [ 3331.734092] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3331.738960] ? memcg_event_wake+0x230/0x230 [ 3331.743317] ? do_raw_spin_unlock+0x181/0x270 [ 3331.747847] ? _raw_spin_unlock+0x2d/0x50 [ 3331.752017] try_charge+0xec5/0x1490 [ 3331.755756] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3331.760627] ? lock_downgrade+0x880/0x880 [ 3331.764788] ? kasan_check_read+0x11/0x20 [ 3331.768967] memcg_kmem_charge_memcg+0x83/0x170 [ 3331.773663] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3331.778183] ? __isolate_free_page+0x4c0/0x4c0 [ 3331.782786] memcg_kmem_charge+0x13b/0x370 [ 3331.787043] __alloc_pages_nodemask+0x3c3/0x750 [ 3331.791735] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3331.796777] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3331.801369] ? trace_hardirqs_on+0x67/0x220 [ 3331.805716] copy_process.part.0+0x3e0/0x7a30 [ 3331.810246] ? lock_downgrade+0x880/0x880 [ 3331.814417] ? migration_entry_to_page+0x320/0x320 [ 3331.819356] ? lru_cache_add+0x21c/0x590 [ 3331.823434] ? do_raw_spin_unlock+0x181/0x270 [ 3331.827941] ? _raw_spin_unlock+0x2d/0x50 [ 3331.832158] ? __cleanup_sighand+0x70/0x70 [ 3331.836402] ? __do_page_fault+0x676/0xe90 [ 3331.840676] ? find_held_lock+0x35/0x130 [ 3331.844748] ? __do_page_fault+0x676/0xe90 [ 3331.849001] _do_fork+0x257/0xfd0 [ 3331.852470] ? fork_idle+0x1d0/0x1d0 [ 3331.856190] ? up_read+0x1a/0x110 [ 3331.859649] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3331.865198] ? __do_page_fault+0x484/0xe90 [ 3331.869451] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3331.874218] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3331.879105] ? do_syscall_64+0x26/0x620 [ 3331.883102] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3331.888489] ? do_syscall_64+0x26/0x620 [ 3331.892489] __x64_sys_clone+0xbf/0x150 [ 3331.896485] do_syscall_64+0xfd/0x620 [ 3331.900308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3331.905505] RIP: 0033:0x45d919 [ 3331.908706] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 15:04:41 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x537020000000000, 0x500) 15:04:41 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5b9, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3331.927613] RSP: 002b:00007fffffa9a3d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3331.935332] RAX: ffffffffffffffda RBX: 00007f8e80613700 RCX: 000000000045d919 [ 3331.942614] RDX: 00007f8e806139d0 RSI: 00007f8e80612db0 RDI: 00000000003d0f00 [ 3331.949891] RBP: 00007fffffa9a5f0 R08: 00007f8e80613700 R09: 00007f8e80613700 [ 3331.957193] R10: 00007f8e806139d0 R11: 0000000000000202 R12: 0000000000000000 [ 3331.964469] R13: 00007fffffa9a48f R14: 00007f8e806139c0 R15: 000000000075bf2c 15:04:41 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5609, &(0x7f0000000040)={0x0, 0x0}) [ 3332.178117] Task in /syz0 killed as a result of limit of /syz0 [ 3332.178147] memory: usage 307192kB, limit 307200kB, failcnt 3799 [ 3332.178156] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3332.178164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3332.178170] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:96KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3332.276808] Memory cgroup out of memory: Kill process 18190 (syz-executor.0) score 1103 or sacrifice child [ 3332.297365] Killed process 18190 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b6d, &(0x7f0000000040)) 15:04:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560a, &(0x7f0000000040)={0x0, 0x0}) 15:04:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x600000000000000, 0x500) 15:04:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ba, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3332.325239] oom_reaper: reaped process 18190 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x541e, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560b, &(0x7f0000000040)={0x0, 0x0}) [ 3332.517454] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 15:04:42 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x700000000000000, 0x500) 15:04:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5bb, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5421, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:42 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560c, &(0x7f0000000040)={0x0, 0x0}) 15:04:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5422, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3332.918080] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3332.923680] CPU: 1 PID: 18218 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3332.931491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3332.940866] Call Trace: [ 3332.943475] dump_stack+0x197/0x210 [ 3332.947135] dump_header+0x15e/0xa55 [ 3332.950876] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3332.956007] ? ___ratelimit+0x60/0x595 [ 3332.959917] ? do_raw_spin_unlock+0x181/0x270 [ 3332.964461] oom_kill_process.cold+0x10/0x6ef [ 3332.968989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3332.974550] ? task_will_free_mem+0x139/0x6e0 [ 3332.979068] ? find_held_lock+0x35/0x130 [ 3332.983159] out_of_memory+0x362/0x1330 [ 3332.987185] ? lock_downgrade+0x880/0x880 [ 3332.991356] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3332.996475] ? oom_killer_disable+0x280/0x280 [ 3333.000989] ? find_held_lock+0x35/0x130 [ 3333.005092] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3333.009968] ? memcg_event_wake+0x230/0x230 [ 3333.014314] ? do_raw_spin_unlock+0x181/0x270 [ 3333.018828] ? _raw_spin_unlock+0x2d/0x50 [ 3333.022996] try_charge+0xec5/0x1490 [ 3333.026739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3333.031639] ? lock_downgrade+0x880/0x880 [ 3333.035827] ? kasan_check_read+0x11/0x20 [ 3333.040004] memcg_kmem_charge_memcg+0x83/0x170 [ 3333.044694] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3333.049222] ? __isolate_free_page+0x4c0/0x4c0 [ 3333.053823] memcg_kmem_charge+0x13b/0x370 [ 3333.058086] __alloc_pages_nodemask+0x3c3/0x750 [ 3333.062782] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3333.067815] ? __lock_acquire+0x6ee/0x49c0 [ 3333.072071] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 3333.077637] alloc_pages_current+0x107/0x210 [ 3333.082082] __pmd_alloc+0x41/0x460 [ 3333.085730] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.091293] __handle_mm_fault+0x1954/0x3f80 [ 3333.095877] ? copy_page_range+0x2030/0x2030 [ 3333.100325] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3333.105016] handle_mm_fault+0x1b5/0x690 [ 3333.109099] __do_page_fault+0x62a/0xe90 [ 3333.113213] ? vmalloc_fault+0x740/0x740 [ 3333.117301] ? trace_hardirqs_off_caller+0x65/0x220 [ 3333.122342] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3333.127397] ? page_fault+0x8/0x30 [ 3333.130963] do_page_fault+0x71/0x57d [ 3333.134780] ? page_fault+0x8/0x30 [ 3333.138336] page_fault+0x1e/0x30 [ 3333.141798] RIP: 0033:0x401c27 [ 3333.145006] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 d2 4c 00 [ 3333.163929] RSP: 002b:00007fffffa9a500 EFLAGS: 00010287 [ 3333.169312] RAX: 0000001b32a20000 RBX: 0000000000000000 RCX: 0000001b33a20000 [ 3333.176601] RDX: 0000001b32a20004 RSI: 00007fffffa9a2c0 RDI: 0000000000000000 [ 3333.183885] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 3333.191170] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 3333.198453] R13: 00007fffffa9a6f0 R14: 0000000000000000 R15: 00007fffffa9a700 [ 3333.518113] Task in /syz0 killed as a result of limit of /syz0 [ 3333.524346] memory: usage 307200kB, limit 307200kB, failcnt 3825 [ 3333.538111] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.555187] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3333.565289] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3333.616661] Memory cgroup out of memory: Kill process 18218 (syz-executor.0) score 1103 or sacrifice child [ 3333.637109] Killed process 18218 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3333.658735] oom_reaper: reaped process 18218 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b70, &(0x7f0000000040)) 15:04:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560d, &(0x7f0000000040)={0x0, 0x0}) 15:04:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5bc, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x900000000000000, 0x500) 15:04:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5423, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560e, &(0x7f0000000040)={0x0, 0x0}) [ 3333.823644] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3333.858114] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3333.871768] CPU: 1 PID: 18253 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3333.879607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3333.888983] Call Trace: [ 3333.891595] dump_stack+0x197/0x210 [ 3333.895251] dump_header+0x15e/0xa55 [ 3333.898998] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3333.904129] ? ___ratelimit+0x60/0x595 [ 3333.908040] ? do_raw_spin_unlock+0x181/0x270 [ 3333.912556] oom_kill_process.cold+0x10/0x6ef [ 3333.917097] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3333.922653] ? task_will_free_mem+0x139/0x6e0 [ 3333.927176] out_of_memory+0x362/0x1330 [ 3333.931172] ? lock_downgrade+0x880/0x880 [ 3333.935336] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3333.940455] ? oom_killer_disable+0x280/0x280 [ 3333.944967] ? find_held_lock+0x35/0x130 [ 3333.949061] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3333.953927] ? memcg_event_wake+0x230/0x230 [ 3333.958277] ? do_raw_spin_unlock+0x181/0x270 [ 3333.962798] ? _raw_spin_unlock+0x2d/0x50 [ 3333.966966] try_charge+0xec5/0x1490 [ 3333.970708] ? lock_downgrade+0x880/0x880 [ 3333.974879] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3333.979739] ? rcu_read_unlock+0x33/0x60 [ 3333.983816] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3333.988686] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3333.994772] mem_cgroup_try_charge+0x259/0x6b0 [ 3333.999383] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3334.004433] wp_page_copy+0x430/0x16a0 [ 3334.008349] ? kasan_check_read+0x11/0x20 [ 3334.012524] ? follow_pfn+0x2a0/0x2a0 [ 3334.016345] ? do_raw_spin_unlock+0x181/0x270 [ 3334.020863] do_wp_page+0x57d/0x10b0 [ 3334.024601] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3334.029287] ? kasan_check_write+0x14/0x20 [ 3334.033549] ? do_raw_spin_lock+0xd7/0x250 [ 3334.037833] __handle_mm_fault+0x2305/0x3f80 [ 3334.042268] ? copy_page_range+0x2030/0x2030 [ 3334.046717] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3334.051407] handle_mm_fault+0x1b5/0x690 [ 3334.055483] __do_page_fault+0x62a/0xe90 [ 3334.059565] ? vmalloc_fault+0x740/0x740 [ 3334.063640] ? trace_hardirqs_off_caller+0x65/0x220 [ 3334.068666] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3334.073610] ? page_fault+0x8/0x30 [ 3334.077167] do_page_fault+0x71/0x57d [ 3334.080977] ? page_fault+0x8/0x30 [ 3334.084535] page_fault+0x1e/0x30 [ 3334.087994] RIP: 0033:0x45959b [ 3334.091200] Code: 25 20 06 00 00 b8 c0 58 41 00 48 89 15 0e f4 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 ea 39 2c 00 00 00 00 00 48 c7 05 cf 39 2c 00 00 00 00 00 [ 3334.110112] RSP: 002b:00007fffffa9a670 EFLAGS: 00010202 [ 3334.115489] RAX: 0000000000000000 RBX: 00007fffffa9a670 RCX: 00000000004158d3 15:04:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5424, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3334.122787] RDX: 000006fb72215df6 RSI: 0000000000000018 RDI: 0000000001798c20 [ 3334.130072] RBP: 00007fffffa9a6b0 R08: 0000000000000001 R09: 0000000001798940 [ 3334.137354] R10: 0000000001798c10 R11: 0000000000000202 R12: 0000000000000001 [ 3334.144642] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffffa9a700 [ 3334.158151] Task in /syz0 killed as a result of limit of /syz0 [ 3334.166147] memory: usage 307200kB, limit 307200kB, failcnt 3860 15:04:43 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5bd, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0xa00000000000000, 0x500) [ 3334.195815] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:04:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5425, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5427, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x1e26000000000000, 0x500) [ 3334.358107] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3334.366764] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:64KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3334.558187] Memory cgroup out of memory: Kill process 18159 (syz-executor.0) score 117 or sacrifice child [ 3334.588145] Killed process 18253 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3334.768097] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3334.794831] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3334.824862] CPU: 0 PID: 18159 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3334.832713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3334.842191] Call Trace: [ 3334.844800] dump_stack+0x197/0x210 [ 3334.848449] dump_header+0x15e/0xa55 [ 3334.852175] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3334.857288] ? ___ratelimit+0x60/0x595 [ 3334.861183] ? do_raw_spin_unlock+0x181/0x270 [ 3334.865690] oom_kill_process.cold+0x10/0x6ef [ 3334.870202] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3334.875746] ? task_will_free_mem+0x139/0x6e0 [ 3334.880255] out_of_memory+0x362/0x1330 [ 3334.884247] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3334.889359] ? oom_killer_disable+0x280/0x280 [ 3334.893858] ? find_held_lock+0x35/0x130 [ 3334.897940] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3334.902795] ? memcg_event_wake+0x230/0x230 [ 3334.907132] ? do_raw_spin_unlock+0x181/0x270 [ 3334.911638] ? _raw_spin_unlock+0x2d/0x50 [ 3334.915896] try_charge+0xc6e/0x1490 [ 3334.919622] ? lock_downgrade+0x880/0x880 [ 3334.923785] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3334.928652] ? rcu_read_unlock+0x33/0x60 [ 3334.932725] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3334.937579] ? mark_held_locks+0x100/0x100 [ 3334.941831] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3334.947913] mem_cgroup_try_charge+0x259/0x6b0 [ 3334.952515] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3334.957459] wp_page_copy+0x430/0x16a0 [ 3334.961362] ? follow_pfn+0x2a0/0x2a0 [ 3334.965180] ? do_raw_spin_unlock+0x181/0x270 [ 3334.969707] do_wp_page+0x57d/0x10b0 [ 3334.973436] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3334.979245] ? kasan_check_write+0x14/0x20 [ 3334.983488] ? do_raw_spin_lock+0xd7/0x250 [ 3334.987737] __handle_mm_fault+0x2305/0x3f80 [ 3334.992160] ? copy_page_range+0x2030/0x2030 [ 3334.996613] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3335.001316] handle_mm_fault+0x1b5/0x690 [ 3335.005532] __do_page_fault+0x62a/0xe90 [ 3335.009615] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3335.015518] ? vmalloc_fault+0x740/0x740 [ 3335.019592] ? trace_hardirqs_off_caller+0x65/0x220 [ 3335.024615] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3335.029552] ? page_fault+0x8/0x30 [ 3335.033107] do_page_fault+0x71/0x57d [ 3335.036914] ? page_fault+0x8/0x30 [ 3335.040470] page_fault+0x1e/0x30 [ 3335.043926] RIP: 0033:0x45967a [ 3335.047127] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 3335.066032] RSP: 002b:00007fffffa9a670 EFLAGS: 00010246 [ 3335.071404] RAX: 0000000000000000 RBX: 00007fffffa9a670 RCX: 000000000045951a [ 3335.078679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a771a8 [ 3335.085954] RBP: 00007fffffa9a6b0 R08: 0000000000000001 R09: 0000000001798940 [ 3335.093241] R10: 0000000001798c10 R11: 0000000000000246 R12: 00000000000000ca [ 3335.100524] R13: 0000000000000007 R14: 0000000000000000 R15: 00007fffffa9a700 [ 3335.438096] Task in /syz0 killed as a result of limit of /syz0 [ 3335.444276] memory: usage 307044kB, limit 307200kB, failcnt 3861 [ 3335.464506] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3335.478188] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3335.484371] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:52KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3335.534751] Memory cgroup out of memory: Kill process 18159 (syz-executor.0) score 117 or sacrifice child [ 3335.555175] Killed process 18159 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:35776kB, shmem-rss:0kB [ 3335.576928] oom_reaper: reaped process 18159 (syz-executor.0), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 15:04:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b71, &(0x7f0000000040)) 15:04:45 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5be, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5428, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2000000000000000, 0x500) 15:04:45 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560f, &(0x7f0000000040)={0x0, 0x0}) 15:04:45 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r0}], 0x1, &(0x7f0000000280), 0x0, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(0xffffffffffffffff, &(0x7f00000001c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0xffffffffffffffff, 0x1cb81d6b3f962806, 0x0, @in={0x2, 0x4e24, @remote}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000080)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r1}}, 0x18) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5429, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:45 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40049409, &(0x7f0000000040)={0x0, 0x0}) 15:04:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2200000000000000, 0x500) 15:04:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5437, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:45 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40086602, &(0x7f0000000040)={0x0, 0x0}) 15:04:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2300000000000000, 0x500) 15:04:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b72, &(0x7f0000000040)) 15:04:46 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5bf, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:46 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40087602, &(0x7f0000000040)={0x0, 0x0}) 15:04:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2a04000000000000, 0x500) 15:04:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5441, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4020940d, &(0x7f0000000040)={0x0, 0x0}) 15:04:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5450, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:47 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000014000)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f000001dffc)=0x1) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000001000)={{0x100000001}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f000001cfb0)={0x6, 0x1}) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000000400000014001100000000007377b21800000040"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:47 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x2c00000000000000, 0x500) 15:04:47 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:47 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x80045432, &(0x7f0000000040)={0x0, 0x0}) 15:04:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5451, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3338.591229] IPVS: ftp: loaded support on port[0] = 21 [ 3338.923782] chnl_net:caif_netlink_parms(): no params data found [ 3339.120959] bridge0: port 1(bridge_slave_0) entered blocking state [ 3339.138134] bridge0: port 1(bridge_slave_0) entered disabled state [ 3339.148883] device bridge_slave_0 entered promiscuous mode [ 3339.222933] bridge0: port 2(bridge_slave_1) entered blocking state [ 3339.238168] bridge0: port 2(bridge_slave_1) entered disabled state [ 3339.260201] device bridge_slave_1 entered promiscuous mode [ 3339.345578] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 3339.374429] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 3339.475759] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 3339.501058] team0: Port device team_slave_0 added [ 3339.518195] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 3339.538291] team0: Port device team_slave_1 added [ 3339.545577] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 3339.611019] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 3339.742332] device hsr_slave_0 entered promiscuous mode [ 3339.779834] device hsr_slave_1 entered promiscuous mode [ 3339.820026] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 3339.883431] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 3340.202701] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 3340.538155] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3340.553425] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 3340.567729] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 3340.588452] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 3340.600945] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 3340.677909] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 3340.698128] 8021q: adding VLAN 0 to HW filter on device team0 [ 3340.767504] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 3340.789350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 3340.810161] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 3340.829302] bridge0: port 1(bridge_slave_0) entered blocking state [ 3340.835690] bridge0: port 1(bridge_slave_0) entered forwarding state [ 3340.905252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 3340.930019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 3340.949709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 3340.969954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 3340.989079] bridge0: port 2(bridge_slave_1) entered blocking state [ 3340.995454] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3341.026354] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 3341.073738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 3341.100793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 3341.118790] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 3341.190025] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 3341.197724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 3341.209598] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 3341.227230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 3341.283620] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 3341.301008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 3341.321523] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 3341.406761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 3341.429039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 3341.440525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 3341.467851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 3341.487789] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 3341.501124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 3341.580996] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 3341.587835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 3341.706475] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 3341.744545] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 3341.759177] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 3341.766700] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 3341.853417] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3342.093589] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 3342.110071] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 3342.117912] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 3342.129293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 3342.386800] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 3342.410365] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 3342.429466] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 3342.499127] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 3342.506690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 3342.521102] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 3342.545906] device veth0_vlan entered promiscuous mode [ 3342.623017] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 3342.640813] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 3342.726373] device veth1_vlan entered promiscuous mode [ 3342.732783] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 3342.749292] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 3342.892582] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3342.948117] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3342.953550] CPU: 1 PID: 18357 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3342.961353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3342.970716] Call Trace: [ 3342.973325] dump_stack+0x197/0x210 [ 3342.976974] dump_header+0x15e/0xa55 [ 3342.980707] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3342.985830] ? ___ratelimit+0x60/0x595 [ 3342.989728] ? do_raw_spin_unlock+0x181/0x270 [ 3342.994241] oom_kill_process.cold+0x10/0x6ef [ 3342.998759] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3343.004308] ? task_will_free_mem+0x139/0x6e0 [ 3343.008828] out_of_memory+0x362/0x1330 [ 3343.012817] ? lock_downgrade+0x880/0x880 [ 3343.016980] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3343.022093] ? oom_killer_disable+0x280/0x280 [ 3343.026601] ? find_held_lock+0x35/0x130 [ 3343.030692] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3343.035544] ? memcg_event_wake+0x230/0x230 [ 3343.039880] ? do_raw_spin_unlock+0x181/0x270 [ 3343.044388] ? _raw_spin_unlock+0x2d/0x50 [ 3343.048547] try_charge+0xec5/0x1490 [ 3343.052270] ? lock_downgrade+0x880/0x880 [ 3343.056430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3343.061283] ? rcu_read_unlock+0x33/0x60 [ 3343.065349] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3343.070204] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3343.076288] mem_cgroup_try_charge+0x259/0x6b0 [ 3343.080885] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3343.085840] wp_page_copy+0x430/0x16a0 [ 3343.089869] ? follow_pfn+0x2a0/0x2a0 [ 3343.093688] ? do_raw_spin_unlock+0x181/0x270 [ 3343.098204] do_wp_page+0x57d/0x10b0 [ 3343.101948] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3343.106631] ? kasan_check_write+0x14/0x20 [ 3343.110877] ? do_raw_spin_lock+0xd7/0x250 [ 3343.115130] __handle_mm_fault+0x2305/0x3f80 [ 3343.119559] ? copy_page_range+0x2030/0x2030 [ 3343.123994] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3343.128677] handle_mm_fault+0x1b5/0x690 [ 3343.132757] __do_page_fault+0x62a/0xe90 [ 3343.136859] ? vmalloc_fault+0x740/0x740 [ 3343.140935] ? trace_hardirqs_off_caller+0x65/0x220 [ 3343.145960] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3343.150900] ? page_fault+0x8/0x30 [ 3343.154460] do_page_fault+0x71/0x57d [ 3343.158267] ? page_fault+0x8/0x30 [ 3343.161818] page_fault+0x1e/0x30 [ 3343.165277] RIP: 0033:0x40d708 [ 3343.168478] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 a9 32 00 48 8b 15 73 4f 66 00 83 c0 01 <89> 05 f2 a8 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 3343.187388] RSP: 002b:00007ffde3e08c10 EFLAGS: 00010202 [ 3343.192762] RAX: 0000000000000001 RBX: 0000001b2e120014 RCX: 0000001b2f120000 [ 3343.200041] RDX: 0000001b2e120000 RSI: 000000000000118f RDI: ffffffff29a7918f [ 3343.207319] RBP: 0000001b2e120018 R08: 0000000029a7918f R09: 0000000029a79193 [ 3343.214598] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 0000001b2e12001c [ 3343.230042] R13: 0000000000330207 R14: 000000000075bf20 R15: 000000000075bf2c [ 3343.239625] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 3343.258044] Task in /syz0 killed as a result of limit of /syz0 [ 3343.264075] memory: usage 307200kB, limit 307200kB, failcnt 3898 [ 3343.271673] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 3343.292917] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3343.300185] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3343.306340] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3343.328157] Memory cgroup out of memory: Kill process 18357 (syz-executor.0) score 1103 or sacrifice child 15:04:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfa, &(0x7f0000000040)) 15:04:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x3f00000000000000, 0x500) 15:04:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000002200290800000100000000000000000014001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000002c0)=@can_delroute={0x24, 0x19, 0x609, 0x0, 0x0, {}, [@CGW_DST_IF={0x8, 0xa, r4}, @CGW_SRC_IF={0x8, 0x9, r6}]}, 0x24}}, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000200)={0x0, @phonet={0x23, 0x6, 0xac, 0x9}, @llc={0x1a, 0x321, 0x6, 0x5, 0x2, 0x86, @random="d0c52e4dc67e"}, @can={0x1d, r4}, 0x2, 0x0, 0x0, 0x0, 0x800, &(0x7f00000001c0)='team0\x00', 0x4, 0x4, 0x81}) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@delqdisc={0x2c, 0x25, 0x200, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xc}, {0x3, 0x4}, {0xd, 0x7}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x81}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000016}, 0x20000080) 15:04:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x80045440, &(0x7f0000000040)={0x0, 0x0}) 15:04:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5452, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c1, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3343.358117] Killed process 18357 (syz-executor.0) total-vm:72592kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 3343.370233] oom_reaper: reaped process 18357 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x80086601, &(0x7f0000000040)={0x0, 0x0}) 15:04:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x545d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c2, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4000000000000000, 0x500) [ 3343.648612] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3343.703372] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3343.709763] CPU: 0 PID: 18373 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3343.717583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3343.726948] Call Trace: [ 3343.729557] dump_stack+0x197/0x210 [ 3343.733197] dump_header+0x15e/0xa55 [ 3343.736918] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3343.742034] ? ___ratelimit+0x60/0x595 [ 3343.745931] ? do_raw_spin_unlock+0x181/0x270 [ 3343.750462] oom_kill_process.cold+0x10/0x6ef [ 3343.754972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3343.760521] ? task_will_free_mem+0x139/0x6e0 [ 3343.765038] out_of_memory+0x362/0x1330 [ 3343.769026] ? lock_downgrade+0x880/0x880 [ 3343.773185] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3343.778293] ? oom_killer_disable+0x280/0x280 [ 3343.782793] ? find_held_lock+0x35/0x130 [ 3343.786880] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3343.791735] ? memcg_event_wake+0x230/0x230 [ 3343.796067] ? do_raw_spin_unlock+0x181/0x270 [ 3343.800573] ? _raw_spin_unlock+0x2d/0x50 [ 3343.804733] try_charge+0xec5/0x1490 [ 3343.808462] ? lock_downgrade+0x880/0x880 [ 3343.812624] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3343.817473] ? rcu_read_unlock+0x33/0x60 [ 3343.821541] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3343.826403] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3343.832483] mem_cgroup_try_charge+0x259/0x6b0 [ 3343.837106] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3343.842064] wp_page_copy+0x430/0x16a0 [ 3343.845976] ? follow_pfn+0x2a0/0x2a0 [ 3343.849796] ? do_raw_spin_unlock+0x181/0x270 [ 3343.854433] do_wp_page+0x57d/0x10b0 [ 3343.858164] ? lock_acquire+0x16f/0x3f0 [ 3343.862154] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3343.866834] ? kasan_check_write+0x14/0x20 [ 3343.871080] ? do_raw_spin_lock+0xd7/0x250 [ 3343.875333] __handle_mm_fault+0x2305/0x3f80 [ 3343.879759] ? copy_page_range+0x2030/0x2030 [ 3343.884197] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3343.888884] handle_mm_fault+0x1b5/0x690 [ 3343.892964] __do_page_fault+0x62a/0xe90 [ 3343.897042] ? vmalloc_fault+0x740/0x740 [ 3343.901115] ? trace_hardirqs_off_caller+0x65/0x220 [ 3343.906140] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3343.911101] ? page_fault+0x8/0x30 [ 3343.914656] do_page_fault+0x71/0x57d [ 3343.918464] ? page_fault+0x8/0x30 [ 3343.922012] page_fault+0x1e/0x30 [ 3343.925468] RIP: 0033:0x40ff98 [ 3343.928670] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3343.947578] RSP: 002b:00007ffde3e08bb0 EFLAGS: 00010246 15:04:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c3, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:53 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = geteuid() sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0xffffffffffffff3c, &(0x7f0000000100)={&(0x7f0000000000)={0xfffffffffffffe75, 0x22, 0x829, 0x0, 0x0, {0x1b, 0x1000000}, [@typed={0x8, 0x11, 0x0, 0x0, @uid=r1}]}, 0x1c}, 0x1, 0xfdffffff00000000}, 0x0) [ 3343.952943] RAX: 0000000005045b7b RBX: 0000000060a23412 RCX: 0000001b2f120000 [ 3343.960220] RDX: 0000000000000000 RSI: 0000000000001b7b RDI: ffffffff05045b7b [ 3343.967490] RBP: 0000000000000007 R08: 0000000005045b7b R09: 0000000005045b7f [ 3343.974765] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 000000000075bfa8 [ 3343.982038] R13: 0000000080000000 R14: 00007f0838d25008 R15: 0000000000000007 [ 3344.068059] Task in /syz0 killed as a result of limit of /syz0 [ 3344.087564] memory: usage 307200kB, limit 307200kB, failcnt 3933 [ 3344.127814] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.167451] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.181641] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3344.208711] Memory cgroup out of memory: Kill process 18373 (syz-executor.0) score 1103 or sacrifice child 15:04:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4bfb, &(0x7f0000000040)) 15:04:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5460, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:53 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x80087601, &(0x7f0000000040)={0x0, 0x0}) [ 3344.243348] Killed process 18373 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:53 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4204000000000000, 0x500) 15:04:53 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c4, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:53 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x40, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r1}], 0x1, &(0x7f0000000280), 0x0, 0x0) ioctl$KDSKBMETA(r1, 0x4b63, &(0x7f0000000140)=0x3) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x1ff, 0x1, [0x0]}, &(0x7f0000000080)=0xa) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r2, 0x2, 0x2, 0x8}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x84, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x4, 0x11}, @generic="e853ef17b095f93744e81ca3950331a0a3acffd50c5a2b7e9ee7a8ad150cd869bc9ad614bd715439c6f4fd913f9d51cbd3e65be1ac2fd874efa71dbf22fb8fc73385c58f350b4433be7bb48c5de20132335db9f73b222dd1d4228d9ad53a1580985bcf00bf1874df72b025f9"]}, 0x84}, 0x1, 0xfdffffff00000000}, 0x0) r4 = dup(0xffffffffffffffff) setsockopt$packet_int(r4, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) write$P9_RSTAT(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="0f0300007dfeff00006b00fbff7f00010010000000000700000000000000000010108c0500007f000000ff7f00000000000002005d2c11002f6465762f7161745f6164665f63746c0011002f6465762f7161745f6164665f63746c00140073797374656d5e766d6e657430656d3075736572"], 0x72) 15:04:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5600, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0}) [ 3344.447001] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4304000000000000, 0x500) [ 3344.538122] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3344.544096] CPU: 1 PID: 18403 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3344.551911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3344.561275] Call Trace: [ 3344.563880] dump_stack+0x197/0x210 [ 3344.567529] dump_header+0x15e/0xa55 [ 3344.571262] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3344.576380] ? ___ratelimit+0x60/0x595 [ 3344.580290] ? do_raw_spin_unlock+0x181/0x270 [ 3344.584810] oom_kill_process.cold+0x10/0x6ef [ 3344.589328] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3344.594891] ? task_will_free_mem+0x139/0x6e0 [ 3344.599410] out_of_memory+0x362/0x1330 [ 3344.603405] ? lock_downgrade+0x880/0x880 [ 3344.607569] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3344.612720] ? oom_killer_disable+0x280/0x280 [ 3344.617236] ? find_held_lock+0x35/0x130 [ 3344.621336] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3344.626207] ? memcg_event_wake+0x230/0x230 [ 3344.630550] ? do_raw_spin_unlock+0x181/0x270 [ 3344.635060] ? _raw_spin_unlock+0x2d/0x50 [ 3344.639224] try_charge+0xec5/0x1490 [ 3344.642954] ? lock_downgrade+0x880/0x880 [ 3344.647118] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3344.651979] ? rcu_read_unlock+0x33/0x60 [ 3344.656060] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3344.660921] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3344.667006] mem_cgroup_try_charge+0x259/0x6b0 [ 3344.671612] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3344.676563] wp_page_copy+0x430/0x16a0 [ 3344.680475] ? follow_pfn+0x2a0/0x2a0 [ 3344.684303] ? do_raw_spin_unlock+0x181/0x270 [ 3344.688813] do_wp_page+0x57d/0x10b0 [ 3344.692540] ? lock_acquire+0x16f/0x3f0 [ 3344.696527] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3344.701206] ? kasan_check_write+0x14/0x20 [ 3344.705449] ? do_raw_spin_lock+0xd7/0x250 [ 3344.709702] __handle_mm_fault+0x2305/0x3f80 [ 3344.714133] ? copy_page_range+0x2030/0x2030 [ 3344.718574] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3344.723272] handle_mm_fault+0x1b5/0x690 [ 3344.727374] __do_page_fault+0x62a/0xe90 [ 3344.731458] ? vmalloc_fault+0x740/0x740 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0xc0045878, &(0x7f0000000040)={0x0, 0x0}) 15:04:54 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c5, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0xc0189436, &(0x7f0000000040)={0x0, 0x0}) [ 3344.735537] ? trace_hardirqs_off_caller+0x65/0x220 [ 3344.740564] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3344.745501] ? page_fault+0x8/0x30 [ 3344.749056] do_page_fault+0x71/0x57d [ 3344.752867] ? page_fault+0x8/0x30 [ 3344.756422] page_fault+0x1e/0x30 [ 3344.759880] RIP: 0033:0x40ff98 [ 3344.763083] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3344.782114] RSP: 002b:00007ffde3e08bb0 EFLAGS: 00010246 [ 3344.787496] RAX: 00000000934ce80a RBX: 000000001dbb57c6 RCX: 0000001b2f120000 [ 3344.794957] RDX: 0000000000000000 RSI: 000000000000080a RDI: ffffffff934ce80a [ 3344.802246] RBP: 0000000000000004 R08: 00000000934ce80a R09: 00000000934ce80e [ 3344.809540] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 000000000075bfa8 [ 3344.816844] R13: 0000000080000000 R14: 00007f0838d25008 R15: 0000000000000004 [ 3344.828360] Task in /syz0 killed as a result of limit of /syz0 [ 3344.834463] memory: usage 307200kB, limit 307200kB, failcnt 3965 [ 3344.841340] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.848633] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3344.854902] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3344.889703] Memory cgroup out of memory: Kill process 18403 (syz-executor.0) score 1103 or sacrifice child [ 3344.928265] Killed process 18403 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3344.965494] oom_reaper: reaped process 18403 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5409, &(0x7f0000000040)) 15:04:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5601, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:54 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r1 = socket(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @remote, 0x9}], 0x1c) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000200)={0x8001, 0x8, 0x4, 0x40000, 0xff, {0x0, 0x7530}, {0x1, 0x0, 0x2, 0xc0, 0x7f, 0x6, "e1e7a559"}, 0x10001, 0x1, @planes=&(0x7f00000001c0)={0x100, 0x200, @fd=0xffffffffffffffff, 0x7}, 0x8001}) dup(r3) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) sendmmsg$inet_sctp(r1, &(0x7f0000002cc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x4, 0x0, 0x0, r4}}], 0x20}], 0x1, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={r4, 0x1ff, 0x800, 0x80, 0x5, 0x98b1}, &(0x7f0000000140)=0x14) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) 15:04:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4404000000000000, 0x500) 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0xc020660b, &(0x7f0000000040)={0x0, 0x0}) 15:04:54 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c6, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) 15:04:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5602, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3345.154402] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 15:04:54 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4504000000000000, 0x500) 15:04:54 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x3e, 0x0}) [ 3345.269819] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3345.298561] CPU: 1 PID: 18432 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3345.306412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3345.315898] Call Trace: [ 3345.318503] dump_stack+0x197/0x210 [ 3345.322150] dump_header+0x15e/0xa55 [ 3345.325881] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3345.331007] ? ___ratelimit+0x60/0x595 [ 3345.334915] ? do_raw_spin_unlock+0x181/0x270 [ 3345.339441] oom_kill_process.cold+0x10/0x6ef [ 3345.343959] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3345.349516] ? task_will_free_mem+0x139/0x6e0 [ 3345.354036] out_of_memory+0x362/0x1330 [ 3345.358037] ? lock_downgrade+0x880/0x880 [ 3345.362211] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 15:04:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x3e00, 0x0}) [ 3345.367333] ? oom_killer_disable+0x280/0x280 [ 3345.371841] ? find_held_lock+0x35/0x130 [ 3345.375934] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3345.380798] ? memcg_event_wake+0x230/0x230 [ 3345.385138] ? do_raw_spin_unlock+0x181/0x270 [ 3345.389646] ? _raw_spin_unlock+0x2d/0x50 [ 3345.393821] try_charge+0xec5/0x1490 [ 3345.397549] ? lock_downgrade+0x880/0x880 [ 3345.401716] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3345.406570] ? rcu_read_unlock+0x33/0x60 [ 3345.410654] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3345.415510] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3345.421602] mem_cgroup_try_charge+0x259/0x6b0 [ 3345.426333] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3345.431281] wp_page_copy+0x430/0x16a0 [ 3345.435196] ? follow_pfn+0x2a0/0x2a0 [ 3345.439014] ? do_raw_spin_unlock+0x181/0x270 [ 3345.443525] do_wp_page+0x57d/0x10b0 [ 3345.447255] ? lock_acquire+0x16f/0x3f0 [ 3345.451243] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3345.455926] ? kasan_check_write+0x14/0x20 [ 3345.460181] ? do_raw_spin_lock+0xd7/0x250 [ 3345.464441] __handle_mm_fault+0x2305/0x3f80 [ 3345.468874] ? copy_page_range+0x2030/0x2030 [ 3345.473317] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3345.478027] handle_mm_fault+0x1b5/0x690 [ 3345.482119] __do_page_fault+0x62a/0xe90 [ 3345.486225] ? vmalloc_fault+0x740/0x740 [ 3345.490303] ? trace_hardirqs_off_caller+0x65/0x220 [ 3345.495334] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3345.500282] ? page_fault+0x8/0x30 [ 3345.503841] do_page_fault+0x71/0x57d [ 3345.507656] ? page_fault+0x8/0x30 [ 3345.511212] page_fault+0x1e/0x30 [ 3345.514670] RIP: 0033:0x40ff98 15:04:55 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x2, 0x109500) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) r1 = socket(0x10, 0x2, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x5, 0x3) recvmmsg(r1, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) getsockopt$inet6_buf(r1, 0x29, 0xcd, &(0x7f0000000080)=""/119, &(0x7f0000000000)=0x77) [ 3345.517870] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3345.536784] RSP: 002b:00007ffde3e08bb0 EFLAGS: 00010246 [ 3345.542170] RAX: 00000000934ce80a RBX: 000000001dbb57c6 RCX: 0000001b2f120000 [ 3345.549453] RDX: 0000000000000000 RSI: 000000000000080a RDI: ffffffff934ce80a [ 3345.556736] RBP: 0000000000000004 R08: 00000000934ce80a R09: 00000000934ce80e [ 3345.564021] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 000000000075bfa8 [ 3345.571307] R13: 0000000080000000 R14: 00007f0838d25008 R15: 0000000000000004 [ 3345.628046] Task in /syz0 killed as a result of limit of /syz0 [ 3345.647631] memory: usage 307200kB, limit 307200kB, failcnt 3995 [ 3345.829166] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3345.837342] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3345.857591] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3345.901222] Memory cgroup out of memory: Kill process 18432 (syz-executor.0) score 1103 or sacrifice child [ 3345.922903] Killed process 18432 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:55 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540b, &(0x7f0000000040)) 15:04:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5603, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3345.955357] oom_reaper: reaped process 18432 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB [ 3346.145868] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3346.181597] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3346.198187] CPU: 0 PID: 18469 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3346.206021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3346.215389] Call Trace: [ 3346.217991] dump_stack+0x197/0x210 [ 3346.221635] dump_header+0x15e/0xa55 [ 3346.225370] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3346.230491] ? ___ratelimit+0x60/0x595 [ 3346.234391] ? do_raw_spin_unlock+0x181/0x270 [ 3346.238915] oom_kill_process.cold+0x10/0x6ef [ 3346.243424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3346.249000] ? task_will_free_mem+0x139/0x6e0 [ 3346.253514] out_of_memory+0x362/0x1330 [ 3346.257501] ? lock_downgrade+0x880/0x880 [ 3346.261662] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3346.266779] ? oom_killer_disable+0x280/0x280 [ 3346.271284] ? find_held_lock+0x35/0x130 [ 3346.275369] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3346.280222] ? memcg_event_wake+0x230/0x230 [ 3346.284554] ? do_raw_spin_unlock+0x181/0x270 [ 3346.289067] ? _raw_spin_unlock+0x2d/0x50 [ 3346.293226] try_charge+0xec5/0x1490 [ 3346.296965] ? lock_downgrade+0x880/0x880 [ 3346.301149] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3346.306014] ? rcu_read_unlock+0x33/0x60 [ 3346.310091] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3346.314953] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3346.321020] ? __free_object+0xe2/0x1f0 [ 3346.325003] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3346.330127] mem_cgroup_try_charge+0x259/0x6b0 [ 3346.334729] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3346.339669] wp_page_copy+0x430/0x16a0 [ 3346.343569] ? clock_was_set_work+0x30/0x30 [ 3346.347902] ? follow_pfn+0x2a0/0x2a0 [ 3346.351769] ? do_raw_spin_unlock+0x181/0x270 [ 3346.356285] do_wp_page+0x57d/0x10b0 [ 3346.360295] ? lock_acquire+0x16f/0x3f0 [ 3346.364286] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3346.368965] ? kasan_check_write+0x14/0x20 [ 3346.373232] ? do_raw_spin_lock+0xd7/0x250 [ 3346.377488] __handle_mm_fault+0x2305/0x3f80 [ 3346.381922] ? copy_page_range+0x2030/0x2030 [ 3346.386359] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3346.391042] handle_mm_fault+0x1b5/0x690 [ 3346.395119] __do_page_fault+0x62a/0xe90 [ 3346.399196] ? vmalloc_fault+0x740/0x740 [ 3346.403274] ? trace_hardirqs_off_caller+0x65/0x220 [ 3346.408301] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3346.413239] ? page_fault+0x8/0x30 [ 3346.416791] do_page_fault+0x71/0x57d [ 3346.420600] ? page_fault+0x8/0x30 [ 3346.424150] page_fault+0x1e/0x30 [ 3346.427607] RIP: 0033:0x40ff98 [ 3346.430805] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3346.449715] RSP: 002b:00007ffde3e08bb0 EFLAGS: 00010246 [ 3346.455087] RAX: 0000000081704f19 RBX: 00000000f35e5fa0 RCX: 0000001b2f120000 [ 3346.462362] RDX: 0000000000000000 RSI: 0000000000000f19 RDI: ffffffff81704f19 [ 3346.469634] RBP: 0000000000000000 R08: 0000000081704f19 R09: 0000000081704f1d [ 3346.476909] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 000000000075bfa8 [ 3346.484192] R13: 0000000080000000 R14: 00007f0838d25008 R15: 0000000000000000 [ 3346.491519] ? trace_hardirqs_off_caller+0x19/0x220 [ 3346.568074] Task in /syz0 killed as a result of limit of /syz0 [ 3346.574200] memory: usage 307200kB, limit 307200kB, failcnt 4007 [ 3346.601279] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3346.617661] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3346.628095] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3346.671952] Memory cgroup out of memory: Kill process 18469 (syz-executor.0) score 1103 or sacrifice child [ 3346.692424] Killed process 18469 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3346.716878] oom_reaper: reaped process 18469 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:56 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$media(&(0x7f0000000440)='/dev/media#\x00', 0x2, 0x2000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r2, @ANYBLOB="000228bd7000fddbdf25110000001c0001000800090002000000080a07e0670c00000800060073680000080006000800000014000100080004004e230000080006006e71000008000600000000004c00020008000700ffff0000080005000000000408000e004e2100000800000000000000e7ff00000014000100fe8000000000000000000000000000aa0800050020000000"], 0xa8}, 0x1, 0x0, 0x0, 0x80}, 0x80) ioctl$void(r1, 0xc0045878) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2400}, 0xc, &(0x7f0000000040)={&(0x7f00000001c0)={0xcc, r2, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vlan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3f}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x7}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x3a2, 0x5, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x5}]}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'virt_wifi0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4841}, 0x10) r3 = socket(0x10, 0x2, 0x0) sendto(r3, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') r5 = socket(0x10, 0x2, 0x0) sendto(r5, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f00000003c0)=0xe8) sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f0000000640)={&(0x7f00000000c0), 0xc, &(0x7f0000000600)={&(0x7f0000000400)={0x30, r4, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_WIPHY={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xfff, 0xffffffffffffffff}}]}, 0x30}, 0x1, 0x0, 0x0, 0x200000e4}, 0x4040000) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000022002908000000000000000004000c0014001100"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4604000000000000, 0x500) 15:04:56 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0) 15:04:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540c, &(0x7f0000000040)) 15:04:56 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c7, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5605, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3347.296277] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3347.334131] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3347.346876] CPU: 1 PID: 18474 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3347.354727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3347.364325] Call Trace: [ 3347.366933] dump_stack+0x197/0x210 [ 3347.370699] dump_header+0x15e/0xa55 [ 3347.374569] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3347.379697] ? ___ratelimit+0x60/0x595 [ 3347.383599] ? do_raw_spin_unlock+0x181/0x270 [ 3347.388114] oom_kill_process.cold+0x10/0x6ef [ 3347.392726] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3347.398289] ? task_will_free_mem+0x139/0x6e0 [ 3347.402807] out_of_memory+0x362/0x1330 [ 3347.406803] ? lock_downgrade+0x880/0x880 [ 3347.410965] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3347.416213] ? oom_killer_disable+0x280/0x280 [ 3347.420716] ? find_held_lock+0x35/0x130 [ 3347.424808] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3347.429681] ? memcg_event_wake+0x230/0x230 [ 3347.434026] ? do_raw_spin_unlock+0x181/0x270 [ 3347.438548] ? _raw_spin_unlock+0x2d/0x50 [ 3347.442845] try_charge+0xec5/0x1490 [ 3347.446580] ? lock_downgrade+0x880/0x880 [ 3347.450749] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3347.455851] ? rcu_read_unlock+0x33/0x60 [ 3347.459925] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3347.464782] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3347.470864] mem_cgroup_try_charge+0x259/0x6b0 [ 3347.475477] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3347.480430] wp_page_copy+0x430/0x16a0 [ 3347.484342] ? follow_pfn+0x2a0/0x2a0 [ 3347.488161] ? do_raw_spin_unlock+0x181/0x270 [ 3347.492676] do_wp_page+0x57d/0x10b0 [ 3347.496408] ? lock_acquire+0x16f/0x3f0 [ 3347.500402] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3347.505088] ? kasan_check_write+0x14/0x20 [ 3347.509355] ? do_raw_spin_lock+0xd7/0x250 [ 3347.513612] __handle_mm_fault+0x2305/0x3f80 [ 3347.518052] ? copy_page_range+0x2030/0x2030 [ 3347.522499] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3347.527213] handle_mm_fault+0x1b5/0x690 [ 3347.531299] __do_page_fault+0x62a/0xe90 [ 3347.535389] ? vmalloc_fault+0x740/0x740 [ 3347.539467] ? trace_hardirqs_off_caller+0x65/0x220 15:04:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5606, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:57 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000140)='ceph\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000040), 0x1d4, r2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r3, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) [ 3347.544499] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3347.549445] ? page_fault+0x8/0x30 [ 3347.553011] do_page_fault+0x71/0x57d [ 3347.556932] ? page_fault+0x8/0x30 [ 3347.560487] page_fault+0x1e/0x30 [ 3347.563947] RIP: 0033:0x40ff98 [ 3347.567155] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf b2 07 4c 00 31 c0 e8 13 1f ff ff 31 ff e8 5c 1b ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 26 66 00 [ 3347.586075] RSP: 002b:00007ffde3e08bb0 EFLAGS: 00010246 15:04:57 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c8, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3347.591469] RAX: 00000000934ce80a RBX: 000000001dbb57c6 RCX: 0000001b2f120000 [ 3347.598761] RDX: 0000000000000000 RSI: 000000000000080a RDI: ffffffff934ce80a [ 3347.606044] RBP: 0000000000000004 R08: 00000000934ce80a R09: 00000000934ce80e [ 3347.613416] R10: 00007ffde3e08d50 R11: 0000000000000246 R12: 000000000075bfa8 [ 3347.620703] R13: 0000000080000000 R14: 00007f0838d25008 R15: 0000000000000004 [ 3347.643703] Task in /syz0 killed as a result of limit of /syz0 [ 3347.660370] memory: usage 307200kB, limit 307200kB, failcnt 4021 15:04:57 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4704000000000000, 0x500) 15:04:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5607, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3347.692112] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3347.713396] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3347.731613] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:57 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) [ 3347.832428] Memory cgroup out of memory: Kill process 18474 (syz-executor.0) score 1103 or sacrifice child [ 3347.864858] Killed process 18474 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3347.914100] oom_reaper: reaped process 18474 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 15:04:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4804000000000000, 0x500) 15:04:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5608, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x6) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x6ba, 0x680) 15:04:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540d, &(0x7f0000000040)) 15:04:58 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5c9, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:04:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') clock_gettime(0x0, &(0x7f0000007680)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000007540)=[{{&(0x7f0000003540)=@l2tp6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000004680)=[{&(0x7f00000035c0)=""/190, 0xbe}, {&(0x7f0000003680)=""/4096, 0x1000}], 0x2, &(0x7f00000046c0)=""/176, 0xb0}, 0x6}, {{&(0x7f0000004780)=@isdn, 0x80, &(0x7f00000059c0)=[{&(0x7f0000004800)=""/85, 0x55}, {&(0x7f0000004880)=""/4096, 0x1000}, {&(0x7f0000005880)=""/106, 0x6a}, {&(0x7f0000005900)=""/170, 0xaa}], 0x4}, 0x1000}, {{&(0x7f0000005a00)=@phonet, 0x80, &(0x7f0000005e00)=[{&(0x7f0000005a80)=""/183, 0xb7}, {&(0x7f0000005b40)=""/108, 0x6c}, {&(0x7f0000005bc0)=""/50, 0x32}, {&(0x7f0000005c00)=""/238, 0xee}, {&(0x7f0000005d00)=""/232, 0xe8}], 0x5}, 0x1000}, {{&(0x7f0000005e80)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f0000007100)=[{&(0x7f0000005f00)=""/145, 0x91}, {&(0x7f0000005fc0)=""/4096, 0x1000}, {&(0x7f0000006fc0)=""/34, 0x22}, {&(0x7f0000007000)=""/196, 0xc4}], 0x4, &(0x7f0000007140)=""/85, 0x55}, 0xfffffff9}, {{&(0x7f00000071c0)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f00000074c0)=[{&(0x7f0000007240)=""/143, 0x8f}, {&(0x7f0000007300)=""/140, 0x8c}, {&(0x7f00000073c0)=""/157, 0x9d}, {&(0x7f0000007480)=""/19, 0x13}], 0x4, &(0x7f0000007500)=""/25, 0x19}, 0xb86f}], 0x5, 0x40000000, &(0x7f00000076c0)={r2, r3+10000000}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000007b40)={&(0x7f0000000000), 0xc, &(0x7f0000007b00)={&(0x7f0000007700)={0x3cc, r1, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x10, 0x3}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x5}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_SCAN_SSIDS={0x40, 0x2d, [{0x7, 0x0, [0x8, 0x7, 0xe]}, {0x5, 0x0, [0x3]}, {0xa, 0x0, [0xe, 0x20, 0x11, 0x1e, 0x3, 0x33]}, {0x9, 0x0, [0x1d, 0x4, 0xc, 0xe, 0x4]}, {0x7, 0x0, [0x11, 0xd, 0x1e]}, {0xa, 0x0, [0x15, 0x19, 0x1b, 0xa, 0xc, 0x18]}]}, @NL80211_ATTR_IE={0x341, 0x2a, "2a5057396adbfb9841a56d2671c476f09ab6627fc11a1a48799fb81ef38b7d13ed6f8ef4ad0b5a7baab2a0087e7d114d4194f2395e43d8afc025b7148f9a8d50692801cc42446c6374ad8108dc801e3cffe736046265efecf2f76614f70976dcacf5dc1516df3090b490d5f90e130bce2e5b92efcb43abf2fe263360cecf7be618f59f12451f490b54ce1325804f5d099af2422f1bfee8d19d0a0d76b0be784dc39ca4f5d1c28be7bf1c561af9147e9bd06d60c3290060d4364816c7d6659aa61de77cd7cc980df38355adcb95a97a90fd5399841be738c52947b9d88cb062ba747a392576d888ccc53e63c37286c9cdd1f20cf625438323c951460b226542b17cf34e5d5f86dfd493a9d5d977bc14cdc4664733b162417ca345c65ad629c32a5d8ec295544b086aa36201787e384eda7f842e364203b5ea0da105f308859f8323064dbc07b49d814435628fe2b10e114541c6913a12d1875811aac31b251f085545ee21f781a07afdb7fe76c4650cd7a08f558cd5a730f99d3211388e109a38cd28d1e9505a27c25e1fb43e88d76fcdd2d217fcbb6b4a50de11de7845802a7ed1ae890383ad0c75344040f4584eacd61cc73cafca4635680db3f97efad5cb785e4562e570d1acfa4412181e910b4cd26c8e4e904c247b89858a8f38b72cba6b94c07ca29c43922ba82ac18e55fdf386b1e0df850624bde55deead27a9a268349a2d230fe9dcfe926a0a199341c2153740123326ef93e951389bf352a24a482910b0f10e3c6a2ca16561f3a241d560f678e94ae961a8e53a9e3b5a9483ec71825dc3fcebf7651b07f0cd057dfb804cee04371032de89ca38ec409b7554328339629c7a306d35aa122dc6371c879215babfb8c5b03c12c91a19b5d5f1014278f9462e8302983023daac3d3a90b69f5edbcdc0622f2d290ae8e8163343d81528d8f5d49f594127cebffe5f19bbf963bc2a6508b3ec68739afe6d9b5437fdcf2a59cbf8dc528ffbd7eaf9e2ad089105a3fad3f0352e281bc3ab217773e7ed0cf264c80ca194b0952fd05798af10871535555ed7ef97a084142f35b5a0724cce4ab62256d5b047920c7d02b408a73c273d38a1fbf14c0f4ab034db81d1f0f9db69321fbde900befc866ca7e66689fb1dda467caa340cf5742f55e91f397f53"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @broadcast}]}, 0x3cc}, 0x1, 0x0, 0x0, 0x4058004}, 0x808a182) r5 = dup(0xffffffffffffffff) setsockopt$packet_int(r5, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) sendmsg$IPSET_CMD_TYPE(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x70, 0xd, 0x6, 0x1, 0x70bd2b, 0x25dfdbfe, {0x7, 0x0, 0x6}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x13}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x992310a2747a714e}]}, 0x70}, 0x1, 0x0, 0x0, 0x813}, 0x10) 15:04:58 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000)='NLBL_UNLBL\x00') [ 3348.748560] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3348.779849] syz-executor.0 cpuset=syz0 mems_allowed=0-1 15:04:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5609, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4904000000000000, 0x500) [ 3348.818303] CPU: 1 PID: 18517 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3348.826143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3348.835513] Call Trace: [ 3348.838122] dump_stack+0x197/0x210 [ 3348.841770] dump_header+0x15e/0xa55 [ 3348.845502] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3348.850625] ? ___ratelimit+0x60/0x595 [ 3348.854526] ? do_raw_spin_unlock+0x181/0x270 [ 3348.859043] oom_kill_process.cold+0x10/0x6ef [ 3348.863561] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3348.869115] ? task_will_free_mem+0x139/0x6e0 [ 3348.873669] out_of_memory+0x362/0x1330 [ 3348.877664] ? lock_downgrade+0x880/0x880 [ 3348.881827] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3348.886946] ? oom_killer_disable+0x280/0x280 [ 3348.891457] ? find_held_lock+0x35/0x130 [ 3348.895550] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3348.900411] ? memcg_event_wake+0x230/0x230 [ 3348.904752] ? do_raw_spin_unlock+0x181/0x270 [ 3348.909260] ? _raw_spin_unlock+0x2d/0x50 [ 3348.913424] try_charge+0xec5/0x1490 [ 3348.917171] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3348.922047] ? lock_downgrade+0x880/0x880 [ 3348.927010] ? kasan_check_read+0x11/0x20 [ 3348.931184] memcg_kmem_charge_memcg+0x83/0x170 [ 3348.935871] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3348.940392] ? __isolate_free_page+0x4c0/0x4c0 [ 3348.944996] memcg_kmem_charge+0x13b/0x370 [ 3348.949269] __alloc_pages_nodemask+0x3c3/0x750 [ 3348.953962] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3348.958998] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3348.963601] ? trace_hardirqs_on+0x67/0x220 [ 3348.967944] copy_process.part.0+0x3e0/0x7a30 [ 3348.972454] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3348.977574] ? delayacct_end+0x5c/0x100 [ 3348.981571] ? __delayacct_freepages_end+0xe0/0x140 [ 3348.986601] ? __lock_acquire+0x6ee/0x49c0 [ 3348.990863] ? __cleanup_sighand+0x70/0x70 [ 3348.995113] ? mark_held_locks+0x100/0x100 [ 3348.999373] _do_fork+0x257/0xfd0 [ 3349.002843] ? fork_idle+0x1d0/0x1d0 [ 3349.006582] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3349.012485] ? kasan_check_read+0x11/0x20 [ 3349.016648] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3349.021420] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3349.026188] ? do_syscall_64+0x26/0x620 [ 3349.030175] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3349.035552] ? do_syscall_64+0x26/0x620 [ 3349.039545] __x64_sys_clone+0xbf/0x150 [ 3349.043546] do_syscall_64+0xfd/0x620 [ 3349.047365] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3349.052565] RIP: 0033:0x45d919 [ 3349.055758] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3349.074779] RSP: 002b:00007ffde3e08b48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3349.082494] RAX: ffffffffffffffda RBX: 00007f0836d24700 RCX: 000000000045d919 [ 3349.089770] RDX: 00007f0836d249d0 RSI: 00007f0836d23db0 RDI: 00000000003d0f00 [ 3349.097034] RBP: 00007ffde3e08d60 R08: 00007f0836d24700 R09: 00007f0836d24700 [ 3349.104294] R10: 00007f0836d249d0 R11: 0000000000000202 R12: 0000000000000000 [ 3349.111555] R13: 00007ffde3e08bff R14: 00007f0836d249c0 R15: 000000000075bf2c 15:04:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:04:58 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4a04000000000000, 0x500) [ 3349.197737] Task in /syz0 killed as a result of limit of /syz0 [ 3349.218123] memory: usage 307180kB, limit 307200kB, failcnt 4055 [ 3349.218139] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.218147] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3349.218153] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560b, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3349.368119] Memory cgroup out of memory: Kill process 18517 (syz-executor.0) score 1103 or sacrifice child [ 3349.379989] Killed process 18517 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:04:59 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4b04000000000000, 0x500) 15:04:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540e, &(0x7f0000000040)) [ 3349.428806] oom_reaper: reaped process 18517 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:04:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560c, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3349.599132] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 3349.648284] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3349.653869] CPU: 1 PID: 18553 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3349.661675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3349.671037] Call Trace: [ 3349.673645] dump_stack+0x197/0x210 [ 3349.677288] dump_header+0x15e/0xa55 [ 3349.681028] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3349.686165] ? ___ratelimit+0x60/0x595 [ 3349.690069] ? do_raw_spin_unlock+0x181/0x270 15:04:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3349.694586] oom_kill_process.cold+0x10/0x6ef [ 3349.699102] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3349.704666] ? task_will_free_mem+0x139/0x6e0 [ 3349.709183] out_of_memory+0x362/0x1330 [ 3349.713173] ? lock_downgrade+0x880/0x880 [ 3349.717334] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3349.722452] ? oom_killer_disable+0x280/0x280 [ 3349.726959] ? find_held_lock+0x35/0x130 [ 3349.731049] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3349.735908] ? memcg_event_wake+0x230/0x230 [ 3349.740245] ? do_raw_spin_unlock+0x181/0x270 [ 3349.744756] ? _raw_spin_unlock+0x2d/0x50 [ 3349.748920] try_charge+0xec5/0x1490 [ 3349.752653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3349.757515] ? lock_downgrade+0x880/0x880 [ 3349.761677] ? kasan_check_read+0x11/0x20 [ 3349.765842] memcg_kmem_charge_memcg+0x83/0x170 [ 3349.770524] ? memcg_kmem_put_cache+0xb0/0xb0 [ 3349.775035] ? __isolate_free_page+0x4c0/0x4c0 [ 3349.779641] memcg_kmem_charge+0x13b/0x370 [ 3349.783900] __alloc_pages_nodemask+0x3c3/0x750 [ 3349.788600] ? __alloc_pages_slowpath+0x2870/0x2870 [ 3349.796796] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3349.801394] ? trace_hardirqs_on+0x67/0x220 [ 3349.805738] copy_process.part.0+0x3e0/0x7a30 [ 3349.810250] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3349.815378] ? delayacct_end+0x5c/0x100 [ 3349.819376] ? __delayacct_freepages_end+0xe0/0x140 [ 3349.824421] ? __lock_acquire+0x6ee/0x49c0 [ 3349.828690] ? __cleanup_sighand+0x70/0x70 [ 3349.832944] ? mark_held_locks+0x100/0x100 [ 3349.837227] _do_fork+0x257/0xfd0 [ 3349.840706] ? fork_idle+0x1d0/0x1d0 [ 3349.844443] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 3349.850359] ? kasan_check_read+0x11/0x20 [ 3349.854528] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3349.859307] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3349.864074] ? do_syscall_64+0x26/0x620 [ 3349.868057] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3349.873434] ? do_syscall_64+0x26/0x620 [ 3349.877426] __x64_sys_clone+0xbf/0x150 [ 3349.881416] do_syscall_64+0xfd/0x620 [ 3349.885236] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3349.890434] RIP: 0033:0x45d919 [ 3349.893638] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 3349.912644] RSP: 002b:00007ffde3e08b48 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 3349.920364] RAX: ffffffffffffffda RBX: 00007f0836d24700 RCX: 000000000045d919 [ 3349.927643] RDX: 00007f0836d249d0 RSI: 00007f0836d23db0 RDI: 00000000003d0f00 [ 3349.934922] RBP: 00007ffde3e08d60 R08: 00007f0836d24700 R09: 00007f0836d24700 [ 3349.942204] R10: 00007f0836d249d0 R11: 0000000000000202 R12: 0000000000000000 [ 3349.949482] R13: 00007ffde3e08bff R14: 00007f0836d249c0 R15: 000000000075bf2c [ 3350.098164] Task in /syz0 killed as a result of limit of /syz0 [ 3350.105464] memory: usage 307192kB, limit 307200kB, failcnt 4088 [ 3350.117920] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3350.143726] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3350.178214] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB 15:04:59 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ca, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3350.246653] Memory cgroup out of memory: Kill process 18553 (syz-executor.0) score 1103 or sacrifice child [ 3350.277231] Killed process 18553 (syz-executor.0) total-vm:72588kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3350.318887] oom_reaper: reaped process 18553 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:05:00 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="28000000001400"/24], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) r1 = socket(0x10, 0x2, 0x0) sendto(r1, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r2}], 0x1, &(0x7f0000000280), 0x0, 0x0) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r3}], 0x1, &(0x7f0000000280), 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) connect$can_bcm(r3, &(0x7f0000000300)={0x1d, r4}, 0x10) r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000100}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x80, r5, 0x600, 0x70bd28, 0x25dfdbfe, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @loopback}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x416e17e60113072e}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x3c}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x2a}}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @rand_addr="187a680cdadbbe70458d7a52cdc9c48c"}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}]}, 0x80}}, 0x8044) 15:05:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560e, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:05:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4c04000000000000, 0x500) 15:05:00 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r1}], 0x1, &(0x7f0000000280), 0x0, 0x0) perf_event_open(&(0x7f0000000080)={0x4, 0x70, 0x1, 0x1, 0x40, 0xbb, 0x0, 0x3, 0x1, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x10001, 0xd, @perf_bp={&(0x7f0000000000), 0x2}, 0x8, 0x10001, 0x4, 0x2, 0x1000, 0x4, 0x7}, r0, 0x3, r1, 0x1) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) r3 = socket(0x10, 0x2, 0x0) sendto(r3, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000200)=[{r4}], 0x1, &(0x7f0000000280), 0x0, 0x0) r5 = dup(r4) setsockopt$packet_int(r5, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) mmap$fb(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000a, 0x13, r5, 0xd3000) 15:05:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x540f, &(0x7f0000000040)) 15:05:00 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5cb, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3351.156555] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 3351.198097] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3351.209276] CPU: 1 PID: 18566 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3351.217114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3351.226487] Call Trace: [ 3351.229101] dump_stack+0x197/0x210 [ 3351.232751] dump_header+0x15e/0xa55 [ 3351.236477] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3351.241592] ? ___ratelimit+0x60/0x595 [ 3351.245492] ? do_raw_spin_unlock+0x181/0x270 [ 3351.250007] oom_kill_process.cold+0x10/0x6ef [ 3351.254520] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3351.260071] ? task_will_free_mem+0x139/0x6e0 [ 3351.264583] out_of_memory+0x362/0x1330 [ 3351.268575] ? lock_downgrade+0x880/0x880 [ 3351.272733] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3351.277857] ? oom_killer_disable+0x280/0x280 [ 3351.282366] ? find_held_lock+0x35/0x130 [ 3351.286455] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3351.291315] ? memcg_event_wake+0x230/0x230 [ 3351.295650] ? do_raw_spin_unlock+0x181/0x270 [ 3351.300156] ? _raw_spin_unlock+0x2d/0x50 [ 3351.304315] try_charge+0xec5/0x1490 [ 3351.308039] ? lock_downgrade+0x880/0x880 [ 3351.312214] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3351.317065] ? rcu_read_unlock+0x33/0x60 [ 3351.321142] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3351.326004] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3351.332089] mem_cgroup_try_charge+0x259/0x6b0 [ 3351.336694] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3351.341639] wp_page_copy+0x430/0x16a0 [ 3351.345540] ? kasan_check_read+0x11/0x20 [ 3351.349705] ? follow_pfn+0x2a0/0x2a0 [ 3351.353559] ? do_raw_spin_unlock+0x181/0x270 [ 3351.358080] do_wp_page+0x57d/0x10b0 [ 3351.361815] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3351.366499] ? kasan_check_write+0x14/0x20 [ 3351.370886] ? do_raw_spin_lock+0xd7/0x250 [ 3351.375173] __handle_mm_fault+0x2305/0x3f80 [ 3351.379604] ? copy_page_range+0x2030/0x2030 [ 3351.384051] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3351.388737] handle_mm_fault+0x1b5/0x690 [ 3351.392814] __do_page_fault+0x62a/0xe90 [ 3351.396892] ? vmalloc_fault+0x740/0x740 [ 3351.400970] ? trace_hardirqs_off_caller+0x65/0x220 [ 3351.405999] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3351.410943] ? page_fault+0x8/0x30 [ 3351.414505] do_page_fault+0x71/0x57d [ 3351.418319] ? page_fault+0x8/0x30 [ 3351.421869] page_fault+0x1e/0x30 [ 3351.425326] RIP: 0033:0x40df3b [ 3351.428532] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a8 00 00 00 41 83 fe 10 75 d7 bf ee 08 4c 00 31 c0 e8 85 3e ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 3351.447444] RSP: 002b:00007ffde3e08c80 EFLAGS: 00010246 [ 3351.452825] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffde3e08d38 [ 3351.460105] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 3351.467391] RBP: 000000000075bf2c R08: 00007ffde3e08d40 R09: 0000000000760888 [ 3351.474681] R10: 0000000000439da0 R11: 000000000000000f R12: 000000000075bf20 [ 3351.481968] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 15:05:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5cc, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3351.499992] Task in /syz0 killed as a result of limit of /syz0 [ 3351.506147] memory: usage 307200kB, limit 307200kB, failcnt 4120 [ 3351.512877] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3351.532979] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3351.568117] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:84KB inactive_file:0KB active_file:0KB unevictable:0KB 15:05:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x4d04000000000000, 0x500) 15:05:01 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsu\x00', 0x80000, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x58, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x30, 0x16, [{0x2c, 0x1, [@IFLA_VF_MAC={0x28, 0x2, {0xfffffff8, @random="f570fd5f7ce7"}}]}]}, @IFLA_GROUP={0x8}]}, 0x58}}, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_RECVSEQ(r1, 0x111, 0x2, 0x0, 0x4) [ 3351.617193] Memory cgroup out of memory: Kill process 18566 (syz-executor.0) score 1103 or sacrifice child [ 3351.636092] Killed process 18566 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3351.658709] oom_reaper: reaped process 18566 (syz-executor.0), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 15:05:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5410, &(0x7f0000000040)) 15:05:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5cd, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3351.790607] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3351.801870] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3351.814787] CPU: 1 PID: 18592 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3351.822627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3351.832127] Call Trace: [ 3351.834738] dump_stack+0x197/0x210 [ 3351.838386] dump_header+0x15e/0xa55 [ 3351.842121] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3351.847241] ? ___ratelimit+0x60/0x595 [ 3351.851141] ? do_raw_spin_unlock+0x181/0x270 [ 3351.855654] oom_kill_process.cold+0x10/0x6ef [ 3351.860168] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3351.865717] ? task_will_free_mem+0x139/0x6e0 [ 3351.870231] out_of_memory+0x362/0x1330 [ 3351.874227] ? lock_downgrade+0x880/0x880 [ 3351.878392] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3351.883514] ? oom_killer_disable+0x280/0x280 [ 3351.888023] ? find_held_lock+0x35/0x130 [ 3351.892112] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3351.896975] ? memcg_event_wake+0x230/0x230 [ 3351.901322] ? do_raw_spin_unlock+0x181/0x270 [ 3351.905838] ? _raw_spin_unlock+0x2d/0x50 [ 3351.910005] try_charge+0xec5/0x1490 [ 3351.913742] ? lock_downgrade+0x880/0x880 [ 3351.917924] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3351.922784] ? rcu_read_unlock+0x33/0x60 [ 3351.926857] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3351.931715] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3351.937800] mem_cgroup_try_charge+0x259/0x6b0 [ 3351.942411] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3351.948842] wp_page_copy+0x430/0x16a0 [ 3351.952756] ? follow_pfn+0x2a0/0x2a0 [ 3351.956565] ? do_raw_spin_unlock+0x181/0x270 [ 3351.961073] do_wp_page+0x57d/0x10b0 [ 3351.964808] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3351.969507] ? kasan_check_write+0x14/0x20 [ 3351.973756] ? do_raw_spin_lock+0xd7/0x250 [ 3351.978012] __handle_mm_fault+0x2305/0x3f80 [ 3351.982444] ? copy_page_range+0x2030/0x2030 [ 3351.986892] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3351.991585] handle_mm_fault+0x1b5/0x690 [ 3351.995678] __do_page_fault+0x62a/0xe90 [ 3351.999760] ? vmalloc_fault+0x740/0x740 [ 3352.003842] ? trace_hardirqs_off_caller+0x65/0x220 [ 3352.008875] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3352.013829] ? page_fault+0x8/0x30 [ 3352.017397] do_page_fault+0x71/0x57d [ 3352.021214] ? page_fault+0x8/0x30 [ 3352.024765] page_fault+0x1e/0x30 [ 3352.028238] RIP: 0033:0x410f58 15:05:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x560f, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3352.031437] Code: 48 8b 05 63 af 30 00 48 89 08 48 8b 15 61 af 30 00 48 89 42 08 48 8b 05 46 af 30 00 48 89 05 4f af 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 17 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 3352.050352] RSP: 002b:00007ffde3e08dd8 EFLAGS: 00010246 [ 3352.055735] RAX: 0000000001223c00 RBX: 00007ffde3e08de0 RCX: 000000000071bea0 [ 3352.063015] RDX: 0000000000410d90 RSI: 000000000071be90 RDI: 0000000001223c20 [ 3352.070297] RBP: 00007ffde3e08e20 R08: 0000000000000001 R09: 0000000001223940 [ 3352.077575] R10: 0000000001223c10 R11: 0000000000000202 R12: 0000000000000001 [ 3352.084861] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffde3e08e70 15:05:01 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000180)="b385fb4c94ba04d0851e607797820ee0f9e73fc2287d5176119319a50213edb6b2fbe0dacdbaa0eb7afc0b968dfbe4d3", 0x0}, 0x20) r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000180), 0x10) setsockopt(r0, 0x65, 0x1, &(0x7f0000000080), 0x1d0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) r2 = getgid() r3 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0) setregid(r4, 0x0) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x80441, 0x0) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_FLUSH(r5, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xaf27c0d87f61688a}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)={0x8c, r6, 0x8, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@empty}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x29}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4, 0x18}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x4}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x81}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x82c}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x20400c2}, 0x840b1) r7 = dup(0xffffffffffffffff) setsockopt$packet_int(r7, 0x107, 0x0, &(0x7f0000006ffc), 0x26d) r8 = socket(0x10, 0x2, 0x0) sendto(r8, &(0x7f0000000140)="120000001200e7ef007b1a3fcd00000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r8, &(0x7f00000037c0)=[{{0x0, 0x14e, 0x0, 0x0, 0x0, 0x24b, 0xb6c}}], 0x34, 0xac0, 0x0) r9 = accept(r8, &(0x7f0000000400)=@tipc=@name, &(0x7f0000000480)=0x80) sendto$inet6(r9, &(0x7f0000000500)="dd9682bd65d4189b671e12520f62bc9108f681c0ab64c15c7043d602259752738d5bfc5e031474f442947f1bc0dadde459f72df22639eb42e1fef83443956b3e86fbccd2f4e288de9a51e9789fe344e08ebcc95ee86e2423dc8888244cbee1146aa89facf4a65ddad9b7ed9bb3bd287237139f53c08df9bce2c041c4ccef3ff792e5", 0x82, 0x8080, 0x0, 0x0) statx(r7, &(0x7f0000000000)='./file0\x00', 0x100, 0x100, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(r2, r4, r10) r11 = pkey_alloc(0x0, 0x2) pkey_free(r11) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x4, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) 15:05:01 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x6000000000000000, 0x500) 15:05:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5ce, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3352.136208] Task in /syz0 killed as a result of limit of /syz0 [ 3352.143655] memory: usage 307196kB, limit 307200kB, failcnt 4141 [ 3352.167903] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. 15:05:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40049409, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3352.198157] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3352.213538] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 15:05:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x80400, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x140, r1, 0x400, 0x70bd2d, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x400}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x101}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x333}]}, @TIPC_NLA_MEDIA={0x30, 0x5, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x66}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x6c, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MEDIA={0x40, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x47}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x34, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x140}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r2, 0x4b37, &(0x7f0000000040)={0x0, 0x0}) r3 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000900)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa74ff569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23", 0x395, r3) r4 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000140)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000900)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa74ff569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec24c53d86571ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23", 0x395, r4) r5 = add_key(&(0x7f00000002c0)='rxrpc\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)="e17c7326ed426e2c4dc9eac82c270e5200d4d7", 0x13, r4) keyctl$link(0x8, r3, r5) write$P9_RSYMLINK(r0, &(0x7f0000000400)={0x14, 0x11, 0x2, {0x8, 0x2, 0x2}}, 0x14) [ 3352.289184] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:0KB active_file:0KB unevictable:0KB [ 3352.343166] Memory cgroup out of memory: Kill process 18342 (syz-executor.0) score 117 or sacrifice child 15:05:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x8000000000000000, 0x500) 15:05:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40086602, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) 15:05:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x5412, &(0x7f0000000040)) [ 3352.387301] Killed process 18592 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB [ 3352.413740] oom_reaper: reaped process 18592 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 3352.537307] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 3352.588133] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 3352.602897] CPU: 0 PID: 18623 Comm: syz-executor.0 Not tainted 4.19.95-syzkaller #0 [ 3352.610730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3352.620104] Call Trace: [ 3352.622710] dump_stack+0x197/0x210 [ 3352.626363] dump_header+0x15e/0xa55 [ 3352.630101] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3352.635217] ? ___ratelimit+0x60/0x595 [ 3352.639118] ? do_raw_spin_unlock+0x181/0x270 [ 3352.643632] oom_kill_process.cold+0x10/0x6ef [ 3352.648239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3352.653788] ? task_will_free_mem+0x139/0x6e0 [ 3352.658309] out_of_memory+0x362/0x1330 [ 3352.662297] ? lock_downgrade+0x880/0x880 [ 3352.666454] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 3352.671570] ? oom_killer_disable+0x280/0x280 [ 3352.676078] ? find_held_lock+0x35/0x130 [ 3352.680162] mem_cgroup_out_of_memory+0x1d2/0x240 [ 3352.685025] ? memcg_event_wake+0x230/0x230 [ 3352.689367] ? do_raw_spin_unlock+0x181/0x270 [ 3352.693872] ? _raw_spin_unlock+0x2d/0x50 [ 3352.698044] try_charge+0xec5/0x1490 [ 3352.701784] ? lock_downgrade+0x880/0x880 [ 3352.705958] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 3352.710825] ? rcu_read_unlock+0x33/0x60 [ 3352.714907] ? get_mem_cgroup_from_mm+0x185/0x510 [ 3352.719768] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 3352.725851] mem_cgroup_try_charge+0x259/0x6b0 [ 3352.730453] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 3352.735400] wp_page_copy+0x430/0x16a0 [ 3352.739307] ? follow_pfn+0x2a0/0x2a0 [ 3352.743121] ? do_raw_spin_unlock+0x181/0x270 [ 3352.747627] do_wp_page+0x57d/0x10b0 [ 3352.751354] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 3352.756030] ? kasan_check_write+0x14/0x20 [ 3352.760269] ? do_raw_spin_lock+0xd7/0x250 [ 3352.764519] __handle_mm_fault+0x2305/0x3f80 [ 3352.768939] ? copy_page_range+0x2030/0x2030 [ 3352.773371] ? count_memcg_event_mm+0x2b1/0x4d0 [ 3352.778057] handle_mm_fault+0x1b5/0x690 [ 3352.782133] __do_page_fault+0x62a/0xe90 [ 3352.786209] ? vmalloc_fault+0x740/0x740 [ 3352.790278] ? trace_hardirqs_off_caller+0x65/0x220 [ 3352.795302] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3352.800240] ? page_fault+0x8/0x30 [ 3352.803795] do_page_fault+0x71/0x57d [ 3352.807603] ? page_fault+0x8/0x30 [ 3352.811151] page_fault+0x1e/0x30 [ 3352.814606] RIP: 0033:0x45954e [ 3352.817808] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 d7 f3 61 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 15:05:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x40087602, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3352.836716] RSP: 002b:00007ffde3e08de0 EFLAGS: 00010206 [ 3352.842116] RAX: 0000000000a78428 RBX: 00007ffde3e08de0 RCX: 000000000045951a [ 3352.849394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 3352.856669] RBP: 00007ffde3e08e20 R08: 0000000000000001 R09: 0000000001223940 [ 3352.863944] R10: 0000000001223c10 R11: 0000000000000246 R12: 0000000000000001 [ 3352.871221] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffde3e08e70 [ 3352.892580] Task in /syz0 killed as a result of limit of /syz0 [ 3352.901372] memory: usage 307196kB, limit 307200kB, failcnt 4171 [ 3352.916360] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 15:05:02 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x80000004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="cefaad1bb83c000022dc", 0xa}], 0x8cffffff00000000, 0x500) [ 3352.941171] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 3352.961898] Memory cgroup stats for /syz0: cache:8KB rss:112KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:60KB inactive_file:0KB active_file:0KB unevictable:0KB 15:05:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r0, 0x4020940d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{}]}) [ 3353.044609] Memory cgroup out of memory: Kill process 18342 (syz-executor.0) score 117 or sacrifice child [ 3353.078926] Killed process 18623 (syz-executor.0) total-vm:72456kB, anon-rss:100kB, file-rss:34816kB, shmem-rss:0kB 15:05:02 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x5cf, &(0x7f0000000100)={&(0x7f00000004c0)={0x28, 0x22, 0x829, 0x0, 0x0, {0x5, 0x1000000}, [@typed={0x14, 0x11}]}, 0x28}, 0x1, 0xfdffffff00000000}, 0x0) [ 3500.928337] INFO: task syz-executor.3:18603 blocked for more than 140 seconds. [ 3500.948032] Not tainted 4.19.95-syzkaller #0 [ 3500.952995] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3500.968001] syz-executor.3 D29496 18603 13392 0x00000004 [ 3500.973680] Call Trace: [ 3500.976298] __schedule+0x866/0x1dc0 [ 3500.998140] ? firmware_map_remove+0x1a7/0x1a7 [ 3501.002774] ? rwsem_down_write_failed+0x764/0xc30 [ 3501.007898] ? _raw_spin_unlock_irq+0x28/0x90 [ 3501.028018] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3501.032673] schedule+0x92/0x1c0 [ 3501.036075] rwsem_down_write_failed+0x774/0xc30 [ 3501.058135] ? rwsem_down_read_failed+0x3c0/0x3c0 [ 3501.063305] ? kasan_check_write+0x14/0x20 [ 3501.067814] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3501.098050] ? mark_held_locks+0xb1/0x100 [ 3501.102278] ? check_preemption_disabled+0x48/0x290 [ 3501.107348] call_rwsem_down_write_failed+0x17/0x30 [ 3501.118175] ? call_rwsem_down_write_failed+0x17/0x30 [ 3501.123422] down_write+0x53/0x90 [ 3501.126889] ? register_netdevice_notifier+0x7e/0x630 [ 3501.148454] register_netdevice_notifier+0x7e/0x630 [ 3501.153545] ? pcpu_balance_workfn+0x1270/0x1270 [ 3501.168062] ? __lockdep_init_map+0x10c/0x5b0 [ 3501.172623] ? __dev_close_many+0x300/0x300 [ 3501.177046] raw_init+0x299/0x340 [ 3501.198132] ? can_init_proc.cold+0x16/0x16 [ 3501.202508] can_create+0x288/0x4b0 [ 3501.206242] __sock_create+0x3d8/0x730 [ 3501.218910] __sys_socket+0x103/0x220 [ 3501.222759] ? move_addr_to_kernel+0x80/0x80 [ 3501.227176] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3501.248535] ? do_syscall_64+0x26/0x620 [ 3501.252598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.268054] ? do_syscall_64+0x26/0x620 [ 3501.272086] __x64_sys_socket+0x73/0xb0 [ 3501.276074] do_syscall_64+0xfd/0x620 [ 3501.280328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.285533] RIP: 0033:0x45af49 [ 3501.289056] Code: Bad RIP value. [ 3501.292430] RSP: 002b:00007f47a5471c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3501.300619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 3501.307912] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001d [ 3501.328027] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 3501.335352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47a54726d4 [ 3501.358070] R13: 00000000004cb896 R14: 00000000004e6118 R15: 00000000ffffffff [ 3501.365466] INFO: task syz-executor.3:18608 blocked for more than 140 seconds. [ 3501.388068] Not tainted 4.19.95-syzkaller #0 [ 3501.393045] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3501.418081] syz-executor.3 D26968 18608 13392 0x00000004 [ 3501.423759] Call Trace: [ 3501.426382] __schedule+0x866/0x1dc0 [ 3501.430205] ? firmware_map_remove+0x1a7/0x1a7 [ 3501.434802] ? rwsem_down_write_failed+0x764/0xc30 [ 3501.439875] ? _raw_spin_unlock_irq+0x28/0x90 [ 3501.444387] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3501.449054] schedule+0x92/0x1c0 [ 3501.452450] rwsem_down_write_failed+0x774/0xc30 [ 3501.457223] ? rwsem_down_read_failed+0x3c0/0x3c0 [ 3501.462210] ? kasan_check_write+0x14/0x20 [ 3501.466467] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3501.471391] ? mark_held_locks+0xb1/0x100 [ 3501.475557] ? check_preemption_disabled+0x48/0x290 [ 3501.481541] call_rwsem_down_write_failed+0x17/0x30 [ 3501.486578] ? call_rwsem_down_write_failed+0x17/0x30 [ 3501.508061] down_write+0x53/0x90 [ 3501.511578] ? register_netdevice_notifier+0x7e/0x630 [ 3501.516780] register_netdevice_notifier+0x7e/0x630 [ 3501.522881] ? pcpu_balance_workfn+0x1270/0x1270 [ 3501.527670] ? __lockdep_init_map+0x10c/0x5b0 [ 3501.558114] ? __dev_close_many+0x300/0x300 [ 3501.562609] raw_init+0x299/0x340 [ 3501.566097] ? can_init_proc.cold+0x16/0x16 [ 3501.573060] can_create+0x288/0x4b0 [ 3501.576733] __sock_create+0x3d8/0x730 [ 3501.580792] __sys_socket+0x103/0x220 [ 3501.584619] ? move_addr_to_kernel+0x80/0x80 [ 3501.589129] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3501.593909] ? do_syscall_64+0x26/0x620 [ 3501.597930] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.603647] ? do_syscall_64+0x26/0x620 [ 3501.607650] __x64_sys_socket+0x73/0xb0 [ 3501.612525] do_syscall_64+0xfd/0x620 [ 3501.616356] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3501.628041] RIP: 0033:0x45af49 [ 3501.631283] Code: Bad RIP value. [ 3501.634657] RSP: 002b:00007f47a5450c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 3501.642649] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045af49 [ 3501.652479] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 000000000000001d [ 3501.659940] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 3501.667261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f47a54516d4 [ 3501.674690] R13: 00000000004cb896 R14: 00000000004e6118 R15: 00000000ffffffff [ 3501.682181] [ 3501.682181] Showing all locks held in the system: [ 3501.691006] 1 lock held by khungtaskd/1077: [ 3501.695357] #0: 0000000086ddb43f (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 3501.704197] 1 lock held by rsyslogd/8020: [ 3501.708847] #0: 00000000415b1f7b (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 3501.716793] 2 locks held by getty/8143: [ 3501.720963] #0: 000000001ff040f9 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.729357] #1: 00000000c8fd0d49 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.739337] 2 locks held by getty/8144: [ 3501.743317] #0: 00000000eefb39c7 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.751682] #1: 0000000062bd4917 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.768021] 2 locks held by getty/8145: [ 3501.772038] #0: 00000000dc519385 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.808003] #1: 00000000001ab64e (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.817020] 2 locks held by getty/8146: [ 3501.828127] #0: 00000000e9d9949f (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.836497] #1: 0000000018fe8215 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.878021] 2 locks held by getty/8147: [ 3501.882039] #0: 000000001799690b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.890873] #1: 000000002ae07ac2 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.900107] 2 locks held by getty/8148: [ 3501.904096] #0: 0000000086e97c6a (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3501.912974] #1: 0000000082868023 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3501.922395] 4 locks held by kworker/u4:2/3695: [ 3501.926990] #0: 000000006f8b8724 ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x87e/0x1750 [ 3501.936980] #1: 00000000857927ae (net_cleanup_work){+.+.}, at: process_one_work+0x8b4/0x1750 [ 3501.956967] #2: 00000000cebb82b7 (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0x960 [ 3501.978087] #3: 00000000a2fed0d7 (rtnl_mutex){+.+.}, at: rtnl_lock+0x17/0x20 [ 3501.985511] 3 locks held by kworker/u4:4/15133: [ 3501.998856] 2 locks held by getty/18310: [ 3502.002936] #0: 00000000dfc4e73b (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 3502.028106] #1: 00000000a9c9f1d0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 3502.037021] 1 lock held by syz-executor.3/18603: [ 3502.058109] #0: 00000000cebb82b7 (pernet_ops_rwsem){++++}, at: register_netdevice_notifier+0x7e/0x630 [ 3502.067638] 1 lock held by syz-executor.3/18608: [ 3502.098014] #0: 00000000cebb82b7 (pernet_ops_rwsem){++++}, at: register_netdevice_notifier+0x7e/0x630 [ 3502.107570] [ 3502.109659] ============================================= [ 3502.109659] [ 3502.116698] NMI backtrace for cpu 1 [ 3502.120447] CPU: 1 PID: 1077 Comm: khungtaskd Not tainted 4.19.95-syzkaller #0 [ 3502.127812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3502.137168] Call Trace: [ 3502.139778] dump_stack+0x197/0x210 [ 3502.143421] nmi_cpu_backtrace.cold+0x63/0xa4 [ 3502.147930] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 3502.152872] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 3502.158173] arch_trigger_cpumask_backtrace+0x14/0x20 [ 3502.163371] watchdog+0x9df/0xee0 [ 3502.166844] kthread+0x354/0x420 [ 3502.170221] ? reset_hung_task_detector+0x30/0x30 [ 3502.175203] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3502.180767] ret_from_fork+0x24/0x30 [ 3502.184736] Sending NMI from CPU 1 to CPUs 0: [ 3502.189714] NMI backtrace for cpu 0 [ 3502.189721] CPU: 0 PID: 10 Comm: rcu_preempt Not tainted 4.19.95-syzkaller #0 [ 3502.189728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3502.189732] RIP: 0010:lockdep_hardirqs_on+0x31d/0x5d0 [ 3502.189746] Code: 00 00 00 00 fc ff df 48 89 da 83 e3 07 48 c1 ea 03 83 c3 03 0f b6 04 02 38 c3 7c 08 84 c0 0f 85 d1 01 00 00 8b 3d 33 e6 77 09 <85> ff 0f 85 ed fd ff ff 48 c7 c0 88 c9 cd 89 48 ba 00 00 00 00 00 [ 3502.189751] RSP: 0018:ffff8880aa37fa18 EFLAGS: 00000097 [ 3502.189759] RAX: 0000000000000004 RBX: 0000000000000003 RCX: 1ffffffff1279058 [ 3502.189765] RDX: 1ffffffff1594754 RSI: ffffffff8170517e RDI: 0000000000000000 [ 3502.189771] RBP: ffff8880aa37fa28 R08: ffff8880aa36c280 R09: 0000000000000000 [ 3502.189777] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff8755e7c8 [ 3502.189782] R13: ffffffff8148da06 R14: ffffffff8755e7c8 R15: 0000000000000000 [ 3502.189789] FS: 0000000000000000(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 3502.189794] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3502.189800] CR2: 000000000045af1f CR3: 0000000095b41000 CR4: 00000000001406f0 [ 3502.189806] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3502.189812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 3502.189815] Call Trace: [ 3502.189819] trace_hardirqs_on+0x67/0x220 [ 3502.189823] _raw_spin_unlock_irq+0x28/0x90 [ 3502.189827] finish_task_switch+0x146/0x7c0 [ 3502.189831] ? finish_task_switch+0x118/0x7c0 [ 3502.189834] ? switch_mm_irqs_off+0x2de/0x1360 [ 3502.189838] __schedule+0x86e/0x1dc0 [ 3502.189842] ? firmware_map_remove+0x1a7/0x1a7 [ 3502.189846] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 3502.189851] ? lockdep_hardirqs_on+0x415/0x5d0 [ 3502.189854] ? trace_hardirqs_on+0x67/0x220 [ 3502.189858] schedule+0x92/0x1c0 [ 3502.189861] schedule_timeout+0x4db/0xfc0 [ 3502.189865] ? usleep_range+0x170/0x170 [ 3502.189869] ? trace_hardirqs_on+0x67/0x220 [ 3502.189873] ? __next_timer_interrupt+0x1a0/0x1a0 [ 3502.189877] ? prepare_to_swait_exclusive+0x120/0x120 [ 3502.189881] rcu_gp_kthread+0xd5c/0x2190 [ 3502.189885] ? rcu_blocking_is_gp+0x90/0x90 [ 3502.189889] ? trace_hardirqs_on+0x67/0x220 [ 3502.189894] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 3502.189898] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3502.189902] ? __kthread_parkme+0xfb/0x1b0 [ 3502.189906] kthread+0x354/0x420 [ 3502.189910] ? rcu_blocking_is_gp+0x90/0x90 [ 3502.189914] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3502.189918] ret_from_fork+0x24/0x30 [ 3502.208972] Kernel panic - not syncing: hung_task: blocked tasks [ 3502.443022] CPU: 1 PID: 1077 Comm: khungtaskd Not tainted 4.19.95-syzkaller #0 [ 3502.450398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3502.459765] Call Trace: [ 3502.462366] dump_stack+0x197/0x210 [ 3502.466002] panic+0x26a/0x50e [ 3502.469200] ? __warn_printk+0xf3/0xf3 [ 3502.473093] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 3502.478031] ? ___preempt_schedule+0x16/0x18 [ 3502.482463] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 3502.487926] ? nmi_trigger_cpumask_backtrace+0x1c1/0x1f8 [ 3502.493383] ? nmi_trigger_cpumask_backtrace+0x1cb/0x1f8 [ 3502.498865] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 3502.504325] watchdog+0x9f0/0xee0 [ 3502.507799] kthread+0x354/0x420 [ 3502.511169] ? reset_hung_task_detector+0x30/0x30 [ 3502.516019] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 3502.521744] ret_from_fork+0x24/0x30 [ 3502.527068] Kernel Offset: disabled [ 3502.531662] Rebooting in 86400 seconds..