000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004c5eb77382fa41f1495aacc8e053c2fe8010e70d14a702648e277f77d069b0f444be3a8baa613bbb936ba830ec70448f83dbcddd9f13996dfed4e73bb84c9508c29d28719e428e0a0f4b898973bd3d199f8967e0e5bb0b615f7435a8e7bc4c143f57c876378cee4ca55fae6e986768c96d3683e20db86a7ef443426e2c389c69659e4726bd15cb"], 0x7ef)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x14, 0x5, 0x3, 0x101, 0x210, 0xffffffffffffffff, 0x0, [], 0x0, r3, 0x0, 0x5, 0x400003}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)

[  998.770184][ T1822] oom_reaper: reaped process 25090 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:10 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:10 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:11 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, 0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[  999.645183][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[  999.658092][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[  999.666813][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  999.667791][T21853] Call Trace:
[  999.667791][T21853]  dump_stack+0x1c9/0x220
[  999.667791][T21853]  dump_header+0x1e7/0xd00
[  999.667791][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[  999.667791][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  999.667791][T21853]  ? ___ratelimit+0x542/0x720
[  999.667791][T21853]  ? task_will_free_mem+0x2c9/0x830
[  999.667791][T21853]  oom_kill_process+0x216/0x580
[  999.667791][T21853]  out_of_memory+0x181e/0x1cc0
[  999.667791][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[  999.667791][T21853]  alloc_pages_current+0x67d/0x990
[  999.667791][T21853]  ion_page_pool_alloc+0x6db/0x830
[  999.667791][T21853]  ? kmsan_get_metadata+0x11d/0x180
[  999.667791][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[  999.667791][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[  999.667791][T21853]  ion_ioctl+0x79d/0x1fc0
[  999.667791][T21853]  ? debug_shrink_set+0x220/0x220
[  999.667791][T21853]  __se_sys_ioctl+0x2e9/0x410
[  999.667791][T21853]  __x64_sys_ioctl+0x4a/0x70
[  999.667791][T21853]  do_syscall_64+0xb8/0x160
[  999.667791][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[  999.667791][T21853] RIP: 0033:0x45cb29
[  999.667791][T21853] Code: Bad RIP value.
[  999.667791][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  999.667791][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[  999.667791][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[  999.667791][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[  999.667791][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[  999.667791][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[  999.841708][T21853] Mem-Info:
[  999.845100][T21853] active_anon:211840 inactive_anon:6859 isolated_anon:0
[  999.845100][T21853]  active_file:5750 inactive_file:50125 isolated_file:0
[  999.845100][T21853]  unevictable:0 dirty:97 writeback:17 unstable:0
[  999.845100][T21853]  slab_reclaimable:5657 slab_unreclaimable:24906
[  999.845100][T21853]  mapped:58824 shmem:7095 pagetables:6657 bounce:0
[  999.845100][T21853]  free:84191 free_pcp:783 free_cma:0
[  999.883793][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123660kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[  999.912547][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  999.941724][T21853] lowmem_reserve[]: 0 996 1224 1224
[  999.947134][T21853] Node 0 DMA32 free:43140kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1500kB free_cma:0kB
[  999.978860][T21853] lowmem_reserve[]: 0 0 228 228
[  999.984042][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:316kB free_cma:0kB
[ 1000.016195][T21853] lowmem_reserve[]: 0 0 0 0
[ 1000.020775][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1000.032871][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 150*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43140kB
[ 1000.049241][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1000.064542][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1000.074355][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1000.083875][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:16:12 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1000.093603][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1000.103026][T21853] 27064 total pagecache pages
[ 1000.107760][T21853] 0 pages in swap cache
[ 1000.112090][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1000.118188][T21853] Free swap  = 0kB
[ 1000.122210][T21853] Total swap = 0kB
[ 1000.126057][T21853] 1965979 pages RAM
[ 1000.129958][T21853] 0 pages HighMem/MovableOnly
[ 1000.134860][T21853] 1423249 pages reserved
[ 1000.139135][T21853] 0 pages cma reserved
16:16:12 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x47, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x200011c0}], 0xbf, 0x0)

[ 1000.143394][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=25047,uid=0
[ 1000.158351][T21853] Out of memory: Killed process 25047 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1000.242268][ T1822] oom_reaper: reaped process 25047 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:12 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:12 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:13 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:13 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(0x0, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x47, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x200011c0}], 0xbf, 0x0)

16:16:13 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:13 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:13 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1002.122383][  T761] tipc: TX() has been purged, node left!
[ 1002.139796][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1002.152897][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1002.161621][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1002.162633][T21853] Call Trace:
[ 1002.162633][T21853]  dump_stack+0x1c9/0x220
[ 1002.162633][T21853]  dump_header+0x1e7/0xd00
[ 1002.162633][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1002.162633][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1002.162633][T21853]  ? ___ratelimit+0x542/0x720
[ 1002.162633][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1002.162633][T21853]  oom_kill_process+0x216/0x580
[ 1002.162633][T21853]  out_of_memory+0x181e/0x1cc0
[ 1002.162633][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1002.162633][T21853]  alloc_pages_current+0x67d/0x990
[ 1002.162633][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1002.162633][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1002.162633][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1002.162633][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1002.162633][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1002.162633][T21853]  ? debug_shrink_set+0x220/0x220
[ 1002.162633][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1002.162633][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1002.162633][T21853]  do_syscall_64+0xb8/0x160
[ 1002.162633][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1002.162633][T21853] RIP: 0033:0x45cb29
[ 1002.162633][T21853] Code: Bad RIP value.
[ 1002.162633][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1002.162633][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1002.162633][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1002.162633][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1002.162633][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1002.162633][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1002.337764][T21853] Mem-Info:
[ 1002.341035][T21853] active_anon:210925 inactive_anon:6859 isolated_anon:0
[ 1002.341035][T21853]  active_file:5766 inactive_file:49981 isolated_file:0
[ 1002.341035][T21853]  unevictable:0 dirty:89 writeback:0 unstable:0
[ 1002.341035][T21853]  slab_reclaimable:5658 slab_unreclaimable:24882
[ 1002.341035][T21853]  mapped:58711 shmem:7095 pagetables:6696 bounce:0
[ 1002.341035][T21853]  free:85483 free_pcp:783 free_cma:0
[ 1002.379111][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123672kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1002.407988][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1002.437153][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1002.442570][T21853] Node 0 DMA32 free:43140kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1500kB free_cma:0kB
[ 1002.474314][T21853] lowmem_reserve[]: 0 0 228 228
[ 1002.479240][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:316kB free_cma:0kB
[ 1002.511740][T21853] lowmem_reserve[]: 0 0 0 0
[ 1002.516427][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1002.528521][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 150*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43140kB
[ 1002.545030][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1002.560382][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1002.570162][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1002.579945][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1002.589713][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1002.599233][T21853] 26966 total pagecache pages
[ 1002.604113][T21853] 0 pages in swap cache
[ 1002.608323][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1002.614631][T21853] Free swap  = 0kB
[ 1002.618392][T21853] Total swap = 0kB
[ 1002.622452][T21853] 1965979 pages RAM
[ 1002.626290][T21853] 0 pages HighMem/MovableOnly
[ 1002.631001][T21853] 1423249 pages reserved
[ 1002.635424][T21853] 0 pages cma reserved
[ 1002.639541][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24972,uid=0
[ 1002.654577][T21853] Out of memory: Killed process 24972 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1002.762638][ T1822] oom_reaper: reaped process 24972 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:14 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:14 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(0x0, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x47, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x200011c0}], 0xbf, 0x0)

16:16:15 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:15 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1003.261066][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1003.274017][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1003.282748][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1003.283663][T21853] Call Trace:
[ 1003.283663][T21853]  dump_stack+0x1c9/0x220
[ 1003.283663][T21853]  dump_header+0x1e7/0xd00
[ 1003.283663][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1003.283663][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1003.283663][T21853]  ? ___ratelimit+0x542/0x720
[ 1003.283663][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1003.283663][T21853]  oom_kill_process+0x216/0x580
[ 1003.283663][T21853]  out_of_memory+0x181e/0x1cc0
[ 1003.283663][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1003.283663][T21853]  alloc_pages_current+0x67d/0x990
[ 1003.283663][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1003.283663][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1003.283663][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1003.283663][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1003.283663][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1003.283663][T21853]  ? debug_shrink_set+0x220/0x220
[ 1003.283663][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1003.283663][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1003.283663][T21853]  do_syscall_64+0xb8/0x160
[ 1003.283663][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1003.283663][T21853] RIP: 0033:0x45cb29
[ 1003.283663][T21853] Code: Bad RIP value.
[ 1003.283663][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1003.283663][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1003.283663][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1003.283663][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1003.283663][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1003.283663][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1003.457398][T21853] Mem-Info:
[ 1003.460681][T21853] active_anon:209850 inactive_anon:6858 isolated_anon:0
[ 1003.460681][T21853]  active_file:5781 inactive_file:50082 isolated_file:0
[ 1003.460681][T21853]  unevictable:0 dirty:95 writeback:0 unstable:0
[ 1003.460681][T21853]  slab_reclaimable:5658 slab_unreclaimable:24861
[ 1003.460681][T21853]  mapped:58843 shmem:7095 pagetables:6643 bounce:0
[ 1003.460681][T21853]  free:86554 free_pcp:783 free_cma:0
[ 1003.499401][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123676kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1003.528107][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1003.557171][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1003.562588][T21853] Node 0 DMA32 free:43140kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1500kB free_cma:0kB
[ 1003.594298][T21853] lowmem_reserve[]: 0 0 228 228
[ 1003.599238][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:316kB free_cma:0kB
[ 1003.631256][T21853] lowmem_reserve[]: 0 0 0 0
[ 1003.636070][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1003.648189][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 151*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43172kB
[ 1003.664582][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1003.679870][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1003.689615][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1003.699135][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1003.708901][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1003.718346][T21853] 26923 total pagecache pages
[ 1003.723149][T21853] 0 pages in swap cache
[ 1003.727370][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1003.733730][T21853] Free swap  = 0kB
[ 1003.737479][T21853] Total swap = 0kB
[ 1003.741260][T21853] 1965979 pages RAM
[ 1003.745258][T21853] 0 pages HighMem/MovableOnly
[ 1003.749983][T21853] 1423249 pages reserved
[ 1003.754502][T21853] 0 pages cma reserved
[ 1003.758618][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24948,uid=0
[ 1003.773597][T21853] Out of memory: Killed process 24948 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1003.809655][ T1822] oom_reaper: reaped process 24948 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:16 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(0x0, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x47, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x200011c0}], 0xbf, 0x0)

16:16:16 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:16 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:16 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:17 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, 0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:17 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:17 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:17 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:17 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1006.800384][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1006.813183][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1006.821903][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1006.826010][T21853] Call Trace:
[ 1006.826010][T21853]  dump_stack+0x1c9/0x220
[ 1006.826010][T21853]  dump_header+0x1e7/0xd00
[ 1006.826010][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1006.826010][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1006.826010][T21853]  ? ___ratelimit+0x542/0x720
[ 1006.826010][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1006.826010][T21853]  oom_kill_process+0x216/0x580
[ 1006.826010][T21853]  out_of_memory+0x181e/0x1cc0
[ 1006.826010][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1006.826010][T21853]  alloc_pages_current+0x67d/0x990
[ 1006.826010][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1006.826010][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1006.826010][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1006.826010][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1006.906126][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1006.906126][T21853]  ? debug_shrink_set+0x220/0x220
[ 1006.906126][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1006.906126][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1006.906126][T21853]  do_syscall_64+0xb8/0x160
[ 1006.906126][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1006.906126][T21853] RIP: 0033:0x45cb29
[ 1006.906126][T21853] Code: Bad RIP value.
[ 1006.906126][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1006.906126][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1006.906126][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1006.906126][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1006.906126][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1006.906126][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1006.996712][T21853] Mem-Info:
[ 1006.999980][T21853] active_anon:209871 inactive_anon:6860 isolated_anon:0
[ 1006.999980][T21853]  active_file:5766 inactive_file:50061 isolated_file:0
[ 1006.999980][T21853]  unevictable:0 dirty:119 writeback:15 unstable:0
[ 1006.999980][T21853]  slab_reclaimable:5658 slab_unreclaimable:24869
[ 1006.999980][T21853]  mapped:58694 shmem:7096 pagetables:6688 bounce:0
[ 1006.999980][T21853]  free:86380 free_pcp:783 free_cma:0
16:16:18 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:19 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, 0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1007.038505][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123680kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1007.067600][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
16:16:19 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1007.097485][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1007.102911][T21853] Node 0 DMA32 free:43172kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1007.134579][T21853] lowmem_reserve[]: 0 0 228 228
[ 1007.139765][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1007.171860][T21853] lowmem_reserve[]: 0 0 0 0
[ 1007.176444][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1007.188483][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 151*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43172kB
[ 1007.204907][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1007.220174][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1007.229950][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1007.239458][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:16:19 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1007.249196][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1007.258659][T21853] 27027 total pagecache pages
[ 1007.263513][T21853] 0 pages in swap cache
[ 1007.267718][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1007.273984][T21853] Free swap  = 0kB
[ 1007.277744][T21853] Total swap = 0kB
[ 1007.281506][T21853] 1965979 pages RAM
[ 1007.285558][T21853] 0 pages HighMem/MovableOnly
[ 1007.290322][T21853] 1423249 pages reserved
[ 1007.294738][T21853] 0 pages cma reserved
16:16:19 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(0xffffffffffffffff, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1007.298859][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24927,uid=0
[ 1007.313857][T21853] Out of memory: Killed process 24927 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1007.395271][ T1822] oom_reaper: reaped process 24927 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:20 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:20 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(r0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r0, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:20 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:20 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1008.647433][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1008.660379][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1008.669114][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1008.670025][T21853] Call Trace:
[ 1008.670025][T21853]  dump_stack+0x1c9/0x220
[ 1008.670025][T21853]  dump_header+0x1e7/0xd00
[ 1008.670025][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1008.670025][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1008.670025][T21853]  ? ___ratelimit+0x542/0x720
[ 1008.670025][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1008.670025][T21853]  oom_kill_process+0x216/0x580
[ 1008.670025][T21853]  out_of_memory+0x181e/0x1cc0
[ 1008.670025][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1008.670025][T21853]  alloc_pages_current+0x67d/0x990
[ 1008.670025][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1008.670025][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1008.670025][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1008.670025][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1008.670025][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1008.670025][T21853]  ? debug_shrink_set+0x220/0x220
[ 1008.670025][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1008.670025][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1008.670025][T21853]  do_syscall_64+0xb8/0x160
[ 1008.670025][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1008.670025][T21853] RIP: 0033:0x45cb29
[ 1008.670025][T21853] Code: Bad RIP value.
[ 1008.670025][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1008.670025][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1008.670025][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1008.670025][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1008.670025][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1008.670025][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1008.843515][T21853] Mem-Info:
[ 1008.846774][T21853] active_anon:208915 inactive_anon:6859 isolated_anon:0
[ 1008.846774][T21853]  active_file:5821 inactive_file:50061 isolated_file:0
[ 1008.846774][T21853]  unevictable:0 dirty:110 writeback:11 unstable:0
[ 1008.846774][T21853]  slab_reclaimable:5658 slab_unreclaimable:24855
[ 1008.846774][T21853]  mapped:58723 shmem:7095 pagetables:6804 bounce:0
[ 1008.846774][T21853]  free:87201 free_pcp:783 free_cma:0
[ 1008.885025][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123680kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1008.913730][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1008.942932][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1008.948205][T21853] Node 0 DMA32 free:43172kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1500kB free_cma:0kB
[ 1008.979963][T21853] lowmem_reserve[]: 0 0 228 228
[ 1008.985015][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:316kB free_cma:0kB
[ 1009.017030][T21853] lowmem_reserve[]: 0 0 0 0
[ 1009.021610][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1009.037638][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 152*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43204kB
[ 1009.054022][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1009.069282][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1009.078992][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1009.088440][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1009.098170][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1009.107606][T21853] 27075 total pagecache pages
[ 1009.112427][T21853] 0 pages in swap cache
[ 1009.116629][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1009.122870][T21853] Free swap  = 0kB
[ 1009.126640][T21853] Total swap = 0kB
[ 1009.130398][T21853] 1965979 pages RAM
[ 1009.134366][T21853] 0 pages HighMem/MovableOnly
[ 1009.139094][T21853] 1423249 pages reserved
[ 1009.143562][T21853] 0 pages cma reserved
[ 1009.147792][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24925,uid=0
[ 1009.162751][T21853] Out of memory: Killed process 24925 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:16:21 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, 0x0, 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1009.199124][ T1822] oom_reaper: reaped process 24925 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:21 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:21 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:22 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(r0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r0, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:22 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

16:16:22 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:22 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:22 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(r0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r0, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:23 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

[ 1011.308261][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1011.321117][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1011.329842][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1011.330845][T21853] Call Trace:
[ 1011.330845][T21853]  dump_stack+0x1c9/0x220
[ 1011.330845][T21853]  dump_header+0x1e7/0xd00
[ 1011.330845][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1011.330845][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1011.330845][T21853]  ? ___ratelimit+0x542/0x720
[ 1011.330845][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1011.330845][T21853]  oom_kill_process+0x216/0x580
[ 1011.330845][T21853]  out_of_memory+0x181e/0x1cc0
[ 1011.330845][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1011.330845][T21853]  alloc_pages_current+0x67d/0x990
[ 1011.330845][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1011.330845][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1011.330845][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1011.330845][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1011.330845][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1011.330845][T21853]  ? debug_shrink_set+0x220/0x220
[ 1011.330845][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1011.330845][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1011.330845][T21853]  do_syscall_64+0xb8/0x160
[ 1011.330845][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1011.330845][T21853] RIP: 0033:0x45cb29
[ 1011.330845][T21853] Code: Bad RIP value.
[ 1011.330845][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1011.330845][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1011.330845][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1011.330845][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1011.330845][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1011.330845][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1011.504525][T21853] Mem-Info:
[ 1011.507788][T21853] active_anon:208446 inactive_anon:6859 isolated_anon:0
[ 1011.507788][T21853]  active_file:5749 inactive_file:50072 isolated_file:0
[ 1011.507788][T21853]  unevictable:0 dirty:102 writeback:0 unstable:0
[ 1011.507788][T21853]  slab_reclaimable:5658 slab_unreclaimable:24874
[ 1011.507788][T21853]  mapped:58737 shmem:7095 pagetables:6852 bounce:0
[ 1011.507788][T21853]  free:87708 free_pcp:783 free_cma:0
[ 1011.545949][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123684kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1011.574707][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1011.603832][T21853] lowmem_reserve[]: 0 996 1224 1224
16:16:23 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1011.609103][T21853] Node 0 DMA32 free:43204kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1011.641274][T21853] lowmem_reserve[]: 0 0 228 228
16:16:23 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1011.646301][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1011.678237][T21853] lowmem_reserve[]: 0 0 0 0
[ 1011.682990][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1011.695052][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 152*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43204kB
[ 1011.711566][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1011.726874][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1011.736640][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1011.746065][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1011.755818][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1011.765290][T21853] 26938 total pagecache pages
[ 1011.770002][T21853] 0 pages in swap cache
[ 1011.774379][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1011.780488][T21853] Free swap  = 0kB
[ 1011.784596][T21853] Total swap = 0kB
[ 1011.788407][T21853] 1965979 pages RAM
[ 1011.792420][T21853] 0 pages HighMem/MovableOnly
[ 1011.797135][T21853] 1423249 pages reserved
[ 1011.801406][T21853] 0 pages cma reserved
16:16:23 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1011.805682][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24904,uid=0
[ 1011.820747][T21853] Out of memory: Killed process 24904 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1011.895763][ T1822] oom_reaper: reaped process 24904 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:23 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

[ 1012.491791][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1012.505430][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1012.514151][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1012.514738][T21853] Call Trace:
[ 1012.514738][T21853]  dump_stack+0x1c9/0x220
[ 1012.514738][T21853]  dump_header+0x1e7/0xd00
[ 1012.514738][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1012.514738][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1012.514738][T21853]  ? ___ratelimit+0x542/0x720
[ 1012.514738][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1012.514738][T21853]  oom_kill_process+0x216/0x580
[ 1012.562026][T21853]  out_of_memory+0x181e/0x1cc0
[ 1012.562026][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1012.562026][T21853]  alloc_pages_current+0x67d/0x990
[ 1012.562026][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1012.562026][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1012.562026][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1012.562026][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1012.562026][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1012.562026][T21853]  ? debug_shrink_set+0x220/0x220
[ 1012.562026][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1012.562026][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1012.562026][T21853]  do_syscall_64+0xb8/0x160
[ 1012.562026][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1012.562026][T21853] RIP: 0033:0x45cb29
[ 1012.562026][T21853] Code: Bad RIP value.
[ 1012.562026][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1012.562026][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1012.562026][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1012.562026][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1012.562026][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1012.562026][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1012.688600][T21853] Mem-Info:
[ 1012.691858][T21853] active_anon:207741 inactive_anon:6859 isolated_anon:0
[ 1012.691858][T21853]  active_file:5767 inactive_file:50135 isolated_file:0
[ 1012.691858][T21853]  unevictable:0 dirty:125 writeback:17 unstable:0
[ 1012.691858][T21853]  slab_reclaimable:5658 slab_unreclaimable:24874
[ 1012.691858][T21853]  mapped:58848 shmem:7095 pagetables:6927 bounce:0
[ 1012.691858][T21853]  free:88275 free_pcp:783 free_cma:0
[ 1012.730278][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:116kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123684kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1012.759192][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1012.788308][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1012.793721][T21853] Node 0 DMA32 free:43204kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1012.825459][T21853] lowmem_reserve[]: 0 0 228 228
16:16:24 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1012.830413][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1012.862556][T21853] lowmem_reserve[]: 0 0 0 0
[ 1012.867672][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1012.879845][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 152*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43204kB
[ 1012.896295][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1012.911641][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1012.921425][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1012.930946][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1012.940726][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1012.951509][T21853] 27058 total pagecache pages
[ 1012.956407][T21853] 0 pages in swap cache
[ 1012.960598][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1012.966843][T21853] Free swap  = 0kB
[ 1012.970595][T21853] Total swap = 0kB
[ 1012.974542][T21853] 1965979 pages RAM
[ 1012.978379][T21853] 0 pages HighMem/MovableOnly
[ 1012.983230][T21853] 1423249 pages reserved
[ 1012.987500][T21853] 0 pages cma reserved
[ 1012.991620][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24878,uid=0
[ 1013.006659][T21853] Out of memory: Killed process 24878 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1013.064107][ T1822] oom_reaper: reaped process 24878 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:25 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:25 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:25 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

16:16:25 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480), 0x0, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1013.572935][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1013.586381][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1013.595109][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1013.595521][T21853] Call Trace:
[ 1013.595521][T21853]  dump_stack+0x1c9/0x220
[ 1013.612356][T21853]  dump_header+0x1e7/0xd00
[ 1013.612356][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1013.612356][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1013.612356][T21853]  ? ___ratelimit+0x542/0x720
[ 1013.612356][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1013.612356][T21853]  oom_kill_process+0x216/0x580
[ 1013.641390][T21853]  out_of_memory+0x181e/0x1cc0
[ 1013.641390][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1013.641390][T21853]  alloc_pages_current+0x67d/0x990
[ 1013.641390][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1013.641390][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1013.641390][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1013.641390][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1013.641390][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1013.641390][T21853]  ? debug_shrink_set+0x220/0x220
[ 1013.641390][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1013.641390][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1013.641390][T21853]  do_syscall_64+0xb8/0x160
[ 1013.641390][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1013.641390][T21853] RIP: 0033:0x45cb29
[ 1013.641390][T21853] Code: Bad RIP value.
[ 1013.641390][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1013.641390][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1013.641390][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1013.641390][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1013.641390][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1013.641390][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1013.769178][T21853] Mem-Info:
[ 1013.772540][T21853] active_anon:206561 inactive_anon:6859 isolated_anon:0
[ 1013.772540][T21853]  active_file:5765 inactive_file:50125 isolated_file:0
[ 1013.772540][T21853]  unevictable:0 dirty:79 writeback:0 unstable:0
[ 1013.772540][T21853]  slab_reclaimable:5658 slab_unreclaimable:24890
[ 1013.772540][T21853]  mapped:58734 shmem:7095 pagetables:6791 bounce:0
[ 1013.772540][T21853]  free:89391 free_pcp:783 free_cma:0
[ 1013.810573][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123684kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1013.839273][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1013.868340][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1013.873766][T21853] Node 0 DMA32 free:43204kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1013.905456][T21853] lowmem_reserve[]: 0 0 228 228
[ 1013.910393][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1013.943017][T21853] lowmem_reserve[]: 0 0 0 0
[ 1013.947605][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1013.959664][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1013.976083][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1013.991362][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.001127][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1014.010658][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.020397][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1014.029855][T21853] 27084 total pagecache pages
[ 1014.034713][T21853] 0 pages in swap cache
[ 1014.038912][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1014.045198][T21853] Free swap  = 0kB
[ 1014.048943][T21853] Total swap = 0kB
[ 1014.052865][T21853] 1965979 pages RAM
[ 1014.056779][T21853] 0 pages HighMem/MovableOnly
[ 1014.061558][T21853] 1423249 pages reserved
[ 1014.066001][T21853] 0 pages cma reserved
[ 1014.070125][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24862,uid=0
[ 1014.085207][T21853] Out of memory: Killed process 24862 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1014.133794][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1014.134143][ T1822] oom_reaper: reaped process 24862 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1014.146454][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1014.146483][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1014.146501][T21853] Call Trace:
[ 1014.146573][T21853]  dump_stack+0x1c9/0x220
[ 1014.146639][T21853]  dump_header+0x1e7/0xd00
[ 1014.146727][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1014.188844][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1014.188844][T21853]  ? ___ratelimit+0x542/0x720
[ 1014.188844][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1014.188844][T21853]  oom_kill_process+0x216/0x580
[ 1014.188844][T21853]  out_of_memory+0x181e/0x1cc0
[ 1014.188844][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1014.188844][T21853]  alloc_pages_current+0x67d/0x990
[ 1014.188844][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1014.188844][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1014.188844][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1014.188844][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1014.188844][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1014.188844][T21853]  ? debug_shrink_set+0x220/0x220
[ 1014.188844][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1014.188844][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1014.188844][T21853]  do_syscall_64+0xb8/0x160
[ 1014.188844][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1014.188844][T21853] RIP: 0033:0x45cb29
[ 1014.188844][T21853] Code: Bad RIP value.
[ 1014.188844][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1014.188844][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1014.188844][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1014.188844][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1014.188844][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1014.188844][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1014.340761][T21853] Mem-Info:
[ 1014.344281][T21853] active_anon:205521 inactive_anon:6859 isolated_anon:0
[ 1014.344281][T21853]  active_file:5766 inactive_file:50126 isolated_file:0
[ 1014.344281][T21853]  unevictable:0 dirty:74 writeback:0 unstable:0
[ 1014.344281][T21853]  slab_reclaimable:5658 slab_unreclaimable:24885
[ 1014.344281][T21853]  mapped:58715 shmem:7095 pagetables:6781 bounce:0
[ 1014.344281][T21853]  free:90480 free_pcp:783 free_cma:0
[ 1014.382640][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123692kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1014.411429][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1014.440589][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1014.446018][T21853] Node 0 DMA32 free:43236kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1014.477736][T21853] lowmem_reserve[]: 0 0 228 228
[ 1014.482807][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1014.514942][T21853] lowmem_reserve[]: 0 0 0 0
[ 1014.519544][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1014.531717][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1014.548285][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1014.563573][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.573336][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1014.582921][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1014.592680][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1014.602200][T21853] 27084 total pagecache pages
[ 1014.606921][T21853] 0 pages in swap cache
[ 1014.611218][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1014.617473][T21853] Free swap  = 0kB
[ 1014.621260][T21853] Total swap = 0kB
[ 1014.625202][T21853] 1965979 pages RAM
[ 1014.629044][T21853] 0 pages HighMem/MovableOnly
[ 1014.633919][T21853] 1423249 pages reserved
[ 1014.638198][T21853] 0 pages cma reserved
[ 1014.642512][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24796,uid=0
[ 1014.657545][T21853] Out of memory: Killed process 24796 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1014.694606][ T1822] oom_reaper: reaped process 24796 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:27 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:27 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:27 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

16:16:27 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:27 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:28 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:28 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1016.671927][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1016.684629][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1016.693347][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1016.694491][T21853] Call Trace:
[ 1016.694491][T21853]  dump_stack+0x1c9/0x220
[ 1016.694491][T21853]  dump_header+0x1e7/0xd00
[ 1016.694491][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1016.694491][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1016.694491][T21853]  ? ___ratelimit+0x542/0x720
[ 1016.694491][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1016.694491][T21853]  oom_kill_process+0x216/0x580
[ 1016.694491][T21853]  out_of_memory+0x181e/0x1cc0
[ 1016.694491][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1016.694491][T21853]  alloc_pages_current+0x67d/0x990
[ 1016.694491][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1016.694491][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1016.694491][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1016.694491][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1016.694491][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1016.694491][T21853]  ? debug_shrink_set+0x220/0x220
[ 1016.694491][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1016.694491][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1016.694491][T21853]  do_syscall_64+0xb8/0x160
[ 1016.694491][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1016.694491][T21853] RIP: 0033:0x45cb29
[ 1016.694491][T21853] Code: Bad RIP value.
[ 1016.694491][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1016.694491][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1016.694491][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1016.694491][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1016.694491][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1016.694491][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1016.868503][T21853] Mem-Info:
16:16:28 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

[ 1016.871768][T21853] active_anon:204652 inactive_anon:6859 isolated_anon:0
[ 1016.871768][T21853]  active_file:5783 inactive_file:50076 isolated_file:0
[ 1016.871768][T21853]  unevictable:0 dirty:93 writeback:0 unstable:0
[ 1016.871768][T21853]  slab_reclaimable:5658 slab_unreclaimable:24883
[ 1016.871768][T21853]  mapped:58879 shmem:7095 pagetables:6934 bounce:0
[ 1016.871768][T21853]  free:91178 free_pcp:783 free_cma:0
16:16:28 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

[ 1016.909983][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123700kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1016.938711][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1016.967738][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1016.973146][T21853] Node 0 DMA32 free:43236kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1017.005193][T21853] lowmem_reserve[]: 0 0 228 228
[ 1017.010145][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1017.042089][T21853] lowmem_reserve[]: 0 0 0 0
[ 1017.046685][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1017.058792][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1017.075270][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1017.090556][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1017.100357][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1017.109862][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:16:29 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1017.119605][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1017.129081][T21853] 27083 total pagecache pages
[ 1017.133941][T21853] 0 pages in swap cache
[ 1017.138151][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1017.144388][T21853] Free swap  = 0kB
[ 1017.148139][T21853] Total swap = 0kB
[ 1017.152058][T21853] 1965979 pages RAM
[ 1017.155899][T21853] 0 pages HighMem/MovableOnly
[ 1017.160684][T21853] 1423249 pages reserved
[ 1017.165110][T21853] 0 pages cma reserved
[ 1017.169289][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24780,uid=0
[ 1017.184248][T21853] Out of memory: Killed process 24780 (syz-executor.1) total-vm:74848kB, anon-rss:4264kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1017.256682][ T1822] oom_reaper: reaped process 24780 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:29 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1017.455736][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1017.468506][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1017.477247][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1017.478311][T21853] Call Trace:
[ 1017.490293][T21853]  dump_stack+0x1c9/0x220
[ 1017.490293][T21853]  dump_header+0x1e7/0xd00
[ 1017.490293][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1017.490293][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1017.490293][T21853]  ? ___ratelimit+0x542/0x720
[ 1017.490293][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1017.490293][T21853]  oom_kill_process+0x216/0x580
[ 1017.490293][T21853]  out_of_memory+0x181e/0x1cc0
[ 1017.490293][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1017.490293][T21853]  alloc_pages_current+0x67d/0x990
[ 1017.490293][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1017.490293][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1017.490293][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1017.490293][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1017.490293][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1017.490293][T21853]  ? debug_shrink_set+0x220/0x220
[ 1017.490293][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1017.490293][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1017.490293][T21853]  do_syscall_64+0xb8/0x160
[ 1017.490293][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1017.490293][T21853] RIP: 0033:0x45cb29
[ 1017.490293][T21853] Code: Bad RIP value.
[ 1017.490293][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1017.490293][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1017.490293][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1017.490293][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1017.490293][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1017.490293][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1017.651713][T21853] Mem-Info:
[ 1017.655121][T21853] active_anon:203543 inactive_anon:6859 isolated_anon:0
[ 1017.655121][T21853]  active_file:5798 inactive_file:50096 isolated_file:0
[ 1017.655121][T21853]  unevictable:0 dirty:100 writeback:0 unstable:0
[ 1017.655121][T21853]  slab_reclaimable:5658 slab_unreclaimable:24889
[ 1017.655121][T21853]  mapped:58740 shmem:7095 pagetables:6797 bounce:0
[ 1017.655121][T21853]  free:92371 free_pcp:783 free_cma:0
[ 1017.693367][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123700kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1017.722072][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1017.751271][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1017.756721][T21853] Node 0 DMA32 free:43236kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1017.788356][T21853] lowmem_reserve[]: 0 0 228 228
[ 1017.793373][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1017.825263][T21853] lowmem_reserve[]: 0 0 0 0
[ 1017.829849][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1017.842048][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1017.858407][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1017.873650][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1017.883349][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1017.892775][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1017.902455][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1017.911773][T21853] 27082 total pagecache pages
[ 1017.916630][T21853] 0 pages in swap cache
[ 1017.920857][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1017.927073][T21853] Free swap  = 0kB
[ 1017.930845][T21853] Total swap = 0kB
[ 1017.934694][T21853] 1965979 pages RAM
[ 1017.938565][T21853] 0 pages HighMem/MovableOnly
[ 1017.943377][T21853] 1423249 pages reserved
[ 1017.947660][T21853] 0 pages cma reserved
[ 1017.951778][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24661,uid=0
[ 1017.966807][T21853] Out of memory: Killed process 24661 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1018.020207][ T1822] oom_reaper: reaped process 24661 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1018.032382][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1018.045187][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1018.053931][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1018.055069][T21853] Call Trace:
[ 1018.055069][T21853]  dump_stack+0x1c9/0x220
[ 1018.055069][T21853]  dump_header+0x1e7/0xd00
[ 1018.055069][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1018.055069][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1018.055069][T21853]  ? ___ratelimit+0x542/0x720
[ 1018.055069][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1018.055069][T21853]  oom_kill_process+0x216/0x580
[ 1018.055069][T21853]  out_of_memory+0x181e/0x1cc0
[ 1018.055069][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1018.055069][T21853]  alloc_pages_current+0x67d/0x990
[ 1018.055069][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1018.055069][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1018.055069][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1018.055069][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1018.055069][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1018.055069][T21853]  ? debug_shrink_set+0x220/0x220
[ 1018.055069][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1018.055069][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1018.055069][T21853]  do_syscall_64+0xb8/0x160
[ 1018.055069][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1018.055069][T21853] RIP: 0033:0x45cb29
[ 1018.055069][T21853] Code: Bad RIP value.
[ 1018.055069][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1018.055069][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1018.055069][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1018.055069][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1018.055069][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1018.055069][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1018.228456][T21853] Mem-Info:
[ 1018.231738][T21853] active_anon:202497 inactive_anon:6859 isolated_anon:0
[ 1018.231738][T21853]  active_file:5798 inactive_file:50099 isolated_file:0
[ 1018.231738][T21853]  unevictable:0 dirty:87 writeback:17 unstable:0
[ 1018.231738][T21853]  slab_reclaimable:5658 slab_unreclaimable:24889
[ 1018.231738][T21853]  mapped:58747 shmem:7095 pagetables:6795 bounce:0
[ 1018.231738][T21853]  free:93374 free_pcp:783 free_cma:0
[ 1018.270551][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123708kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1018.299224][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1018.328325][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1018.333702][T21853] Node 0 DMA32 free:43236kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1018.365340][T21853] lowmem_reserve[]: 0 0 228 228
[ 1018.370269][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1018.402269][T21853] lowmem_reserve[]: 0 0 0 0
[ 1018.406844][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1018.418869][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1018.435203][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1018.450457][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1018.460140][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1018.469595][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1018.479412][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1018.488827][T21853] 27086 total pagecache pages
[ 1018.493637][T21853] 0 pages in swap cache
[ 1018.497861][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1018.504079][T21853] Free swap  = 0kB
[ 1018.507832][T21853] Total swap = 0kB
[ 1018.511588][T21853] 1965979 pages RAM
[ 1018.515526][T21853] 0 pages HighMem/MovableOnly
[ 1018.520231][T21853] 1423249 pages reserved
[ 1018.524593][T21853] 0 pages cma reserved
[ 1018.528737][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24643,uid=0
[ 1018.543666][T21853] Out of memory: Killed process 24643 (syz-executor.3) total-vm:74848kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1018.590792][ T1822] oom_reaper: reaped process 24643 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1019.129911][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1019.142924][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1019.151664][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1019.152484][T21853] Call Trace:
[ 1019.152484][T21853]  dump_stack+0x1c9/0x220
[ 1019.152484][T21853]  dump_header+0x1e7/0xd00
[ 1019.152484][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1019.152484][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1019.152484][T21853]  ? ___ratelimit+0x542/0x720
[ 1019.152484][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1019.152484][T21853]  oom_kill_process+0x216/0x580
[ 1019.152484][T21853]  out_of_memory+0x181e/0x1cc0
[ 1019.152484][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1019.152484][T21853]  alloc_pages_current+0x67d/0x990
[ 1019.152484][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1019.152484][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1019.152484][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1019.231986][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1019.231986][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1019.231986][T21853]  ? debug_shrink_set+0x220/0x220
[ 1019.231986][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1019.231986][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1019.231986][T21853]  do_syscall_64+0xb8/0x160
[ 1019.231986][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1019.231986][T21853] RIP: 0033:0x45cb29
[ 1019.231986][T21853] Code: Bad RIP value.
[ 1019.231986][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1019.231986][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1019.231986][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1019.231986][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1019.231986][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1019.312038][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1019.327124][T21853] Mem-Info:
[ 1019.330389][T21853] active_anon:201604 inactive_anon:6859 isolated_anon:0
[ 1019.330389][T21853]  active_file:5749 inactive_file:50126 isolated_file:0
[ 1019.330389][T21853]  unevictable:0 dirty:45 writeback:15 unstable:0
[ 1019.330389][T21853]  slab_reclaimable:5658 slab_unreclaimable:24891
[ 1019.330389][T21853]  mapped:58773 shmem:7095 pagetables:6909 bounce:0
[ 1019.330389][T21853]  free:94260 free_pcp:783 free_cma:0
[ 1019.368502][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123712kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1019.397131][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1019.426206][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1019.431493][T21853] Node 0 DMA32 free:43236kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1019.463225][T21853] lowmem_reserve[]: 0 0 228 228
[ 1019.468156][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1019.500054][T21853] lowmem_reserve[]: 0 0 0 0
[ 1019.504740][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1019.516776][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 153*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43236kB
[ 1019.533114][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1019.548517][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1019.558212][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1019.567655][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1019.577369][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1019.586780][T21853] 27065 total pagecache pages
[ 1019.591504][T21853] 0 pages in swap cache
[ 1019.595847][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1019.602089][T21853] Free swap  = 0kB
[ 1019.605837][T21853] Total swap = 0kB
[ 1019.609603][T21853] 1965979 pages RAM
[ 1019.613586][T21853] 0 pages HighMem/MovableOnly
[ 1019.618285][T21853] 1423249 pages reserved
[ 1019.622632][T21853] 0 pages cma reserved
[ 1019.626742][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=25084,uid=0
[ 1019.641739][T21853] Out of memory: Killed process 25084 (syz-executor.3) total-vm:74980kB, anon-rss:4204kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1019.731998][ T1822] oom_reaper: reaped process 25084 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:31 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:31 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:31 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:32 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000003500)=[{&(0x7f0000002500)=""/4096, 0x1000}], 0x1, 0x0)

16:16:32 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

16:16:32 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

16:16:32 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:33 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:33 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:33 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

[ 1021.551781][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1021.564863][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1021.573579][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1021.574734][T21853] Call Trace:
[ 1021.574734][T21853]  dump_stack+0x1c9/0x220
[ 1021.574734][T21853]  dump_header+0x1e7/0xd00
[ 1021.574734][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1021.574734][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1021.574734][T21853]  ? ___ratelimit+0x542/0x720
[ 1021.574734][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1021.574734][T21853]  oom_kill_process+0x216/0x580
[ 1021.574734][T21853]  out_of_memory+0x181e/0x1cc0
[ 1021.574734][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1021.574734][T21853]  alloc_pages_current+0x67d/0x990
[ 1021.574734][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1021.574734][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1021.574734][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1021.574734][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1021.574734][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1021.574734][T21853]  ? debug_shrink_set+0x220/0x220
[ 1021.574734][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1021.574734][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1021.574734][T21853]  do_syscall_64+0xb8/0x160
[ 1021.574734][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1021.574734][T21853] RIP: 0033:0x45cb29
[ 1021.574734][T21853] Code: Bad RIP value.
[ 1021.574734][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1021.574734][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1021.574734][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1021.574734][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1021.724234][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1021.724234][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1021.748683][T21853] Mem-Info:
[ 1021.752091][T21853] active_anon:200780 inactive_anon:6859 isolated_anon:0
[ 1021.752091][T21853]  active_file:5760 inactive_file:50063 isolated_file:0
[ 1021.752091][T21853]  unevictable:0 dirty:52 writeback:0 unstable:0
[ 1021.752091][T21853]  slab_reclaimable:5658 slab_unreclaimable:24890
[ 1021.752091][T21853]  mapped:58891 shmem:7095 pagetables:7041 bounce:0
[ 1021.752091][T21853]  free:95138 free_pcp:783 free_cma:0
[ 1021.790216][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123712kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1021.820872][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1021.849916][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1021.855297][T21853] Node 0 DMA32 free:43268kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1021.886965][T21853] lowmem_reserve[]: 0 0 228 228
[ 1021.892028][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1021.923954][T21853] lowmem_reserve[]: 0 0 0 0
[ 1021.928548][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1021.940621][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 154*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43268kB
[ 1021.957075][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1021.972357][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1021.982158][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1021.991492][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1022.001239][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1022.010758][T21853] 27007 total pagecache pages
[ 1022.015650][T21853] 0 pages in swap cache
[ 1022.019848][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1022.026110][T21853] Free swap  = 0kB
[ 1022.029891][T21853] Total swap = 0kB
[ 1022.033800][T21853] 1965979 pages RAM
[ 1022.037669][T21853] 0 pages HighMem/MovableOnly
[ 1022.042612][T21853] 1423249 pages reserved
[ 1022.046887][T21853] 0 pages cma reserved
[ 1022.050996][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24782,uid=0
[ 1022.065994][T21853] Out of memory: Killed process 24782 (syz-executor.3) total-vm:74848kB, anon-rss:4176kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1022.112312][ T1822] oom_reaper: reaped process 24782 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:34 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1022.323358][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1022.336109][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1022.344858][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1022.345954][T21853] Call Trace:
[ 1022.345954][T21853]  dump_stack+0x1c9/0x220
[ 1022.345954][T21853]  dump_header+0x1e7/0xd00
[ 1022.365933][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1022.368415][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1022.368415][T21853]  ? ___ratelimit+0x542/0x720
[ 1022.368415][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1022.368415][T21853]  oom_kill_process+0x216/0x580
[ 1022.368415][T21853]  out_of_memory+0x181e/0x1cc0
[ 1022.368415][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1022.368415][T21853]  alloc_pages_current+0x67d/0x990
[ 1022.368415][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1022.368415][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1022.368415][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1022.368415][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1022.368415][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1022.368415][T21853]  ? debug_shrink_set+0x220/0x220
[ 1022.368415][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1022.368415][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1022.368415][T21853]  do_syscall_64+0xb8/0x160
[ 1022.368415][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1022.368415][T21853] RIP: 0033:0x45cb29
[ 1022.368415][T21853] Code: Bad RIP value.
[ 1022.368415][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1022.368415][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1022.368415][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1022.368415][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1022.368415][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1022.368415][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1022.520182][T21853] Mem-Info:
[ 1022.523538][T21853] active_anon:199581 inactive_anon:6859 isolated_anon:0
[ 1022.523538][T21853]  active_file:5749 inactive_file:50123 isolated_file:0
[ 1022.523538][T21853]  unevictable:0 dirty:56 writeback:0 unstable:0
[ 1022.523538][T21853]  slab_reclaimable:5658 slab_unreclaimable:24904
[ 1022.523538][T21853]  mapped:58764 shmem:7095 pagetables:6934 bounce:0
[ 1022.523538][T21853]  free:96131 free_pcp:783 free_cma:0
[ 1022.561716][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123712kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1022.590543][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1022.619665][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1022.625140][T21853] Node 0 DMA32 free:43268kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2760kB local_pcp:1260kB free_cma:0kB
[ 1022.656857][T21853] lowmem_reserve[]: 0 0 228 228
[ 1022.661886][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:56kB free_cma:0kB
[ 1022.694295][T21853] lowmem_reserve[]: 0 0 0 0
[ 1022.698951][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1022.711044][T21853] Node 0 DMA32: 933*4kB (ME) 476*8kB (UM) 221*16kB (M) 154*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43268kB
[ 1022.727464][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1022.742746][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1022.752502][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1022.762026][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1022.771661][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1022.781106][T21853] 27067 total pagecache pages
[ 1022.785995][T21853] 0 pages in swap cache
[ 1022.790197][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1022.796474][T21853] Free swap  = 0kB
[ 1022.800236][T21853] Total swap = 0kB
[ 1022.804129][T21853] 1965979 pages RAM
[ 1022.807974][T21853] 0 pages HighMem/MovableOnly
[ 1022.812840][T21853] 1423249 pages reserved
[ 1022.817133][T21853] 0 pages cma reserved
16:16:34 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:34 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
dup(0xffffffffffffffff)
r1 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
process_vm_writev(r1, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

16:16:34 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

[ 1022.821263][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24797,uid=0
[ 1022.836274][T21853] Out of memory: Killed process 24797 (syz-executor.3) total-vm:74848kB, anon-rss:3980kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:16:34 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1022.882149][ T1822] oom_reaper: reaped process 24797 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:35 executing program 4:
unshare(0x400)
r0 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
ptrace$pokeuser(0x6, r0, 0x7, 0xfffffffffffffeff)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x40, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/slabinfo\x00', 0x0, 0x0)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0)='mptcp_pm\x00')
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x2c, r4, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000004}, 0x44040)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000480)={0x40, r4, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x8}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x5}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x2}]}, 0x40}, 0x1, 0x0, 0x0, 0x880}, 0x48810)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="08052dbd7000fddbdf2506000000a300030003000000080003000000000601000008000300060000010000000000"], 0x34}, 0x1, 0x0, 0x0, 0x20040000}, 0x80)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r6=>0xffffffffffffffff})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r8, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r6, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0xd8, r8, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x9c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
getsockopt$bt_BT_FLUSHABLE(r6, 0x112, 0x8, &(0x7f0000000000)=0x2950, &(0x7f0000000040)=0x4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)

16:16:35 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:35 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:35 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:36 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:36 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0)

16:16:36 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = creat(&(0x7f0000000000)='./file0\x00', 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
getsockname$packet(r3, 0x0, &(0x7f0000000140))
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, <r4=>0x0, 0x0], 0x5})
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r3, 0x4010ae74, &(0x7f0000000100)={0x80, 0x9e4, 0xa7})
ioctl$DRM_IOCTL_MODE_SETPLANE(r1, 0xc03064b7, &(0x7f00000000c0)={r4, 0x400, 0x8, 0xfffffffe, 0x3, 0x200, 0x1, 0x20, 0xe1cf, 0x7ff, 0x6, 0x401})

16:16:36 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:36 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:36 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:37 executing program 4:
unshare(0x400)
ioctl$VIDIOC_G_PRIORITY(0xffffffffffffffff, 0x80045643, 0x1)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x14, 0x7fffffff, 0x3, 0x3, 0x40, 0xffffffffffffffff, 0x20000800}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0xe, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r4 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x7c, &(0x7f0000000140)=ANY=[@ANYRES32=r5, @ANYBLOB], &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000040)=ANY=[@ANYRES32=<r6=>r5, @ANYBLOB="4700453470f66feeee5be0687f577d2fbe6f4e63c7dba1c1e29b30b4d5ee07c355a01d6b16041b05afdb356418c925dd0e5b8d71cd9b0e6a4de137a3a34300"/75], &(0x7f00000000c0)=0x4f)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000100)={r6, @in={{0x2, 0x4e22, @multicast2}}, 0x5, 0x8, 0x9, 0x9, 0x1, 0x9a1, 0x80}, 0x9c)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f0000000000)=""/62)

16:16:37 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:37 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:37 executing program 4:
unshare(0x400)
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
r2 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000040)={{0x7, 0x4, 0x3, 0x4, 'syz0\x00', 0x6000000}, 0x2, 0x30, 0x0, r2, 0xa, 0x4, 'syz1\x00', &(0x7f0000000000)=['!/{\xe0$%\x00', '!\xcb.W\\-\x00', '\x1c:([{$\xa9\x00', '+}.#\x00', '{\x00', '^\x00', '\x00', ')%\x00', '].\x00', '(+\x00'], 0x29, [], [0x2f1e, 0x3f, 0x80, 0x80]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r3, 0x0}, 0x20)

16:16:37 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:37 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

16:16:37 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:38 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1026.247466][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1026.260566][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1026.269336][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1026.270085][T21853] Call Trace:
[ 1026.270085][T21853]  dump_stack+0x1c9/0x220
[ 1026.270085][T21853]  dump_header+0x1e7/0xd00
[ 1026.270085][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1026.270085][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1026.270085][T21853]  ? ___ratelimit+0x542/0x720
[ 1026.270085][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1026.270085][T21853]  oom_kill_process+0x216/0x580
[ 1026.270085][T21853]  out_of_memory+0x181e/0x1cc0
[ 1026.270085][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1026.270085][T21853]  alloc_pages_current+0x67d/0x990
[ 1026.270085][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1026.270085][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1026.270085][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1026.270085][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1026.270085][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1026.270085][T21853]  ? debug_shrink_set+0x220/0x220
[ 1026.270085][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1026.270085][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1026.270085][T21853]  do_syscall_64+0xb8/0x160
[ 1026.270085][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1026.270085][T21853] RIP: 0033:0x45cb29
[ 1026.270085][T21853] Code: Bad RIP value.
[ 1026.270085][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1026.270085][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1026.270085][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1026.270085][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1026.270085][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1026.270085][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1026.444118][T21853] Mem-Info:
16:16:38 executing program 4:
unshare(0x400)
socket$inet(0x2, 0x2, 0x40)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x2, 0x5, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, r1}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, 0x0}, 0x20)

[ 1026.447419][T21853] active_anon:198838 inactive_anon:6859 isolated_anon:0
[ 1026.447419][T21853]  active_file:5753 inactive_file:50178 isolated_file:0
[ 1026.447419][T21853]  unevictable:0 dirty:69 writeback:0 unstable:0
[ 1026.447419][T21853]  slab_reclaimable:5658 slab_unreclaimable:24924
[ 1026.447419][T21853]  mapped:58916 shmem:7095 pagetables:7030 bounce:0
[ 1026.447419][T21853]  free:96843 free_pcp:823 free_cma:0
[ 1026.485603][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123724kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1026.514526][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1026.543614][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1026.549148][T21853] Node 0 DMA32 free:43080kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:2920kB local_pcp:1660kB free_cma:0kB
[ 1026.580819][T21853] lowmem_reserve[]: 0 0 228 228
[ 1026.585932][T21853] Node 0 Normal free:9696kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:372kB local_pcp:316kB free_cma:0kB
[ 1026.617932][T21853] lowmem_reserve[]: 0 0 0 0
[ 1026.622667][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1026.634702][T21853] Node 0 DMA32: 934*4kB (UME) 476*8kB (UM) 221*16kB (M) 148*32kB (UM) 114*64kB (UM) 62*128kB (UM) 33*256kB (M) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 43080kB
[ 1026.651234][T21853] Node 0 Normal: 926*4kB (UMH) 383*8kB (MH) 89*16kB (MH) 25*32kB (UMH) 3*64kB (UH) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9696kB
[ 1026.666460][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1026.676191][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1026.685786][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1026.695523][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1026.704954][T21853] 27143 total pagecache pages
[ 1026.709690][T21853] 0 pages in swap cache
[ 1026.714008][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1026.720114][T21853] Free swap  = 0kB
[ 1026.724010][T21853] Total swap = 0kB
[ 1026.727766][T21853] 1965979 pages RAM
[ 1026.731603][T21853] 0 pages HighMem/MovableOnly
[ 1026.736462][T21853] 1423249 pages reserved
[ 1026.740734][T21853] 0 pages cma reserved
[ 1026.745070][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24601,uid=0
[ 1026.760241][T21853] Out of memory: Killed process 24601 (syz-executor.3) total-vm:74848kB, anon-rss:3960kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1026.822195][ T1822] oom_reaper: reaped process 24601 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:38 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:39 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:39 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:39 executing program 4:
socket$inet6(0xa, 0x6, 0x8001)
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:16:39 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1028.002411][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1028.015201][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1028.023944][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1028.025030][T21853] Call Trace:
[ 1028.025030][T21853]  dump_stack+0x1c9/0x220
[ 1028.025030][T21853]  dump_header+0x1e7/0xd00
[ 1028.025030][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1028.025030][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1028.025030][T21853]  ? ___ratelimit+0x542/0x720
[ 1028.025030][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1028.025030][T21853]  oom_kill_process+0x216/0x580
[ 1028.025030][T21853]  out_of_memory+0x181e/0x1cc0
[ 1028.025030][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1028.025030][T21853]  alloc_pages_current+0x67d/0x990
[ 1028.025030][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1028.025030][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1028.025030][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1028.025030][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1028.025030][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1028.025030][T21853]  ? debug_shrink_set+0x220/0x220
[ 1028.025030][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1028.025030][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1028.025030][T21853]  do_syscall_64+0xb8/0x160
[ 1028.025030][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1028.025030][T21853] RIP: 0033:0x45cb29
[ 1028.025030][T21853] Code: Bad RIP value.
[ 1028.025030][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1028.025030][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1028.025030][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1028.025030][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1028.025030][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1028.025030][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1028.198454][T21853] Mem-Info:
[ 1028.201747][T21853] active_anon:197770 inactive_anon:6859 isolated_anon:0
[ 1028.201747][T21853]  active_file:5751 inactive_file:50083 isolated_file:0
[ 1028.201747][T21853]  unevictable:0 dirty:75 writeback:0 unstable:0
[ 1028.201747][T21853]  slab_reclaimable:5658 slab_unreclaimable:24929
[ 1028.201747][T21853]  mapped:58791 shmem:7095 pagetables:6999 bounce:0
[ 1028.201747][T21853]  free:98606 free_pcp:76 free_cma:0
[ 1028.239786][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123724kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1028.268474][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1028.297828][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1028.303273][T21853] Node 0 DMA32 free:44488kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1028.334853][T21853] lowmem_reserve[]: 0 0 228 228
[ 1028.339780][T21853] Node 0 Normal free:9468kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:116kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB
[ 1028.371892][T21853] lowmem_reserve[]: 0 0 0 0
[ 1028.376485][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1028.388601][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 219*16kB (UM) 148*32kB (UM) 122*64kB (UM) 64*128kB (UM) 34*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 44488kB
[ 1028.405193][T21853] Node 0 Normal: 929*4kB (UMH) 385*8kB (MH) 91*16kB (MH) 24*32kB (MH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9468kB
[ 1028.420571][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1028.430372][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1028.439906][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1028.449698][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1028.459196][T21853] 27022 total pagecache pages
[ 1028.464069][T21853] 0 pages in swap cache
[ 1028.468270][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1028.474704][T21853] Free swap  = 0kB
[ 1028.478478][T21853] Total swap = 0kB
[ 1028.482405][T21853] 1965979 pages RAM
[ 1028.486246][T21853] 0 pages HighMem/MovableOnly
[ 1028.491031][T21853] 1423249 pages reserved
[ 1028.495485][T21853] 0 pages cma reserved
[ 1028.499631][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=23844,uid=0
[ 1028.514637][T21853] Out of memory: Killed process 23844 (syz-executor.2) total-vm:74980kB, anon-rss:3860kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1028.595436][ T1822] oom_reaper: reaped process 23844 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:40 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:40 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:41 executing program 4:
unshare(0x400)
bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x9, 0xffffff80, 0x9}, 0x40)
r0 = socket(0x2a, 0xa, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000074}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x7c, &(0x7f0000000780)=ANY=[@ANYRES32=r4, @ANYBLOB="e856b40d365633a23ca3c7070000003f81b60a0d801d1634a7cd0fc0bd30bcc783b3f193340ccd25a697d5f1a0d02d6f260217099dd3b130ef8a09dbba59547fcf33a83f586f20a769ea9873cf70da0e617cb1e761adba23bf60eebddc062e07bddb0d2098bade44ec0982147f8aa51425f7de5e7326b94b0671b102509e64944db22890afd10ed798bdd07220c17f5a050365fbcb864678d856a55ba40d8f1f4d6333234fc3201cb24e0181535801ff00efc68ff9aee7ffe526c1e4a194226e0812cca298cc78a09000a0350702d9a2bc1a9b2264ed63938e526c166b2f1aca448f6630da1610b14f638c20fe7c66ded60a45cb4786e352c3359895aec7283caaf322678009e4c41c7fac82ec77c0bc66553dbf03a9f6d1b09fbad4000010a5b3743ac29f92ee3f1516862175de0dc0cbc7b2b187e9ba88e4a793ee577e852e1ad5890b10558b618a43724f98e2094a21fc002afb6305961843b8c894ac99dd918b0531e80e4bbd354ccdc1a85d6bb4f92383163da12e3213663fb8b86061bf7d889b14264e136ace63aee1ad03b42aca47a7a752170a75cb5f5000420862bb30904520318f41dcf3b68ffc1eaef318202a1509e1ed9edeb538da0ee423929fb42c01a161a172011c7b206c913bd65a3ad39aa6189a5755b0091cfad1fdb5c051dc01bec4d816"], &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000002c0)={r4, @in6={{0xa, 0x4e24, 0x48, @remote, 0x8000}}, 0x4, 0x3}, &(0x7f0000000100)=0x90)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
r5 = dup(r0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={r5, 0x0}, 0xd)

[ 1029.688723][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1029.701559][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1029.710287][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1029.711325][T21853] Call Trace:
[ 1029.711325][T21853]  dump_stack+0x1c9/0x220
[ 1029.727281][T21853]  dump_header+0x1e7/0xd00
[ 1029.727281][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1029.727281][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1029.727281][T21853]  ? ___ratelimit+0x542/0x720
[ 1029.748809][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1029.753960][T21853]  oom_kill_process+0x216/0x580
[ 1029.759155][T21853]  out_of_memory+0x181e/0x1cc0
[ 1029.764293][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1029.766888][T21853]  alloc_pages_current+0x67d/0x990
[ 1029.766888][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1029.775957][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1029.775957][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1029.775957][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1029.775957][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1029.775957][T21853]  ? debug_shrink_set+0x220/0x220
[ 1029.775957][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1029.775957][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1029.775957][T21853]  do_syscall_64+0xb8/0x160
[ 1029.775957][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1029.775957][T21853] RIP: 0033:0x45cb29
[ 1029.775957][T21853] Code: Bad RIP value.
[ 1029.775957][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1029.775957][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1029.775957][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1029.775957][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1029.775957][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1029.775957][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1029.884940][T21853] Mem-Info:
[ 1029.888245][T21853] active_anon:196805 inactive_anon:6859 isolated_anon:0
[ 1029.888245][T21853]  active_file:5768 inactive_file:50260 isolated_file:0
[ 1029.888245][T21853]  unevictable:0 dirty:81 writeback:17 unstable:0
[ 1029.888245][T21853]  slab_reclaimable:5658 slab_unreclaimable:24938
[ 1029.888245][T21853]  mapped:58886 shmem:7095 pagetables:6879 bounce:0
[ 1029.888245][T21853]  free:99191 free_pcp:0 free_cma:0
16:16:41 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

16:16:41 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:41 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:41 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:41 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1029.926313][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123724kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1029.954924][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1029.984024][T21853] lowmem_reserve[]: 0 996 1224 1224
16:16:41 executing program 4:
unshare(0x20000)
sync()
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
write$binfmt_elf32(r1, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x7, 0x31, 0xc1, 0x9, 0x3, 0x6, 0x8001, 0x383, 0x38, 0x391, 0x40, 0x16, 0x20, 0x2, 0x1, 0x9, 0x5}, [{0x4, 0x3ea, 0x0, 0x1f, 0x5, 0x7ff, 0x3, 0x7}, {0x70000000, 0x834, 0x5, 0x80, 0x1, 0x9644, 0x0, 0x10000}], "a9a2969f144b882ae2dfa1ab98dd41f8", [[], [], []]}, 0x388)

[ 1029.989317][T21853] Node 0 DMA32 free:43180kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1030.020486][T21853] lowmem_reserve[]: 0 0 228 228
[ 1030.025584][T21853] Node 0 Normal free:9504kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1030.057270][T21853] lowmem_reserve[]: 0 0 0 0
[ 1030.062005][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1030.074062][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 144*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43224kB
[ 1030.090427][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1030.105977][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1030.115766][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1030.125330][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1030.135164][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1030.144638][T21853] 27239 total pagecache pages
[ 1030.149351][T21853] 0 pages in swap cache
[ 1030.153700][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1030.159800][T21853] Free swap  = 0kB
[ 1030.163727][T21853] Total swap = 0kB
[ 1030.167486][T21853] 1965979 pages RAM
[ 1030.171324][T21853] 0 pages HighMem/MovableOnly
[ 1030.176154][T21853] 1423249 pages reserved
[ 1030.180426][T21853] 0 pages cma reserved
[ 1030.184649][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24743,uid=0
[ 1030.199619][T21853] Out of memory: Killed process 24743 (syz-executor.3) total-vm:74980kB, anon-rss:3852kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1030.289079][ T1822] oom_reaper: reaped process 24743 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:42 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:42 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:43 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)

16:16:43 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:43 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:43 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500), 0x0, 0x0)

16:16:43 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:43 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x5, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:16:43 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:43 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:44 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:44 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

16:16:44 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:44 executing program 4:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x1a)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x50}}, 0x0)
sendmsg$SOCK_DESTROY(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="580100001500880229bd7000fedbdf252bf7840001008f3a68c4349d55e5abffc015d0a93f92e49915acc5bb1c44b1c571f22501fac06d6ca66b7e58bc5c5b65f46cbf843ec8356dc8df1462a1c014781520cdf5e721a1a864ab2b212d8a5f15b8be6f26f32f58df44977b69319f9fd9891709234bc4a0dda2f9fc58d2ef1ab19d960df965ffb62682c112bcbe34a6088da81b7b864ea44859d1bf000100fde9e09bb90e5510c3f8ff6aae156247bb33681bc8edaf4622e626cca78fd5f511a5066dea9989e994fc26c2bfc6a75cdb38af92609b0bd166570dc7785614c2d3201b28afd381254c1788ef6c093489d112a4b97d080af1e9f1b66067ecdb58f41dd66bdf82f758bece0886a30d4ec72827a3e99ae75a2b588bbadb01c5c1fbca6f58499822f162e5a7d8a0c6782e6fab2673e8f2119320026f33f4ff8c7935595d432091408631cd809b26093c7aa25c9358f84af0e7959bdf"], 0x158}, 0x1, 0x0, 0x0, 0x80}, 0x4080)
r5 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getsockname$packet(r7, 0x0, &(0x7f0000000140))
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2)
ioctl$TCGETX(r0, 0x5432, &(0x7f0000000040))
unshare(0x400)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r8, 0x0}, 0x20)

[ 1032.143123][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1032.155848][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1032.164565][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1032.165723][T21853] Call Trace:
[ 1032.165723][T21853]  dump_stack+0x1c9/0x220
[ 1032.165723][T21853]  dump_header+0x1e7/0xd00
[ 1032.165723][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1032.165723][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1032.165723][T21853]  ? ___ratelimit+0x542/0x720
[ 1032.165723][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1032.165723][T21853]  oom_kill_process+0x216/0x580
[ 1032.165723][T21853]  out_of_memory+0x181e/0x1cc0
[ 1032.165723][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1032.165723][T21853]  alloc_pages_current+0x67d/0x990
[ 1032.165723][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1032.165723][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1032.165723][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1032.165723][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1032.165723][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1032.165723][T21853]  ? debug_shrink_set+0x220/0x220
[ 1032.165723][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1032.165723][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1032.165723][T21853]  do_syscall_64+0xb8/0x160
[ 1032.165723][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1032.165723][T21853] RIP: 0033:0x45cb29
[ 1032.165723][T21853] Code: Bad RIP value.
[ 1032.165723][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1032.165723][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1032.165723][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1032.165723][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1032.165723][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1032.165723][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1032.339063][T21853] Mem-Info:
[ 1032.342423][T21853] active_anon:195968 inactive_anon:6859 isolated_anon:0
[ 1032.342423][T21853]  active_file:5751 inactive_file:50062 isolated_file:0
[ 1032.342423][T21853]  unevictable:0 dirty:24 writeback:0 unstable:0
[ 1032.342423][T21853]  slab_reclaimable:5658 slab_unreclaimable:24933
[ 1032.342423][T21853]  mapped:58930 shmem:7095 pagetables:6976 bounce:0
[ 1032.342423][T21853]  free:99784 free_pcp:0 free_cma:0
[ 1032.380371][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123740kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1032.409097][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1032.438180][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1032.443595][T21853] Node 0 DMA32 free:43256kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1032.474925][T21853] lowmem_reserve[]: 0 0 228 228
[ 1032.479855][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1032.512052][T21853] lowmem_reserve[]: 0 0 0 0
[ 1032.516657][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1032.528773][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 145*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43256kB
[ 1032.545219][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1032.560767][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1032.570476][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1032.579989][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:16:44 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1032.589759][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1032.599246][T21853] 27001 total pagecache pages
[ 1032.604130][T21853] 0 pages in swap cache
[ 1032.608375][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1032.614599][T21853] Free swap  = 0kB
[ 1032.618346][T21853] Total swap = 0kB
[ 1032.622230][T21853] 1965979 pages RAM
[ 1032.626087][T21853] 0 pages HighMem/MovableOnly
[ 1032.630839][T21853] 1423249 pages reserved
[ 1032.635249][T21853] 0 pages cma reserved
[ 1032.639361][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24565,uid=0
[ 1032.654427][T21853] Out of memory: Killed process 24565 (syz-executor.3) total-vm:74980kB, anon-rss:3804kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1032.721330][ T1822] oom_reaper: reaped process 24565 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1032.740973][T25896] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:16:45 executing program 4:
r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xc25, 0x0)
ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000040)={0x3, "342d8ff4ced3dd536e1cfcb0d9b2edf4eac678f95b55daf339f4096062250597", 0x3})
unshare(0x400)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r1, 0x0}, 0x20)

16:16:45 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:45 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:45 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:45 executing program 4:
unshare(0x400)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000000)={0x6, 0xffff, 0xb40, 0x81, 0x1, 0x80000000})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$RTC_AIE_ON(r4, 0x7001)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, 0x0}, 0x20)

16:16:45 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1033.781449][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1033.794253][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1033.803002][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1033.804022][T21853] Call Trace:
[ 1033.804022][T21853]  dump_stack+0x1c9/0x220
[ 1033.804022][T21853]  dump_header+0x1e7/0xd00
[ 1033.804022][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1033.804022][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1033.804022][T21853]  ? ___ratelimit+0x542/0x720
[ 1033.804022][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1033.804022][T21853]  oom_kill_process+0x216/0x580
[ 1033.804022][T21853]  out_of_memory+0x181e/0x1cc0
[ 1033.804022][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1033.804022][T21853]  alloc_pages_current+0x67d/0x990
[ 1033.804022][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1033.804022][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1033.804022][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1033.804022][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1033.804022][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1033.804022][T21853]  ? debug_shrink_set+0x220/0x220
[ 1033.804022][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1033.902053][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1033.902053][T21853]  do_syscall_64+0xb8/0x160
[ 1033.902053][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1033.902053][T21853] RIP: 0033:0x45cb29
[ 1033.902053][T21853] Code: Bad RIP value.
[ 1033.902053][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1033.902053][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1033.902053][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1033.902053][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1033.902053][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1033.902053][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1033.977794][T21853] Mem-Info:
[ 1033.981090][T21853] active_anon:195191 inactive_anon:6859 isolated_anon:0
[ 1033.981090][T21853]  active_file:5750 inactive_file:50068 isolated_file:0
[ 1033.981090][T21853]  unevictable:0 dirty:36 writeback:0 unstable:0
[ 1033.981090][T21853]  slab_reclaimable:5658 slab_unreclaimable:24935
[ 1033.981090][T21853]  mapped:58937 shmem:7095 pagetables:7054 bounce:0
[ 1033.981090][T21853]  free:100534 free_pcp:0 free_cma:0
[ 1034.023007][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123744kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1034.051957][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1034.081065][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1034.086433][T21853] Node 0 DMA32 free:43288kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1034.117529][T21853] lowmem_reserve[]: 0 0 228 228
[ 1034.122676][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1034.154429][T21853] lowmem_reserve[]: 0 0 0 0
[ 1034.159034][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1034.171093][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 146*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43288kB
[ 1034.187542][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1034.203078][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1034.212856][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1034.222352][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:16:46 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:46 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1034.232102][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1034.241419][T21853] 27008 total pagecache pages
[ 1034.246285][T21853] 0 pages in swap cache
[ 1034.250482][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1034.256682][T21853] Free swap  = 0kB
[ 1034.260457][T21853] Total swap = 0kB
[ 1034.264329][T21853] 1965979 pages RAM
[ 1034.268170][T21853] 0 pages HighMem/MovableOnly
[ 1034.272976][T21853] 1423249 pages reserved
[ 1034.277267][T21853] 0 pages cma reserved
[ 1034.281374][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=25013,uid=0
[ 1034.296318][T21853] Out of memory: Killed process 25013 (syz-executor.3) total-vm:74980kB, anon-rss:3504kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1034.330321][ T1822] oom_reaper: reaped process 25013 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:46 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

16:16:46 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:46 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$DRM_IOCTL_SET_UNIQUE(r1, 0x40106410, &(0x7f0000000080)={0x5b, &(0x7f0000000000)="f47b9715c3b096b05fd52927c659bcf0505f251debcd3c657fd6f7e8b84314fa0bba8e48e76f81097027581ae0f9e03702060916cd3e2600c343d79575b15574bd8b06d0fcf720e5121ebb97dc90cd329516277edbf9cd3d5267e4"})
unshare(0x4018100)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, 0x0}, 0x20)

16:16:46 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:46 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:46 executing program 4:
unshare(0x400)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}}, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
pkey_alloc(0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x13, 0x5, 0x7, 0x5, 0x211, r4, 0xfffffffc, [], r2, 0xffffffffffffffff, 0x10000}, 0x40)
r6 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$TIOCMBIC(r6, 0x5417, &(0x7f0000000000)=0x380)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
open_tree(r8, &(0x7f00000000c0)='./file0\x00', 0x81100)

16:16:46 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1035.061466][T25945] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:16:47 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:47 executing program 4:
unshare(0x400)
r0 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0xc20a)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r4=>r3})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0xfffffff7, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], r4}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000100)=0x5)
r7 = dup(r6)
getsockname$packet(r7, 0x0, &(0x7f0000000140))
ioctl$TIOCPKT(r7, 0x5420, &(0x7f0000000080)=0x4)
socket$netlink(0x10, 0x3, 0xb)

16:16:47 executing program 3:
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = clone3(&(0x7f0000001680)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180))
process_vm_writev(r3, &(0x7f0000002480)=[{&(0x7f00000001c0)=""/4096, 0x1000}], 0x1, &(0x7f0000003500)=[{0x0}], 0x1, 0x0)

[ 1035.815670][T25956] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:16:47 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:47 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:16:47 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1035.898952][T25956] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:16:47 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:48 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x8200, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:16:48 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:16:48 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:48 executing program 4:
unshare(0x400)
close(0xffffffffffffffff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r4, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x7c, &(0x7f0000000140)={r6}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000040)={r6}, 0xc)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
write$P9_RRENAMEAT(r2, &(0x7f0000000000)={0x7, 0x4b, 0x1}, 0x7)

[ 1036.699116][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1036.712052][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1036.720775][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1036.730078][T21853] Call Trace:
[ 1036.730078][T21853]  dump_stack+0x1c9/0x220
[ 1036.730078][T21853]  dump_header+0x1e7/0xd00
[ 1036.730078][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1036.730078][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1036.730078][T21853]  ? ___ratelimit+0x542/0x720
[ 1036.730078][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1036.762043][T21853]  oom_kill_process+0x216/0x580
[ 1036.762043][T21853]  out_of_memory+0x181e/0x1cc0
[ 1036.762043][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1036.762043][T21853]  alloc_pages_current+0x67d/0x990
[ 1036.762043][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1036.762043][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1036.762043][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1036.762043][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1036.762043][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1036.762043][T21853]  ? debug_shrink_set+0x220/0x220
[ 1036.762043][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1036.762043][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1036.762043][T21853]  do_syscall_64+0xb8/0x160
[ 1036.762043][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1036.762043][T21853] RIP: 0033:0x45cb29
[ 1036.762043][T21853] Code: Bad RIP value.
[ 1036.762043][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1036.762043][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1036.762043][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1036.762043][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1036.762043][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1036.762043][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1036.895637][T21853] Mem-Info:
[ 1036.898897][T21853] active_anon:194299 inactive_anon:6859 isolated_anon:0
[ 1036.898897][T21853]  active_file:5751 inactive_file:50075 isolated_file:0
[ 1036.898897][T21853]  unevictable:0 dirty:44 writeback:0 unstable:0
[ 1036.898897][T21853]  slab_reclaimable:5658 slab_unreclaimable:24945
[ 1036.898897][T21853]  mapped:58934 shmem:7095 pagetables:7047 bounce:0
[ 1036.898897][T21853]  free:101286 free_pcp:0 free_cma:0
[ 1036.936916][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1036.965546][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1036.994574][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1036.999873][T21853] Node 0 DMA32 free:43320kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1037.030990][T21853] lowmem_reserve[]: 0 0 228 228
16:16:49 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1037.036003][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1037.067643][T21853] lowmem_reserve[]: 0 0 0 0
[ 1037.072315][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1037.084329][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 147*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43320kB
16:16:49 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1037.100664][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1037.116158][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1037.125861][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1037.135301][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1037.144991][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1037.154400][T21853] 27014 total pagecache pages
[ 1037.159112][T21853] 0 pages in swap cache
[ 1037.163466][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1037.169565][T21853] Free swap  = 0kB
[ 1037.173544][T21853] Total swap = 0kB
[ 1037.177328][T21853] 1965979 pages RAM
[ 1037.181166][T21853] 0 pages HighMem/MovableOnly
[ 1037.186011][T21853] 1423249 pages reserved
[ 1037.190283][T21853] 0 pages cma reserved
16:16:49 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1037.194535][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24582,uid=0
[ 1037.209487][T21853] Out of memory: Killed process 24582 (syz-executor.3) total-vm:74980kB, anon-rss:3456kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1037.250641][ T1822] oom_reaper: reaped process 24582 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1037.320435][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1037.333596][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1037.342325][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1037.343124][T21853] Call Trace:
[ 1037.343124][T21853]  dump_stack+0x1c9/0x220
[ 1037.343124][T21853]  dump_header+0x1e7/0xd00
[ 1037.343124][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1037.343124][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1037.343124][T21853]  ? ___ratelimit+0x542/0x720
[ 1037.343124][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1037.383557][T21853]  oom_kill_process+0x216/0x580
[ 1037.383557][T21853]  out_of_memory+0x181e/0x1cc0
[ 1037.383557][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1037.402017][T21853]  alloc_pages_current+0x67d/0x990
[ 1037.403766][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1037.403766][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1037.403766][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1037.403766][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1037.403766][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1037.403766][T21853]  ? debug_shrink_set+0x220/0x220
[ 1037.403766][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1037.403766][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1037.403766][T21853]  do_syscall_64+0xb8/0x160
[ 1037.403766][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1037.403766][T21853] RIP: 0033:0x45cb29
[ 1037.403766][T21853] Code: Bad RIP value.
[ 1037.403766][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1037.403766][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1037.403766][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1037.403766][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1037.403766][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1037.403766][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1037.516883][T21853] Mem-Info:
16:16:49 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

[ 1037.520141][T21853] active_anon:193473 inactive_anon:6859 isolated_anon:0
[ 1037.520141][T21853]  active_file:5750 inactive_file:50080 isolated_file:0
[ 1037.520141][T21853]  unevictable:0 dirty:50 writeback:0 unstable:0
[ 1037.520141][T21853]  slab_reclaimable:5658 slab_unreclaimable:24946
[ 1037.520141][T21853]  mapped:58938 shmem:7095 pagetables:6936 bounce:0
[ 1037.520141][T21853]  free:102168 free_pcp:0 free_cma:0
[ 1037.559377][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1037.588264][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1037.617418][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1037.622807][T21853] Node 0 DMA32 free:43320kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1037.654130][T21853] lowmem_reserve[]: 0 0 228 228
[ 1037.659057][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1037.690739][T21853] lowmem_reserve[]: 0 0 0 0
[ 1037.695971][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
16:16:49 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x42049008}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r4, 0x400, 0x70bd2a, 0x25dfdbfb, {{}, {}, {0x8, 0x11, 0xfffff771}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}}, 0x0)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00')
sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r5, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e23}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @rand_addr=0x64010102}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e21}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0xffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x40}, 0x8000080)
unshare(0x400)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
r7 = openat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x80001, 0x110, 0xc}, 0x18)
ioctl$PPPIOCGUNIT(r7, 0x80047456, &(0x7f00000004c0))
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r6, 0x0}, 0x20)

[ 1037.708152][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 147*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43320kB
[ 1037.724593][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1037.740161][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1037.749937][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1037.759455][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1037.769209][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1037.778708][T21853] 27019 total pagecache pages
[ 1037.783591][T21853] 0 pages in swap cache
[ 1037.787873][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1037.794146][T21853] Free swap  = 0kB
[ 1037.797979][T21853] Total swap = 0kB
[ 1037.801931][T21853] 1965979 pages RAM
[ 1037.805777][T21853] 0 pages HighMem/MovableOnly
[ 1037.810480][T21853] 1423249 pages reserved
[ 1037.814908][T21853] 0 pages cma reserved
[ 1037.819045][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=25183,uid=0
[ 1037.834036][T21853] Out of memory: Killed process 25183 (syz-executor.1) total-vm:74980kB, anon-rss:3388kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1037.883382][ T1822] oom_reaper: reaped process 25183 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1038.347357][T25996] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[ 1038.508795][T25996] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[ 1038.522982][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1038.535644][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1038.544362][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1038.554070][T21853] Call Trace:
[ 1038.554070][T21853]  dump_stack+0x1c9/0x220
[ 1038.554070][T21853]  dump_header+0x1e7/0xd00
[ 1038.554070][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1038.554070][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1038.554070][T21853]  ? ___ratelimit+0x542/0x720
[ 1038.554070][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1038.554070][T21853]  oom_kill_process+0x216/0x580
[ 1038.554070][T21853]  out_of_memory+0x181e/0x1cc0
[ 1038.554070][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1038.554070][T21853]  alloc_pages_current+0x67d/0x990
[ 1038.554070][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1038.554070][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1038.554070][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1038.554070][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1038.554070][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1038.554070][T21853]  ? debug_shrink_set+0x220/0x220
[ 1038.554070][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1038.554070][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1038.554070][T21853]  do_syscall_64+0xb8/0x160
[ 1038.554070][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1038.554070][T21853] RIP: 0033:0x45cb29
[ 1038.554070][T21853] Code: Bad RIP value.
[ 1038.554070][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1038.554070][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1038.554070][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1038.554070][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1038.554070][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1038.554070][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1038.718825][T21853] Mem-Info:
[ 1038.722192][T21853] active_anon:192729 inactive_anon:6859 isolated_anon:0
[ 1038.722192][T21853]  active_file:5750 inactive_file:50221 isolated_file:0
[ 1038.722192][T21853]  unevictable:0 dirty:90 writeback:0 unstable:0
[ 1038.722192][T21853]  slab_reclaimable:5658 slab_unreclaimable:24947
[ 1038.722192][T21853]  mapped:58964 shmem:7095 pagetables:7037 bounce:0
[ 1038.722192][T21853]  free:102818 free_pcp:0 free_cma:0
[ 1038.760204][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1038.788937][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1038.818036][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1038.823411][T21853] Node 0 DMA32 free:43320kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1038.854541][T21853] lowmem_reserve[]: 0 0 228 228
[ 1038.859466][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1038.891233][T21853] lowmem_reserve[]: 0 0 0 0
[ 1038.895925][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1038.907966][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 147*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43320kB
[ 1038.924409][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1038.939902][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1038.949604][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1038.959041][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1038.968763][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1038.978206][T21853] 27164 total pagecache pages
[ 1038.983057][T21853] 0 pages in swap cache
[ 1038.987256][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1038.993454][T21853] Free swap  = 0kB
[ 1038.997236][T21853] Total swap = 0kB
[ 1039.000994][T21853] 1965979 pages RAM
[ 1039.004951][T21853] 0 pages HighMem/MovableOnly
16:16:51 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1039.009657][T21853] 1423249 pages reserved
[ 1039.014020][T21853] 0 pages cma reserved
[ 1039.018133][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=25023,uid=0
[ 1039.033208][T21853] Out of memory: Killed process 25023 (syz-executor.1) total-vm:74848kB, anon-rss:3316kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1039.067700][ T1822] oom_reaper: reaped process 25023 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:51 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:51 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:51 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:51 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:51 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:16:52 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1040.222709][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1040.235647][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1040.244366][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1040.245297][T21853] Call Trace:
[ 1040.245297][T21853]  dump_stack+0x1c9/0x220
[ 1040.245297][T21853]  dump_header+0x1e7/0xd00
[ 1040.245297][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1040.268930][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1040.268930][T21853]  ? ___ratelimit+0x542/0x720
[ 1040.268930][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1040.268930][T21853]  oom_kill_process+0x216/0x580
[ 1040.268930][T21853]  out_of_memory+0x181e/0x1cc0
[ 1040.268930][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1040.268930][T21853]  alloc_pages_current+0x67d/0x990
[ 1040.268930][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1040.268930][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1040.268930][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1040.268930][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1040.268930][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1040.268930][T21853]  ? debug_shrink_set+0x220/0x220
[ 1040.268930][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1040.268930][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1040.268930][T21853]  do_syscall_64+0xb8/0x160
[ 1040.268930][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1040.268930][T21853] RIP: 0033:0x45cb29
[ 1040.268930][T21853] Code: Bad RIP value.
[ 1040.268930][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1040.268930][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1040.268930][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1040.268930][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1040.268930][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1040.268930][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1040.418689][T21853] Mem-Info:
[ 1040.422063][T21853] active_anon:191902 inactive_anon:6859 isolated_anon:0
[ 1040.422063][T21853]  active_file:5767 inactive_file:50254 isolated_file:0
[ 1040.422063][T21853]  unevictable:0 dirty:71 writeback:15 unstable:0
[ 1040.422063][T21853]  slab_reclaimable:5658 slab_unreclaimable:24950
[ 1040.422063][T21853]  mapped:58980 shmem:7095 pagetables:6971 bounce:0
[ 1040.422063][T21853]  free:103688 free_pcp:0 free_cma:0
[ 1040.460911][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1040.489675][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1040.518756][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1040.524196][T21853] Node 0 DMA32 free:43320kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1040.555360][T21853] lowmem_reserve[]: 0 0 228 228
[ 1040.560315][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1040.592036][T21853] lowmem_reserve[]: 0 0 0 0
[ 1040.596626][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1040.608741][T21853] Node 0 DMA32: 920*4kB (UME) 471*8kB (UM) 216*16kB (M) 147*32kB (UM) 115*64kB (M) 61*128kB (UM) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43320kB
[ 1040.625197][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1040.640754][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1040.650514][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1040.660034][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1040.669809][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1040.679367][T21853] 27220 total pagecache pages
[ 1040.684272][T21853] 0 pages in swap cache
[ 1040.688465][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1040.694732][T21853] Free swap  = 0kB
[ 1040.698485][T21853] Total swap = 0kB
[ 1040.702387][T21853] 1965979 pages RAM
[ 1040.706273][T21853] 0 pages HighMem/MovableOnly
[ 1040.710979][T21853] 1423249 pages reserved
[ 1040.715411][T21853] 0 pages cma reserved
16:16:52 executing program 4:
unshare(0x400)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x3e, 0x0, "5467df4e54c03294fef8dab7e1b3bb7ae6b5b49e1469ebed6f7335dfc51d1976203502723f147c359af0abdd5468d9e524086b0eddc97cee72e77c86cfea3845a35876f377ec176b0f5a04486133f8a0"}, 0xd8)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r5, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0xc0, r5, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1f}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x8}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffc0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x289}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7fff}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000080)={0xa30000, 0x8, 0x994, <r6=>r3, 0x0, &(0x7f0000000040)={0x9e0905, 0x6, [], @p_u8=&(0x7f0000000000)=0x7a}})
ioctl$VIDIOC_SUBDEV_G_CROP(r6, 0xc038563b, &(0x7f00000000c0)={0x0, 0x0, {0x400, 0x9, 0x1, 0x9}})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x19, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r7, 0x0}, 0x20)

16:16:52 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:52 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:52 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1040.719532][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=23918,uid=0
[ 1040.734503][T21853] Out of memory: Killed process 23918 (syz-executor.2) total-vm:75112kB, anon-rss:3236kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1040.831498][ T1822] oom_reaper: reaped process 23918 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:52 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1041.023031][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1041.036059][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1041.044777][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1041.045655][T21853] Call Trace:
[ 1041.045655][T21853]  dump_stack+0x1c9/0x220
[ 1041.045655][T21853]  dump_header+0x1e7/0xd00
[ 1041.045655][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1041.045655][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1041.045655][T21853]  ? ___ratelimit+0x542/0x720
[ 1041.045655][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1041.045655][T21853]  oom_kill_process+0x216/0x580
[ 1041.045655][T21853]  out_of_memory+0x181e/0x1cc0
[ 1041.045655][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1041.045655][T21853]  alloc_pages_current+0x67d/0x990
[ 1041.045655][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1041.045655][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1041.045655][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1041.045655][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1041.045655][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1041.045655][T21853]  ? debug_shrink_set+0x220/0x220
[ 1041.045655][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1041.045655][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1041.045655][T21853]  do_syscall_64+0xb8/0x160
[ 1041.045655][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1041.045655][T21853] RIP: 0033:0x45cb29
[ 1041.045655][T21853] Code: Bad RIP value.
[ 1041.045655][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1041.045655][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1041.182605][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1041.182605][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1041.182605][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1041.182605][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1041.219212][T21853] Mem-Info:
[ 1041.222590][T21853] active_anon:191082 inactive_anon:6859 isolated_anon:0
[ 1041.222590][T21853]  active_file:5781 inactive_file:50145 isolated_file:0
[ 1041.222590][T21853]  unevictable:0 dirty:80 writeback:0 unstable:0
[ 1041.222590][T21853]  slab_reclaimable:5658 slab_unreclaimable:24950
[ 1041.222590][T21853]  mapped:58964 shmem:7095 pagetables:6989 bounce:0
[ 1041.222590][T21853]  free:104503 free_pcp:62 free_cma:0
[ 1041.260698][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1041.289373][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1041.318479][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1041.323889][T21853] Node 0 DMA32 free:43100kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1041.355412][T21853] lowmem_reserve[]: 0 0 228 228
[ 1041.360340][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1041.392054][T21853] lowmem_reserve[]: 0 0 0 0
[ 1041.396640][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1041.408666][T21853] Node 0 DMA32: 919*4kB (ME) 470*8kB (M) 217*16kB (UM) 144*32kB (UM) 115*64kB (M) 60*128kB (M) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43100kB
[ 1041.424909][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1041.440447][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1041.450182][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1041.459640][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1041.469385][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1041.478836][T21853] 27132 total pagecache pages
[ 1041.483698][T21853] 0 pages in swap cache
[ 1041.487897][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1041.494169][T21853] Free swap  = 0kB
[ 1041.497934][T21853] Total swap = 0kB
[ 1041.501689][T21853] 1965979 pages RAM
[ 1041.505706][T21853] 0 pages HighMem/MovableOnly
[ 1041.510413][T21853] 1423249 pages reserved
[ 1041.514814][T21853] 0 pages cma reserved
[ 1041.518925][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24844,uid=0
[ 1041.533999][T21853] Out of memory: Killed process 24844 (syz-executor.1) total-vm:74980kB, anon-rss:3220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1041.573533][ T1822] oom_reaper: reaped process 24844 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:53 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:54 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup(r2)
prctl$PR_GET_FPEMU(0x9, &(0x7f0000000140))
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$TIOCL_GETMOUSEREPORTING(r4, 0x541c, &(0x7f00000000c0))
ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f0000000000)="65a63cda4dd1b6ecf3b41b1824814e8288f442e87d15e0be2ffa7cea85aaa28bdcb9049263f5d2610d8a9d23007e8473b7354d5940599a6ddd60bf119f1255ceca6e7b909ed62caa6f373c6b51f5cfa4cfc7d6f6b08e942f0ab21248b1d16090eeedd83b9c9fd44ce623022a920dc5731f2f53e1ebabb10ba8b5416aa0fc6d601d3b031d74ee05ae833f98a89e0c6131ace859b7fda15e71615b865d0e79bf")
socket$inet6_udp(0xa, 0x2, 0x0)
r5 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
io_uring_register$IORING_UNREGISTER_FILES(r5, 0x3, 0x0, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x343180, 0x0)
connect$netlink(0xffffffffffffffff, &(0x7f0000000180)=@proc={0x10, 0x0, 0x25dfd3fd, 0x10000}, 0xc)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:16:54 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:54 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:54 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:54 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:54 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:55 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1043.757126][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1043.770340][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1043.779061][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1043.779713][T21853] Call Trace:
[ 1043.779713][T21853]  dump_stack+0x1c9/0x220
[ 1043.779713][T21853]  dump_header+0x1e7/0xd00
[ 1043.779713][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1043.779713][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1043.779713][T21853]  ? ___ratelimit+0x542/0x720
[ 1043.779713][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1043.821982][T21853]  oom_kill_process+0x216/0x580
[ 1043.821982][T21853]  out_of_memory+0x181e/0x1cc0
[ 1043.832108][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1043.832108][T21853]  alloc_pages_current+0x67d/0x990
[ 1043.832108][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1043.832108][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1043.832108][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1043.832108][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1043.832108][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1043.832108][T21853]  ? debug_shrink_set+0x220/0x220
[ 1043.832108][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1043.832108][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1043.832108][T21853]  do_syscall_64+0xb8/0x160
[ 1043.832108][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1043.832108][T21853] RIP: 0033:0x45cb29
[ 1043.832108][T21853] Code: Bad RIP value.
[ 1043.832108][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1043.832108][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1043.832108][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1043.832108][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1043.832108][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1043.832108][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1043.953320][T21853] Mem-Info:
[ 1043.956627][T21853] active_anon:190177 inactive_anon:6859 isolated_anon:0
[ 1043.956627][T21853]  active_file:5751 inactive_file:50220 isolated_file:0
[ 1043.956627][T21853]  unevictable:0 dirty:115 writeback:0 unstable:0
[ 1043.956627][T21853]  slab_reclaimable:5658 slab_unreclaimable:24950
[ 1043.956627][T21853]  mapped:58968 shmem:7095 pagetables:6877 bounce:0
[ 1043.956627][T21853]  free:105386 free_pcp:62 free_cma:0
[ 1043.994953][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123748kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1044.023886][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1044.052979][T21853] lowmem_reserve[]: 0 996 1224 1224
16:16:56 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1044.058255][T21853] Node 0 DMA32 free:43132kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1044.089601][T21853] lowmem_reserve[]: 0 0 228 228
[ 1044.095152][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1044.126788][T21853] lowmem_reserve[]: 0 0 0 0
[ 1044.131363][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1044.143438][T21853] Node 0 DMA32: 919*4kB (ME) 470*8kB (M) 217*16kB (UM) 145*32kB (UM) 115*64kB (M) 60*128kB (M) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43132kB
[ 1044.159604][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1044.175160][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.184879][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1044.194318][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1044.204013][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1044.213430][T21853] 27158 total pagecache pages
[ 1044.218136][T21853] 0 pages in swap cache
[ 1044.222462][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1044.228554][T21853] Free swap  = 0kB
[ 1044.232409][T21853] Total swap = 0kB
[ 1044.236163][T21853] 1965979 pages RAM
[ 1044.240021][T21853] 0 pages HighMem/MovableOnly
[ 1044.244889][T21853] 1423249 pages reserved
[ 1044.249151][T21853] 0 pages cma reserved
16:16:56 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1044.253417][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24681,uid=0
[ 1044.268376][T21853] Out of memory: Killed process 24681 (syz-executor.3) total-vm:74848kB, anon-rss:3040kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1044.297810][ T1822] oom_reaper: reaped process 24681 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:56 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:56 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:56 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1045.170970][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1045.183815][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1045.192538][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1045.193561][T21853] Call Trace:
[ 1045.193561][T21853]  dump_stack+0x1c9/0x220
[ 1045.193561][T21853]  dump_header+0x1e7/0xd00
[ 1045.193561][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1045.193561][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1045.193561][T21853]  ? ___ratelimit+0x542/0x720
[ 1045.193561][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1045.193561][T21853]  oom_kill_process+0x216/0x580
[ 1045.193561][T21853]  out_of_memory+0x181e/0x1cc0
[ 1045.193561][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1045.193561][T21853]  alloc_pages_current+0x67d/0x990
[ 1045.193561][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1045.193561][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1045.193561][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1045.193561][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1045.193561][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1045.193561][T21853]  ? debug_shrink_set+0x220/0x220
[ 1045.193561][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1045.193561][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1045.193561][T21853]  do_syscall_64+0xb8/0x160
[ 1045.193561][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1045.193561][T21853] RIP: 0033:0x45cb29
[ 1045.193561][T21853] Code: Bad RIP value.
[ 1045.193561][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1045.193561][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1045.193561][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1045.193561][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1045.193561][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1045.193561][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1045.367225][T21853] Mem-Info:
[ 1045.370496][T21853] active_anon:189391 inactive_anon:6859 isolated_anon:0
[ 1045.370496][T21853]  active_file:5751 inactive_file:50239 isolated_file:0
[ 1045.370496][T21853]  unevictable:0 dirty:93 writeback:16 unstable:0
[ 1045.370496][T21853]  slab_reclaimable:5658 slab_unreclaimable:24940
[ 1045.370496][T21853]  mapped:58855 shmem:7095 pagetables:6809 bounce:0
[ 1045.370496][T21853]  free:106276 free_pcp:62 free_cma:0
[ 1045.408672][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123756kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1045.437410][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1045.466503][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1045.471926][T21853] Node 0 DMA32 free:43132kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1045.503516][T21853] lowmem_reserve[]: 0 0 228 228
16:16:57 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1045.508440][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1045.540221][T21853] lowmem_reserve[]: 0 0 0 0
[ 1045.544975][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1045.557169][T21853] Node 0 DMA32: 919*4kB (ME) 470*8kB (M) 217*16kB (UM) 145*32kB (UM) 115*64kB (M) 60*128kB (M) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43132kB
[ 1045.573436][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1045.588969][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1045.598750][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1045.608253][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1045.618051][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1045.627519][T21853] 27182 total pagecache pages
[ 1045.632317][T21853] 0 pages in swap cache
[ 1045.636517][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1045.642810][T21853] Free swap  = 0kB
[ 1045.646555][T21853] Total swap = 0kB
[ 1045.650342][T21853] 1965979 pages RAM
[ 1045.654414][T21853] 0 pages HighMem/MovableOnly
[ 1045.659209][T21853] 1423249 pages reserved
[ 1045.663629][T21853] 0 pages cma reserved
[ 1045.667807][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=25060,uid=0
[ 1045.682798][T21853] Out of memory: Killed process 25060 (syz-executor.3) total-vm:74980kB, anon-rss:2972kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1045.731247][ T1822] oom_reaper: reaped process 25060 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:57 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:57 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:58 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
r3 = dup(0xffffffffffffffff)
getsockname$packet(r3, 0x0, &(0x7f0000000140))
r4 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x0)
r5 = dup(r4)
ioctl$USBDEVFS_RESETEP(r5, 0x80045515, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r5, 0xc0106426, &(0x7f0000000300)={0x1, &(0x7f0000000200)=[{}]})
ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f0000000240)={0x0, 0x2})
ioctl$DRM_IOCTL_GET_SAREA_CTX(r3, 0xc010641d, &(0x7f0000000080)={0x0, &(0x7f0000000880)=""/127})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="f76d81fe", @ANYRES16=r7, @ANYBLOB="0100000000000000000014000000"], 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="e7c640dd1a2972fcbffd0504c7927688e62bf0d06e5494f8e9f48e6789f6268c9455395d1cbf8a7c02a6f5eb47c1f74816d622a80827ca4627b62bbd3679df8f6fd1883d9da3e1f1133a6f21381994105a7f515f3c6b0e7ed7f46b6a5f1ca6c7757c4c8fe8d539e4edbca16d733d2835144c445805ab9448d9b86a314e28b716f1c142bf44254582e222d003023d997367db05fbe89a2be5cfa72579ced42fdc6714be9b50b9432b0cb7d24ef0906d5991a4c5b5816dc587400100df496b295ccf1a81bf9a99940257e8e287dd6e967fef21435e41955e77c58094bde8443057ffd5703550adebaa6204a2835e766644e6b67ed7bb959ccee72b7bb178c457a7167cd6a2edcdd62698b0a25a514b44ad78f1e404a6b16eedb2e5ad85be36cc343581c7b7791ad35b9645ce2e00943742bed90bc23219a3ccb2ed06fb41e3b6801aa6e391c6f6cae0f46ee938696169d8b4cc4398fae4de2572f5dbb1642ca063dcbaa2910000", @ANYRES16=0x0, @ANYBLOB="000427bd7000ffdbdf2502000000b00001803c000280080001001a000000080003003f00000008000400010400000000040000000000080004000b000000000004000004000008000200050000000d0001006574683a69705f76746930000d0001007564703a73797a32000000000d0001007564703a73797a32000000000a0001007564703a73797a32000000001700010069623a76657468315f746f5f62617461647600001700010069623a76657468305f746f5f62617461647600004c0002800400040008000100ff7f00003c0003800800020006000000080001000000000008000200001000000800010005000000080001000004000008000100010100000800020082ae0000000006800000040067636d286165732900000000000000000000000000000000000000000000000000000000badf8f60eaf2d842b2666faecbbc2ff1891cf18de7a12711681166000000040067636d28616573290000000000000000000000000000000000000000000000000000000001f1d671388a11ff940a0255f6f34622796579b64b30a0dd0f95699c4730a9919332970000000300768a97ec2cfa811ac70377d0182919303a7c17c7998d80df5165f02f07ade17a5e9900374f8b78d5b9b885d8f690846dcdfff17105c2eca6772084afe8087cf4f00d0bf2f846f4dbddeeac3de1f4a8b851360000"], 0x124}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000000000)={@local, <r8=>0x0}, &(0x7f0000000040)=0x14)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x19, 0x4, 0x1000007, 0x2, 0x41a, r1, 0x3, [], r8, 0xffffffffffffffff, 0x5, 0x10000000, 0x2}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r9, 0x0}, 0x20)
sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000340), 0xc, &(0x7f0000000380)={&(0x7f0000000a00)={0xc4, 0x0, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'vxcan1\x00'}, @NLBL_UNLABEL_A_IFACE={0x14}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:gpg_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:ssh_agent_exec_t:s0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4040091}, 0x1)

16:16:58 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:58 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1046.469048][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1046.482067][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1046.490789][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1046.491835][T21853] Call Trace:
[ 1046.501155][T21853]  dump_stack+0x1c9/0x220
[ 1046.501155][T21853]  dump_header+0x1e7/0xd00
[ 1046.501155][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1046.501155][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1046.501155][T21853]  ? ___ratelimit+0x542/0x720
[ 1046.501155][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1046.501155][T21853]  oom_kill_process+0x216/0x580
[ 1046.501155][T21853]  out_of_memory+0x181e/0x1cc0
[ 1046.501155][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1046.501155][T21853]  alloc_pages_current+0x67d/0x990
[ 1046.501155][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1046.501155][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1046.501155][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1046.501155][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1046.501155][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1046.501155][T21853]  ? debug_shrink_set+0x220/0x220
[ 1046.501155][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1046.501155][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1046.501155][T21853]  do_syscall_64+0xb8/0x160
[ 1046.501155][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1046.501155][T21853] RIP: 0033:0x45cb29
[ 1046.501155][T21853] Code: Bad RIP value.
[ 1046.501155][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1046.501155][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1046.501155][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1046.501155][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1046.501155][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1046.501155][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1046.665465][T21853] Mem-Info:
[ 1046.668724][T21853] active_anon:188697 inactive_anon:6859 isolated_anon:0
[ 1046.668724][T21853]  active_file:5751 inactive_file:50141 isolated_file:0
[ 1046.668724][T21853]  unevictable:0 dirty:99 writeback:17 unstable:0
[ 1046.668724][T21853]  slab_reclaimable:5658 slab_unreclaimable:24941
[ 1046.668724][T21853]  mapped:58830 shmem:7095 pagetables:6831 bounce:0
[ 1046.668724][T21853]  free:106972 free_pcp:62 free_cma:0
[ 1046.706909][T21853] Node 0 active_anon:674820kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123756kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1046.735727][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1046.764786][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1046.770063][T21853] Node 0 DMA32 free:43132kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:647980kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1046.801730][T21853] lowmem_reserve[]: 0 0 228 228
[ 1046.806759][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26840kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1046.838725][T21853] lowmem_reserve[]: 0 0 0 0
[ 1046.843499][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1046.855609][T21853] Node 0 DMA32: 919*4kB (ME) 470*8kB (M) 217*16kB (UM) 145*32kB (UM) 115*64kB (M) 60*128kB (M) 35*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 43132kB
[ 1046.872275][T21853] Node 0 Normal: 929*4kB (UMH) 386*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB
[ 1046.887878][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1046.897712][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1046.907309][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1046.917096][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1046.926624][T21853] 27060 total pagecache pages
[ 1046.931336][T21853] 0 pages in swap cache
[ 1046.935747][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1046.942114][T21853] Free swap  = 0kB
[ 1046.945862][T21853] Total swap = 0kB
[ 1046.949619][T21853] 1965979 pages RAM
[ 1046.953722][T21853] 0 pages HighMem/MovableOnly
[ 1046.958425][T21853] 1423249 pages reserved
[ 1046.962850][T21853] 0 pages cma reserved
[ 1046.966979][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24762,uid=0
[ 1046.982038][T21853] Out of memory: Killed process 24762 (syz-executor.3) total-vm:74980kB, anon-rss:2696kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1047.011119][ T1822] oom_reaper: reaped process 24762 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:16:59 executing program 4:
unshare(0x1e040600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:16:59 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:59 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:59 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:16:59 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$USBDEVFS_CLEAR_HALT(r1, 0x80045515, &(0x7f0000000040)={0x9})
unshare(0x400)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, 0x0}, 0x20)
getitimer(0x2, &(0x7f0000000000))

16:17:00 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:00 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:00 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:00 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
select(0x40, &(0x7f0000000000)={0x19d5, 0x1, 0x2, 0x1, 0x4, 0xa0e0, 0x8, 0x7f}, &(0x7f0000000040)={0x800, 0x4, 0x80000000, 0x81, 0x2, 0x3, 0x0, 0xfffffffffffffff8}, &(0x7f0000000080)={0x80000000, 0xffff, 0x4, 0x1, 0x0, 0x1d2, 0x1, 0xffffffffffffff7f}, &(0x7f00000000c0)={0x0, 0xea60})
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:01 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:01 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:01 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000000)=0x1)

16:17:01 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:01 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:01 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:02 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r0 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:02 executing program 4:
unshare(0x400)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x7, 0x7, 0x9, 0x80, 0xffffffffffffffff, 0x0, [], r2}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r3, 0x0}, 0x20)

[ 1050.432028][T26158] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:17:02 executing program 4:
unshare(0x58000d00)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:02 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:02 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r0 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:02 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:02 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:03 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
r4 = dup(r3)
sendfile(r3, r4, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:03 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x3, 0x9, 0x0, 0xffffffffffffffff, 0x1}, 0x65)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:03 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r0 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:03 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:04 executing program 4:
unshare(0x20000400)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00')
sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000180)={0x68, r4, 0x4, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_REG_ALPHA2={0x7, 0x21, 'aa\x00'}, @NL80211_ATTR_REG_RULES={0x3c, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x2}, @NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x7b}, @NL80211_ATTR_DFS_CAC_TIME={0x8, 0x7, 0x5}, @NL80211_ATTR_FREQ_RANGE_START={0x8}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x8}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x7f}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}]}, 0x68}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0xd, 0x5, 0x7, 0x3f, 0x2dc, r1}, 0x40)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)

16:17:04 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:04 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1052.463169][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1052.476012][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1052.484727][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1052.485767][T21853] Call Trace:
[ 1052.485767][T21853]  dump_stack+0x1c9/0x220
[ 1052.485767][T21853]  dump_header+0x1e7/0xd00
[ 1052.485767][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1052.485767][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1052.485767][T21853]  ? ___ratelimit+0x542/0x720
[ 1052.485767][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1052.485767][T21853]  oom_kill_process+0x216/0x580
[ 1052.485767][T21853]  out_of_memory+0x181e/0x1cc0
[ 1052.485767][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1052.485767][T21853]  alloc_pages_current+0x67d/0x990
[ 1052.485767][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1052.485767][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1052.485767][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1052.485767][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1052.485767][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1052.485767][T21853]  ? debug_shrink_set+0x220/0x220
[ 1052.485767][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1052.485767][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1052.485767][T21853]  do_syscall_64+0xb8/0x160
[ 1052.485767][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1052.485767][T21853] RIP: 0033:0x45cb29
[ 1052.485767][T21853] Code: Bad RIP value.
[ 1052.485767][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1052.485767][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1052.485767][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1052.485767][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1052.485767][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1052.485767][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1052.659984][T21853] Mem-Info:
[ 1052.663332][T21853] active_anon:185246 inactive_anon:6859 isolated_anon:0
[ 1052.663332][T21853]  active_file:5854 inactive_file:52025 isolated_file:0
[ 1052.663332][T21853]  unevictable:0 dirty:112 writeback:17 unstable:0
[ 1052.663332][T21853]  slab_reclaimable:5659 slab_unreclaimable:24947
[ 1052.663332][T21853]  mapped:59005 shmem:7095 pagetables:6896 bounce:0
[ 1052.663332][T21853]  free:107611 free_pcp:392 free_cma:0
[ 1052.701672][T21853] Node 0 active_anon:670796kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123772kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 497664kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1052.730300][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1052.759374][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1052.764803][T21853] Node 0 DMA32 free:43072kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:643988kB inactive_anon:4kB active_file:0kB inactive_file:408kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:1568kB local_pcp:1320kB free_cma:0kB
[ 1052.796668][T21853] lowmem_reserve[]: 0 0 228 228
[ 1052.801671][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:116kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1052.833440][T21853] lowmem_reserve[]: 0 0 0 0
[ 1052.838019][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1052.850129][T21853] Node 0 DMA32: 892*4kB (UME) 460*8kB (UM) 213*16kB (M) 141*32kB (M) 112*64kB (M) 58*128kB (UM) 34*256kB (UM) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 43072kB
[ 1052.866793][T21853] Node 0 Normal: 932*4kB (UMH) 387*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1052.882330][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1052.892099][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1052.901436][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1052.911250][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1052.920713][T21853] 27234 total pagecache pages
[ 1052.925536][T21853] 0 pages in swap cache
[ 1052.929734][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1052.935937][T21853] Free swap  = 0kB
[ 1052.939689][T21853] Total swap = 0kB
[ 1052.943583][T21853] 1965979 pages RAM
[ 1052.947413][T21853] 0 pages HighMem/MovableOnly
[ 1052.952272][T21853] 1423249 pages reserved
[ 1052.956544][T21853] 0 pages cma reserved
[ 1052.960649][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=25037,uid=0
[ 1052.975626][T21853] Out of memory: Killed process 25037 (syz-executor.3) total-vm:74980kB, anon-rss:2656kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:17:04 executing program 5:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
r4 = dup(r3)
sendfile(r3, r4, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:05 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
dup(r3)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1053.005258][ T1822] oom_reaper: reaped process 25037 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:05 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x50}}, 0x0)
ioctl$int_out(r1, 0x0, &(0x7f0000000000))
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:05 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1053.601575][T26209] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:17:05 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x480800, 0x0)
ioctl$VIDIOC_DBG_G_REGISTER(r1, 0xc0385650, &(0x7f0000000040)={{0x0, @addr=0x9}, 0x8, 0x5, 0x657f804f})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x400, 0x0, 0xffffffff, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, 0xf, 0x6, 0x3, 0x0, 0x0, {0xf, 0x0, 0x9}, [@IPSET_ATTR_INDEX={0x6, 0xb, 0x2}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x4}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x4}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x40)

16:17:06 executing program 5 (fault-call:1 fault-nth:0):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:06 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1054.253041][T26218] FAULT_INJECTION: forcing a failure.
[ 1054.253041][T26218] name failslab, interval 1, probability 0, space 0, times 0
[ 1054.266084][T26218] CPU: 0 PID: 26218 Comm: syz-executor.5 Not tainted 5.7.0-rc4-syzkaller #0
[ 1054.274805][T26218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1054.275819][T26218] Call Trace:
[ 1054.275819][T26218]  dump_stack+0x1c9/0x220
[ 1054.275819][T26218]  should_fail+0x8b7/0x9e0
[ 1054.275819][T26218]  __should_failslab+0x1f6/0x290
[ 1054.275819][T26218]  should_failslab+0x29/0x70
[ 1054.275819][T26218]  kmem_cache_alloc+0xd0/0xd70
[ 1054.275819][T26218]  ? mempool_alloc_slab+0x66/0xc0
[ 1054.275819][T26218]  ? kmsan_get_metadata+0x4f/0x180
[ 1054.275819][T26218]  ? __msan_poison_alloca+0xf0/0x120
[ 1054.275819][T26218]  mempool_alloc_slab+0x66/0xc0
[ 1054.275819][T26218]  mempool_alloc+0x11f/0x810
[ 1054.275819][T26218]  ? mempool_free+0x430/0x430
[ 1054.275819][T26218]  ? kmsan_get_metadata+0x4f/0x180
[ 1054.342141][T26218]  ? kmsan_get_metadata+0x11d/0x180
[ 1054.342141][T26218]  bio_alloc_bioset+0x346/0xc90
[ 1054.342141][T26218]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 1054.342141][T26218]  ? truncate_inode_pages_range+0x2444/0x24b0
[ 1054.342141][T26218]  ? kmsan_get_metadata+0x11d/0x180
[ 1054.342141][T26218]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1054.342141][T26218]  __blkdev_issue_zero_pages+0x2c3/0x9f0
[ 1054.342141][T26218]  blkdev_issue_zeroout+0x4b6/0x800
[ 1054.342141][T26218]  blkdev_common_ioctl+0x3486/0x3500
[ 1054.342141][T26218]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1054.342141][T26218]  blkdev_ioctl+0x8df/0xd90
[ 1054.342141][T26218]  block_ioctl+0x16e/0x1c0
[ 1054.342141][T26218]  ? blkdev_iopoll+0x190/0x190
[ 1054.342141][T26218]  __se_sys_ioctl+0x2e9/0x410
[ 1054.342141][T26218]  __x64_sys_ioctl+0x4a/0x70
[ 1054.342141][T26218]  do_syscall_64+0xb8/0x160
[ 1054.342141][T26218]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1054.342141][T26218] RIP: 0033:0x45cb29
[ 1054.342141][T26218] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1054.342141][T26218] RSP: 002b:00007f534dce8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1054.342141][T26218] RAX: ffffffffffffffda RBX: 00000000004e24e0 RCX: 000000000045cb29
[ 1054.342141][T26218] RDX: 0000000020000000 RSI: 000000000000127f RDI: 0000000000000003
[ 1054.342141][T26218] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1054.342141][T26218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
16:17:06 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

16:17:06 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1054.342141][T26218] R13: 0000000000000239 R14: 00000000004c4935 R15: 00007f534dce96d4
16:17:06 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:07 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:07 executing program 4:
unshare(0x400)
bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r1, 0x0}, 0xffffffffffffff63)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x10000, 0x0)
fadvise64(r2, 0xa4e9, 0xff, 0x3)

16:17:07 executing program 0:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:07 executing program 5:
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1055.264321][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1055.277043][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1055.285778][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1055.286920][T21853] Call Trace:
[ 1055.286920][T21853]  dump_stack+0x1c9/0x220
[ 1055.286920][T21853]  dump_header+0x1e7/0xd00
[ 1055.286920][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1055.286920][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1055.286920][T21853]  ? ___ratelimit+0x542/0x720
[ 1055.286920][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1055.286920][T21853]  oom_kill_process+0x216/0x580
[ 1055.286920][T21853]  out_of_memory+0x181e/0x1cc0
[ 1055.286920][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1055.286920][T21853]  alloc_pages_current+0x67d/0x990
[ 1055.286920][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1055.286920][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1055.286920][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1055.286920][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1055.286920][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1055.286920][T21853]  ? debug_shrink_set+0x220/0x220
[ 1055.286920][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1055.286920][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1055.286920][T21853]  do_syscall_64+0xb8/0x160
[ 1055.286920][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1055.286920][T21853] RIP: 0033:0x45cb29
[ 1055.286920][T21853] Code: Bad RIP value.
[ 1055.286920][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1055.286920][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1055.286920][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1055.286920][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1055.286920][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1055.286920][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1055.460888][T21853] Mem-Info:
[ 1055.464262][T21853] active_anon:183664 inactive_anon:6859 isolated_anon:0
[ 1055.464262][T21853]  active_file:5837 inactive_file:52499 isolated_file:0
[ 1055.464262][T21853]  unevictable:0 dirty:108 writeback:0 unstable:0
[ 1055.464262][T21853]  slab_reclaimable:5659 slab_unreclaimable:24956
[ 1055.464262][T21853]  mapped:59022 shmem:7095 pagetables:6814 bounce:0
[ 1055.464262][T21853]  free:108233 free_pcp:752 free_cma:0
[ 1055.502953][T21853] Node 0 active_anon:669048kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123776kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 495616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1055.531673][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1055.560811][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1055.566189][T21853] Node 0 DMA32 free:43324kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:642228kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1688kB free_cma:0kB
[ 1055.598151][T21853] lowmem_reserve[]: 0 0 228 228
[ 1055.603864][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:2048KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1055.635520][T21853] lowmem_reserve[]: 0 0 0 0
[ 1055.640207][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1055.652347][T21853] Node 0 DMA32: 893*4kB (ME) 461*8kB (UM) 214*16kB (M) 142*32kB (M) 113*64kB (M) 59*128kB (UM) 34*256kB (UM) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 43324kB
[ 1055.668876][T21853] Node 0 Normal: 932*4kB (UMH) 387*8kB (UMH) 92*16kB (UMH) 25*32kB (UMH) 5*64kB (UMH) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1055.684396][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1055.694139][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1055.703606][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1055.713344][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1055.722796][T21853] 27222 total pagecache pages
[ 1055.727506][T21853] 0 pages in swap cache
[ 1055.731702][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1055.737947][T21853] Free swap  = 0kB
[ 1055.741799][T21853] Total swap = 0kB
[ 1055.745639][T21853] 1965979 pages RAM
[ 1055.749479][T21853] 0 pages HighMem/MovableOnly
[ 1055.754343][T21853] 1423249 pages reserved
[ 1055.758652][T21853] 0 pages cma reserved
[ 1055.762903][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24746,uid=0
[ 1055.777910][T21853] Out of memory: Killed process 24746 (syz-executor.1) total-vm:74848kB, anon-rss:2576kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1055.823429][ T1822] oom_reaper: reaped process 24746 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:07 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
write$6lowpan_enable(r2, &(0x7f0000000040)='0', 0x1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:08 executing program 4:
unshare(0x400)
setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'system.', '\x00'}, &(0x7f0000000080)='%{}.-\xce\x00', 0x7, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb27"], 0x86)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, 0x0, 0x0)
bind$inet6(r2, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c)
listen(r2, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x5, 0x0, 0xc)
r3 = socket$key(0xf, 0x3, 0x2)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="6180b6df696ceae9ad8a890baada00b1715e1b2ab418a481762e5eaacbfa8e35496596f52b2cc6b1c3a28ced1cd3b8e06dfdb003a3189fb4ca444090381fe3b4bc2706c0fdca88d9520b882d8aab762b136ffe98f245c4831786"], 0x98}}, 0x0)
preadv(r3, &(0x7f00000017c0), 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x3}, 0xc)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:08 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:08 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1056.365840][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1056.379225][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1056.388118][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1056.388425][T21853] Call Trace:
[ 1056.388425][T21853]  dump_stack+0x1c9/0x220
[ 1056.388425][T21853]  dump_header+0x1e7/0xd00
[ 1056.388425][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1056.388425][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1056.388425][T21853]  ? ___ratelimit+0x542/0x720
[ 1056.388425][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1056.388425][T21853]  oom_kill_process+0x216/0x580
[ 1056.388425][T21853]  out_of_memory+0x181e/0x1cc0
[ 1056.388425][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1056.388425][T21853]  alloc_pages_current+0x67d/0x990
[ 1056.388425][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1056.388425][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1056.388425][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1056.388425][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1056.388425][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1056.388425][T21853]  ? debug_shrink_set+0x220/0x220
[ 1056.388425][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1056.388425][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1056.388425][T21853]  do_syscall_64+0xb8/0x160
[ 1056.388425][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1056.388425][T21853] RIP: 0033:0x45cb29
[ 1056.388425][T21853] Code: Bad RIP value.
[ 1056.388425][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1056.388425][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1056.388425][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1056.388425][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1056.388425][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1056.388425][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1056.565003][T21853] Mem-Info:
[ 1056.568269][T21853] active_anon:182854 inactive_anon:6859 isolated_anon:0
[ 1056.568269][T21853]  active_file:5837 inactive_file:52558 isolated_file:0
[ 1056.568269][T21853]  unevictable:0 dirty:114 writeback:0 unstable:0
[ 1056.568269][T21853]  slab_reclaimable:5659 slab_unreclaimable:24957
[ 1056.568269][T21853]  mapped:58930 shmem:7095 pagetables:6663 bounce:0
[ 1056.568269][T21853]  free:109116 free_pcp:752 free_cma:0
[ 1056.606750][T21853] Node 0 active_anon:669048kB inactive_anon:19164kB active_file:4kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123776kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 495616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1056.635414][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1056.664447][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1056.669808][T21853] Node 0 DMA32 free:43324kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:642228kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1688kB free_cma:0kB
[ 1056.701472][T21853] lowmem_reserve[]: 0 0 228 228
[ 1056.706532][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:88kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1056.737823][T21853] lowmem_reserve[]: 0 0 0 0
[ 1056.742491][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1056.754501][T21853] Node 0 DMA32: 893*4kB (ME) 461*8kB (UM) 214*16kB (M) 143*32kB (UM) 113*64kB (M) 59*128kB (UM) 34*256kB (UM) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 43356kB
[ 1056.771143][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1056.786208][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1056.795906][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1056.805333][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1056.815051][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1056.824478][T21853] 27277 total pagecache pages
[ 1056.829202][T21853] 0 pages in swap cache
[ 1056.833492][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1056.839589][T21853] Free swap  = 0kB
[ 1056.843442][T21853] Total swap = 0kB
[ 1056.847201][T21853] 1965979 pages RAM
[ 1056.851037][T21853] 0 pages HighMem/MovableOnly
[ 1056.855848][T21853] 1423249 pages reserved
[ 1056.860127][T21853] 0 pages cma reserved
[ 1056.864329][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=23877,uid=0
[ 1056.879230][T21853] Out of memory: Killed process 23877 (syz-executor.3) total-vm:74980kB, anon-rss:2320kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1056.941620][ T1822] oom_reaper: reaped process 23877 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1056.975486][    C0] sd 0:0:1:0: [sg0] tag#1405 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1056.986111][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB: Test Unit Ready
[ 1056.992858][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.002692][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.012534][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.022460][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.032308][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.042233][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.052043][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.061922][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.071667][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.081503][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.091359][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.101474][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.111456][    C0] sd 0:0:1:0: [sg0] tag#1405 CDB[c0]: 00 00 00 00 00 00 00 00
16:17:09 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1057.247703][    C0] sd 0:0:1:0: [sg0] tag#1344 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1057.258326][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB: Test Unit Ready
[ 1057.265108][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.274959][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.285153][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.294991][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.305026][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.314920][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.324774][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.334616][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.344459][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.354328][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.364169][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.374008][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1057.383834][    C0] sd 0:0:1:0: [sg0] tag#1344 CDB[c0]: 00 00 00 00 00 00 00 00
16:17:09 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:09 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0xb, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:09 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1057.885000][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1057.897757][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1057.906484][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1057.907573][T21853] Call Trace:
[ 1057.907573][T21853]  dump_stack+0x1c9/0x220
[ 1057.921978][T21853]  dump_header+0x1e7/0xd00
[ 1057.921978][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1057.921978][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1057.921978][T21853]  ? ___ratelimit+0x542/0x720
[ 1057.921978][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1057.921978][T21853]  oom_kill_process+0x216/0x580
[ 1057.921978][T21853]  out_of_memory+0x181e/0x1cc0
[ 1057.921978][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1057.921978][T21853]  alloc_pages_current+0x67d/0x990
[ 1057.921978][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1057.921978][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1057.921978][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1057.921978][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1057.921978][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1057.921978][T21853]  ? debug_shrink_set+0x220/0x220
[ 1057.921978][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1057.921978][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1057.921978][T21853]  do_syscall_64+0xb8/0x160
[ 1057.921978][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1057.921978][T21853] RIP: 0033:0x45cb29
[ 1057.921978][T21853] Code: Bad RIP value.
[ 1057.921978][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1057.921978][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1057.921978][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1057.921978][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1057.921978][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1057.921978][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1058.080892][T21853] Mem-Info:
[ 1058.084247][T21853] active_anon:182341 inactive_anon:6859 isolated_anon:0
[ 1058.084247][T21853]  active_file:5835 inactive_file:52498 isolated_file:0
[ 1058.084247][T21853]  unevictable:0 dirty:42 writeback:16 unstable:0
[ 1058.084247][T21853]  slab_reclaimable:5659 slab_unreclaimable:24958
[ 1058.084247][T21853]  mapped:58971 shmem:7095 pagetables:6731 bounce:0
[ 1058.084247][T21853]  free:109627 free_pcp:752 free_cma:0
[ 1058.122774][T21853] Node 0 active_anon:669048kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123776kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 495616kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1058.151354][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1058.180476][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1058.185861][T21853] Node 0 DMA32 free:42852kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:642228kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1688kB free_cma:0kB
[ 1058.217527][T21853] lowmem_reserve[]: 0 0 228 228
[ 1058.222594][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:120kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1058.254009][T21853] lowmem_reserve[]: 0 0 0 0
[ 1058.258595][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1058.270655][T21853] Node 0 DMA32: 893*4kB (ME) 460*8kB (M) 215*16kB (UM) 143*32kB (UM) 113*64kB (M) 59*128kB (UM) 34*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42852kB
[ 1058.287110][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1058.302210][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1058.311988][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1058.321338][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1058.331125][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1058.340572][T21853] 27234 total pagecache pages
[ 1058.345399][T21853] 0 pages in swap cache
[ 1058.349604][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1058.355832][T21853] Free swap  = 0kB
[ 1058.359589][T21853] Total swap = 0kB
[ 1058.363474][T21853] 1965979 pages RAM
[ 1058.367312][T21853] 0 pages HighMem/MovableOnly
[ 1058.372142][T21853] 1423249 pages reserved
[ 1058.376411][T21853] 0 pages cma reserved
16:17:10 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1058.380522][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=25235,uid=0
[ 1058.395559][T21853] Out of memory: Killed process 25235 (syz-executor.1) total-vm:74980kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1058.421067][ T1822] oom_reaper: reaped process 25235 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:10 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:10 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1058.975758][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1058.988495][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1058.997228][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1058.998381][T21853] Call Trace:
[ 1058.998381][T21853]  dump_stack+0x1c9/0x220
[ 1058.998381][T21853]  dump_header+0x1e7/0xd00
[ 1058.998381][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1058.998381][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1058.998381][T21853]  ? ___ratelimit+0x542/0x720
[ 1058.998381][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1058.998381][T21853]  oom_kill_process+0x216/0x580
[ 1058.998381][T21853]  out_of_memory+0x181e/0x1cc0
[ 1058.998381][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1058.998381][T21853]  alloc_pages_current+0x67d/0x990
[ 1058.998381][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1058.998381][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1058.998381][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1058.998381][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1058.998381][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1058.998381][T21853]  ? debug_shrink_set+0x220/0x220
[ 1058.998381][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1058.998381][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1058.998381][T21853]  do_syscall_64+0xb8/0x160
[ 1058.998381][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1058.998381][T21853] RIP: 0033:0x45cb29
[ 1058.998381][T21853] Code: Bad RIP value.
[ 1058.998381][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1058.998381][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1058.998381][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1058.998381][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1058.998381][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1058.998381][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1059.171179][T21853] Mem-Info:
[ 1059.174530][T21853] active_anon:181776 inactive_anon:6859 isolated_anon:0
[ 1059.174530][T21853]  active_file:5836 inactive_file:52519 isolated_file:0
[ 1059.174530][T21853]  unevictable:0 dirty:61 writeback:1 unstable:0
[ 1059.174530][T21853]  slab_reclaimable:5659 slab_unreclaimable:24958
[ 1059.174530][T21853]  mapped:58944 shmem:7095 pagetables:6707 bounce:0
[ 1059.174530][T21853]  free:109635 free_pcp:752 free_cma:0
[ 1059.212665][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123776kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1059.241325][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1059.270360][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1059.275751][T21853] Node 0 DMA32 free:42884kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1320kB free_cma:0kB
[ 1059.307444][T21853] lowmem_reserve[]: 0 0 228 228
[ 1059.312474][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1059.343902][T21853] lowmem_reserve[]: 0 0 0 0
[ 1059.348490][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1059.360661][T21853] Node 0 DMA32: 893*4kB (ME) 460*8kB (M) 215*16kB (UM) 142*32kB (M) 114*64kB (UM) 59*128kB (UM) 34*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42884kB
[ 1059.377046][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1059.392208][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1059.401964][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1059.411310][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1059.421082][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1059.430604][T21853] 27275 total pagecache pages
[ 1059.435514][T21853] 0 pages in swap cache
[ 1059.439713][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1059.445967][T21853] Free swap  = 0kB
[ 1059.449717][T21853] Total swap = 0kB
[ 1059.453612][T21853] 1965979 pages RAM
[ 1059.457450][T21853] 0 pages HighMem/MovableOnly
[ 1059.462316][T21853] 1423249 pages reserved
[ 1059.466588][T21853] 0 pages cma reserved
16:17:11 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:11 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r2, 0xc0a85322, &(0x7f0000000000))
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:11 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1059.470699][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=23921,uid=0
[ 1059.485779][T21853] Out of memory: Killed process 23921 (syz-executor.3) total-vm:75112kB, anon-rss:2128kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1059.536732][ T1822] oom_reaper: reaped process 23921 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:11 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:11 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:12 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:12 executing program 4:
unshare(0x400)
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000000))
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x82400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, r0, 0x400000}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r1, 0x0}, 0x20)

16:17:12 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:12 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:12 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1060.861651][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1060.875098][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1060.883822][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1060.884229][T21853] Call Trace:
[ 1060.884229][T21853]  dump_stack+0x1c9/0x220
[ 1060.884229][T21853]  dump_header+0x1e7/0xd00
[ 1060.884229][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1060.884229][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1060.884229][T21853]  ? ___ratelimit+0x542/0x720
[ 1060.884229][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1060.884229][T21853]  oom_kill_process+0x216/0x580
[ 1060.884229][T21853]  out_of_memory+0x181e/0x1cc0
[ 1060.884229][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1060.884229][T21853]  alloc_pages_current+0x67d/0x990
[ 1060.884229][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1060.884229][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1060.884229][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1060.884229][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1060.884229][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1060.884229][T21853]  ? debug_shrink_set+0x220/0x220
[ 1060.884229][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1060.884229][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1060.884229][T21853]  do_syscall_64+0xb8/0x160
[ 1060.884229][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1060.884229][T21853] RIP: 0033:0x45cb29
[ 1060.884229][T21853] Code: Bad RIP value.
[ 1060.884229][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1060.884229][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1060.884229][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1060.884229][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1060.884229][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1060.884229][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1061.057801][T21853] Mem-Info:
[ 1061.061064][T21853] active_anon:181224 inactive_anon:6859 isolated_anon:0
[ 1061.061064][T21853]  active_file:5835 inactive_file:52649 isolated_file:0
[ 1061.061064][T21853]  unevictable:0 dirty:53 writeback:0 unstable:0
[ 1061.061064][T21853]  slab_reclaimable:5659 slab_unreclaimable:24960
[ 1061.061064][T21853]  mapped:58951 shmem:7095 pagetables:6653 bounce:0
[ 1061.061064][T21853]  free:110210 free_pcp:752 free_cma:0
[ 1061.099187][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123784kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1061.127825][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1061.156826][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1061.162187][T21853] Node 0 DMA32 free:42916kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1688kB free_cma:0kB
[ 1061.193895][T21853] lowmem_reserve[]: 0 0 228 228
[ 1061.198814][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1061.230226][T21853] lowmem_reserve[]: 0 0 0 0
[ 1061.234902][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1061.246916][T21853] Node 0 DMA32: 893*4kB (ME) 460*8kB (M) 215*16kB (UM) 143*32kB (UM) 114*64kB (UM) 59*128kB (UM) 34*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42916kB
[ 1061.263364][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1061.278420][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1061.288115][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1061.297538][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1061.307220][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1061.316634][T21853] 27306 total pagecache pages
[ 1061.321351][T21853] 0 pages in swap cache
[ 1061.325640][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1061.331735][T21853] Free swap  = 0kB
[ 1061.335602][T21853] Total swap = 0kB
[ 1061.339359][T21853] 1965979 pages RAM
[ 1061.343281][T21853] 0 pages HighMem/MovableOnly
[ 1061.347989][T21853] 1423249 pages reserved
[ 1061.352357][T21853] 0 pages cma reserved
[ 1061.356473][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24440,uid=0
[ 1061.371392][T21853] Out of memory: Killed process 24440 (syz-executor.3) total-vm:74980kB, anon-rss:2124kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1061.398865][ T1822] oom_reaper: reaped process 24440 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:13 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:13 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0xb7)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000080)={0x990000, 0x6, 0xf4, <r4=>r2, 0x0, &(0x7f0000000000)={0x980915, 0x3, [], @ptr=0x7fff}})
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r4, 0x4112, 0x0)
unshare(0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x9, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, r4, 0x2, 0x5}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
r8 = openat(r7, &(0x7f0000000040)='./file0\x00', 0x200000, 0x100)
setsockopt$TIPC_CONN_TIMEOUT(r8, 0x10f, 0x82, &(0x7f0000000100)=0x4, 0x4)

16:17:13 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 4:
unshare(0x400)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
syz_open_dev$sndmidi(&(0x7f0000000000)='/dev/snd/midiC#D#\x00', 0x3, 0x121000)

16:17:14 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:14 executing program 4:
unshare(0x4020800)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
mprotect(&(0x7f0000ff4000/0xa000)=nil, 0xa000, 0x4)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:14 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:15 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:15 executing program 4:
unshare(0x400)
syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x3, 0x80100)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

16:17:15 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:15 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:15 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:15 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
setsockopt$inet6_tcp_buf(r1, 0x6, 0x1c, &(0x7f0000000000)="9ea33090e1b5c32ccd198673c9191a799f6dbf42b8bc2f8d85e4fbfb9a3939b07265bd3bb2c23f923333a90316a6d5b8ea664a5e7badf4882595e19ef9ef1537c461231ef1937ea21761581590c4711763c5fe5144c081ef625efc6d9c67569887488d45aa773c10ae82ed29bc6908b001d198ed", 0x74)

16:17:15 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:16 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:16 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:16 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:16 executing program 4:
unshare(0x400)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000050700000000000000fbffffff00", @ANYRES32=0x0, @ANYBLOB="65350600050000000a000200aaaaaaaaaaaa00000a000500040000000000000008000a00", @ANYRES32=r2, @ANYBLOB], 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x80d, 0x21, 0xffffffffffffffff, 0x0, [], r2, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r3, 0x0}, 0x20)

16:17:16 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="61350600050000000800a81a6f3d00000a0005004d1de7d582020000080058db31e1deae38a1e03da6d653c7a975666594c8694a5a726aaf63ddce7054e55340e635c67756a4acb24698ac8cfe1d2c6cd063fb01cf1f7ca421c67608a241ca5bc488ef00d6af09c9bca9b7865b68062d218e3e3659838e284652d525a1f677b1d8274b37402bc458771faca656db6c0c55e0116ad1ab5af8d6529aab3fc6488bb315acc03cd33e6d143d451ba24eb3eff40000000000000000f5fd2ad8144604c022347d5085aa199840b7c34dd7072d", @ANYRES32=r1, @ANYBLOB], 0x3c}}, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000240)=0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @dev={[], 0x2e}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x50}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r7, &(0x7f00000000c0)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x50}}, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000600)={&(0x7f0000000b80)=ANY=[@ANYBLOB="80030000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fbdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="6401028064000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000034000400ff0f0302c609000007000285030000004a004048010000800010071f1ecfffff04000909080000000e000009001000003400010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400f4000000080007000000000040000100b7fd01006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004004ff8ffff08000600", @ANYRES32=0x0, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="4bec0e000000000008000100b5ccec4dbde92bbc7c2dceb087fa43ab7de81db07ebccc6b0dda2583e511e697167a35f2504c9b1a886ffbb2f0d780713fac767e95b8030e6238e8345730", @ANYRES32=0x0, @ANYBLOB="7800028038000100000001006e6f746966795f70656572735f696e74657276616c0000000000000000000000000003000300000000000400400000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYRES32, @ANYRES32, @ANYBLOB="7801028044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004000000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000100000008000600", @ANYRES32=r2, @ANYRESOCT, @ANYRES32=r5, @ANYBLOB="40000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400ffffffff08000600", @ANYRES32=r8, @ANYBLOB], 0x380}, 0x1, 0x0, 0x0, 0x24000800}, 0x20004000)

16:17:16 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1064.868299][T26380] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
16:17:16 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1065.115926][T26387] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
16:17:17 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:17 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:17 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9, 0xa1}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

[ 1065.478246][T26387] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
[ 1065.611533][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1065.624985][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1065.633709][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1065.634120][T21853] Call Trace:
[ 1065.634120][T21853]  dump_stack+0x1c9/0x220
[ 1065.634120][T21853]  dump_header+0x1e7/0xd00
[ 1065.634120][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1065.634120][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1065.634120][T21853]  ? ___ratelimit+0x542/0x720
[ 1065.634120][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1065.634120][T21853]  oom_kill_process+0x216/0x580
[ 1065.634120][T21853]  out_of_memory+0x181e/0x1cc0
[ 1065.634120][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1065.634120][T21853]  alloc_pages_current+0x67d/0x990
[ 1065.634120][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1065.634120][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1065.634120][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1065.634120][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1065.634120][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1065.634120][T21853]  ? debug_shrink_set+0x220/0x220
[ 1065.634120][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1065.634120][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1065.634120][T21853]  do_syscall_64+0xb8/0x160
[ 1065.634120][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1065.634120][T21853] RIP: 0033:0x45cb29
[ 1065.634120][T21853] Code: Bad RIP value.
[ 1065.634120][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1065.634120][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1065.634120][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1065.634120][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1065.634120][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1065.634120][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1065.807654][T21853] Mem-Info:
[ 1065.810905][T21853] active_anon:180739 inactive_anon:6859 isolated_anon:0
[ 1065.810905][T21853]  active_file:5836 inactive_file:52617 isolated_file:0
[ 1065.810905][T21853]  unevictable:0 dirty:80 writeback:0 unstable:0
[ 1065.810905][T21853]  slab_reclaimable:5660 slab_unreclaimable:24936
[ 1065.810905][T21853]  mapped:58981 shmem:7095 pagetables:6659 bounce:0
[ 1065.810905][T21853]  free:110749 free_pcp:752 free_cma:0
[ 1065.849168][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123788kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1065.877907][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1065.906994][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1065.912407][T21853] Node 0 DMA32 free:42916kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1320kB free_cma:0kB
[ 1065.944251][T21853] lowmem_reserve[]: 0 0 228 228
[ 1065.949176][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1065.980722][T21853] lowmem_reserve[]: 0 0 0 0
[ 1065.985463][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1065.997567][T21853] Node 0 DMA32: 893*4kB (ME) 460*8kB (M) 215*16kB (UM) 143*32kB (UM) 114*64kB (UM) 59*128kB (UM) 34*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42916kB
[ 1066.014130][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1066.029275][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1066.039042][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1066.048578][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1066.058377][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1066.067934][T21853] 27321 total pagecache pages
[ 1066.072819][T21853] 0 pages in swap cache
[ 1066.077026][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1066.083304][T21853] Free swap  = 0kB
[ 1066.087055][T21853] Total swap = 0kB
[ 1066.090806][T21853] 1965979 pages RAM
[ 1066.094752][T21853] 0 pages HighMem/MovableOnly
[ 1066.099462][T21853] 1423249 pages reserved
[ 1066.103829][T21853] 0 pages cma reserved
16:17:18 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x12301, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000080))

[ 1066.107934][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=24959,uid=0
[ 1066.122855][T21853] Out of memory: Killed process 24959 (syz-executor.3) total-vm:74980kB, anon-rss:2120kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
16:17:18 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:18 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:18 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:18 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
getsockname$packet(r3, 0x0, &(0x7f0000000140))
ioctl$KVM_S390_UCAS_MAP(r3, 0x4018ae50, &(0x7f00000000c0)={0x6, 0x10000, 0x40})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f0000000080)={0x8, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}]})
unshare(0x400)
syz_genetlink_get_family_id$batadv(&(0x7f0000000100)='batadv\x00')
openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40000, 0x0)
sysfs$3(0x3)
ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f00000001c0))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, 0x0}, 0x20)

16:17:18 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:19 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:19 executing program 4:
unshare(0x400)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x0)

16:17:19 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:19 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:19 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x14c03, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:19 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0xb7)
ioctl$VIDIOC_TRY_EXT_CTRLS(r1, 0xc0205649, &(0x7f0000000080)={0x990000, 0x6, 0xf4, <r4=>r2, 0x0, &(0x7f0000000000)={0x980915, 0x3, [], @ptr=0x7fff}})
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r4, 0x4112, 0x0)
unshare(0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x9, 0x4, 0x9, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, r4, 0x2, 0x5}, 0x40)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r5, 0x0}, 0x20)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r7 = dup(r6)
ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200)
r8 = openat(r7, &(0x7f0000000040)='./file0\x00', 0x200000, 0x100)
setsockopt$TIPC_CONN_TIMEOUT(r8, 0x10f, 0x82, &(0x7f0000000100)=0x4, 0x4)

16:17:19 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:19 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:19 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f0000000080)={"5c6c9fb04161e5b07a22cdbe7b39ee8227e5236d836617352fd4b79072c5f8b2d9aaeffafb1fb57ea291a4f79a5585c69b0a0233e23955c643c61efa25e60f0d2976fd96151d9d7b92279e296656a481cd3399c0dc705b476aa7e00d3c4b24d55ae7990101cf6679c1cc91db969635bac494cacd07b29040dc12b658e8ca4a9cf28e098eead10aa494fb3be820b1b77224890ff5a0ec15781a0b593e1b05a0d12e6588af7a28ded5efe5757121d1e1fc0c35395fdf427267227e228a4b2d56f97dc6d31b72364579cd38194532f5eb91e59caa478086a36f984ac5333ca0daf632f355c18a1c1a3fff1214b53c5cb89005a2b859297415c07173a40260c63413104e17124f64ecf71f1b11922617bf64f7643ebe07308b4570fd6db9cd2533775e1205d4eb98295f535e209ef8538f98c948cd337691f1095c0755d0ad853f420f834b0e7586b630d77e262da25082bd2db533c7767b229b2dbce68a5bdd86d774a3be27810489a3eb1c4e3cd60be9e875fd6e0bb1714eb560c798dfb8575d1ee9857ca471c65b773ae8d91cf6669f542e86ace21834b48926e1d89e47192872ce3b2d28bbccd9da4ef75ce6448e36f3d55e3710724279c2f3311ea1a8019a1afa44527b1f5b5c80e97727001160d55f70db644edb8677476f6cc45c49c9c0eb55e82279098e2cd6c0959e8f40ac4433e1b153ab2eecb7c9bb784bcb99cf656116cbc29103bd9a096d208affe22cb1f23609673f9d2f4368fee897fca64f8b4f0bf8cb7702c03da60aae202ff4dafefd96f0e58ac6f0e8a9031d922366de7ffb064b5a8bfe40575f51e614a05aecf9bc3f6b13bfeeddab0983a3c233fb507adf2acc6574285c2c9dbdfb7a61c44960aebd9811418e9839b878a3adc101cfbec29264f86a2a66f0f04604be33353e1ef829ecb95fddc78c9e3e59e3ff020574c9cb2c1dc2ffb5b047b0c50b3ff4ec9bf6a568fc0998161344812f059931696491db6f6038e0d9bb3a8f850cb537ddbc5eaec512592eb09c38939fcf0fcb5cfdc8ed79694e20e62a0b43ab54e40d003be47564dec3661e0747e219d3ba95e07e73986960ced40dc1a7af31ea6d9d7bcc72964f2aa2d47624bd888fabd62d38262fb90a24d975e2a910a0182dcaf292e071ebb53f4cfda52fd6f0cfe15dcfcfd130f1ebb26fa6e130e8bc18d3cf801f6f849ebea583001400c9d3f5e875668f00090b567d6323dbd4cb259436e94abbb47243688b6ca5b3a29c9a2ab44787f7c1bfc0c26cfddab7f78c179841a5159067880b5f986ffb1c6f4df89bd56bb875802e7c74fa2fe593f7641c6486865084c3a17efff3943e2151de039750661d7bc30f9a648f7d0e21baff61d06bdca41a51d98e4a7a11aa2e8e1c012865c40d95fba6e32b69831f8927d7216dbbc6766bb12b4e9a5b8183d56f51ed1c499cfe36730a"})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:20 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:20 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:20 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:20 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:20 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x28802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:20 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1068.883312][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1068.896010][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1068.904724][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1068.905889][T21853] Call Trace:
[ 1068.905889][T21853]  dump_stack+0x1c9/0x220
[ 1068.905889][T21853]  dump_header+0x1e7/0xd00
[ 1068.905889][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1068.905889][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1068.905889][T21853]  ? ___ratelimit+0x542/0x720
[ 1068.905889][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1068.905889][T21853]  oom_kill_process+0x216/0x580
[ 1068.905889][T21853]  out_of_memory+0x181e/0x1cc0
[ 1068.957614][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1068.957614][T21853]  alloc_pages_current+0x67d/0x990
[ 1068.957614][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1068.957614][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1068.957614][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1068.957614][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1068.957614][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1068.957614][T21853]  ? debug_shrink_set+0x220/0x220
[ 1068.957614][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1068.957614][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1068.957614][T21853]  do_syscall_64+0xb8/0x160
[ 1068.957614][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1068.957614][T21853] RIP: 0033:0x45cb29
[ 1068.957614][T21853] Code: Bad RIP value.
[ 1068.957614][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1068.957614][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1068.957614][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1068.957614][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1068.957614][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1068.957614][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1069.079317][T21853] Mem-Info:
[ 1069.082738][T21853] active_anon:180304 inactive_anon:6859 isolated_anon:0
[ 1069.082738][T21853]  active_file:5835 inactive_file:52537 isolated_file:0
[ 1069.082738][T21853]  unevictable:0 dirty:71 writeback:0 unstable:0
[ 1069.082738][T21853]  slab_reclaimable:5661 slab_unreclaimable:24928
[ 1069.082738][T21853]  mapped:59063 shmem:7095 pagetables:6637 bounce:0
[ 1069.082738][T21853]  free:111151 free_pcp:752 free_cma:0
[ 1069.120844][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1069.149523][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1069.178528][T21853] lowmem_reserve[]: 0 996 1224 1224
16:17:20 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:21 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1069.183909][T21853] Node 0 DMA32 free:42916kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:3008kB local_pcp:1688kB free_cma:0kB
[ 1069.215589][T21853] lowmem_reserve[]: 0 0 228 228
16:17:21 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1069.220506][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1069.252099][T21853] lowmem_reserve[]: 0 0 0 0
[ 1069.256675][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1069.268809][T21853] Node 0 DMA32: 893*4kB (ME) 460*8kB (M) 215*16kB (UM) 143*32kB (UM) 114*64kB (UM) 59*128kB (UM) 34*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 42916kB
[ 1069.285290][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1069.300655][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1069.310425][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1069.319981][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1069.329724][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1069.339201][T21853] 27191 total pagecache pages
[ 1069.344071][T21853] 0 pages in swap cache
[ 1069.348265][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1069.354498][T21853] Free swap  = 0kB
[ 1069.358269][T21853] Total swap = 0kB
[ 1069.362157][T21853] 1965979 pages RAM
[ 1069.365994][T21853] 0 pages HighMem/MovableOnly
[ 1069.370697][T21853] 1423249 pages reserved
[ 1069.375130][T21853] 0 pages cma reserved
[ 1069.379241][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=23773,uid=0
[ 1069.394246][T21853] Out of memory: Killed process 23773 (syz-executor.3) total-vm:74980kB, anon-rss:2104kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
[ 1069.420221][ T1822] oom_reaper: reaped process 23773 (syz-executor.3), now anon-rss:0kB, file-rss:34624kB, shmem-rss:0kB
16:17:21 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:21 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x1)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
getsockname$packet(r3, 0x0, &(0x7f0000000140))
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000100)={r1, r3})
r4 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x50}}, 0x0)
fsetxattr$security_evm(r1, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000080)=@sha1={0x1, "94f776fb52c54fcbe9810ff536ae266c6e842517"}, 0x15, 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getsockname$packet(r7, 0x0, &(0x7f0000000140))
ioctl$SOUND_MIXER_READ_VOLUME(r7, 0x9, &(0x7f00000000c0))

16:17:22 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:22 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:22 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:22 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:17:22 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1071.038595][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1071.051390][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1071.060113][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1071.061211][T21853] Call Trace:
[ 1071.061211][T21853]  dump_stack+0x1c9/0x220
[ 1071.061211][T21853]  dump_header+0x1e7/0xd00
[ 1071.061211][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1071.087114][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1071.087114][T21853]  ? ___ratelimit+0x542/0x720
[ 1071.087114][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1071.087114][T21853]  oom_kill_process+0x216/0x580
[ 1071.087114][T21853]  out_of_memory+0x181e/0x1cc0
[ 1071.087114][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1071.087114][T21853]  alloc_pages_current+0x67d/0x990
[ 1071.087114][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1071.087114][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1071.087114][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1071.087114][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1071.087114][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1071.087114][T21853]  ? debug_shrink_set+0x220/0x220
[ 1071.087114][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1071.087114][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1071.087114][T21853]  do_syscall_64+0xb8/0x160
[ 1071.087114][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1071.087114][T21853] RIP: 0033:0x45cb29
[ 1071.087114][T21853] Code: Bad RIP value.
[ 1071.087114][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1071.087114][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1071.087114][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1071.087114][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1071.087114][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1071.087114][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1071.234882][T21853] Mem-Info:
[ 1071.238197][T21853] active_anon:179711 inactive_anon:6859 isolated_anon:0
[ 1071.238197][T21853]  active_file:5836 inactive_file:52529 isolated_file:0
[ 1071.238197][T21853]  unevictable:0 dirty:78 writeback:0 unstable:0
[ 1071.238197][T21853]  slab_reclaimable:5661 slab_unreclaimable:24928
[ 1071.238197][T21853]  mapped:58997 shmem:7095 pagetables:6615 bounce:0
[ 1071.238197][T21853]  free:112127 free_pcp:62 free_cma:0
[ 1071.276465][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1071.305068][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1071.334103][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1071.339392][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1071.370886][T21853] lowmem_reserve[]: 0 0 228 228
[ 1071.375932][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:116kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1071.407410][T21853] lowmem_reserve[]: 0 0 0 0
[ 1071.412228][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1071.424309][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1071.440899][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1071.456037][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1071.465810][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1071.475346][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1071.485119][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1071.494621][T21853] 27284 total pagecache pages
[ 1071.499351][T21853] 0 pages in swap cache
[ 1071.503715][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1071.509831][T21853] Free swap  = 0kB
[ 1071.513891][T21853] Total swap = 0kB
[ 1071.517907][T21853] 1965979 pages RAM
[ 1071.521744][T21853] 0 pages HighMem/MovableOnly
[ 1071.526637][T21853] 1423249 pages reserved
[ 1071.530909][T21853] 0 pages cma reserved
[ 1071.535192][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=23879,uid=0
[ 1071.550732][T21853] Out of memory: Killed process 23879 (syz-executor.2) total-vm:74980kB, anon-rss:1992kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
16:17:23 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:23 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x544aa1db623a9459, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:23 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, 0x0)
r1 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1071.580402][ T1822] oom_reaper: reaped process 23879 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1071.662239][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1071.675248][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1071.683970][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1071.684833][T21853] Call Trace:
[ 1071.684833][T21853]  dump_stack+0x1c9/0x220
[ 1071.684833][T21853]  dump_header+0x1e7/0xd00
[ 1071.684833][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1071.684833][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1071.684833][T21853]  ? ___ratelimit+0x542/0x720
[ 1071.684833][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1071.684833][T21853]  oom_kill_process+0x216/0x580
[ 1071.684833][T21853]  out_of_memory+0x181e/0x1cc0
[ 1071.684833][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1071.684833][T21853]  alloc_pages_current+0x67d/0x990
[ 1071.684833][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1071.684833][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1071.684833][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1071.684833][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1071.684833][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1071.684833][T21853]  ? debug_shrink_set+0x220/0x220
[ 1071.684833][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1071.684833][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1071.684833][T21853]  do_syscall_64+0xb8/0x160
[ 1071.684833][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1071.684833][T21853] RIP: 0033:0x45cb29
[ 1071.684833][T21853] Code: Bad RIP value.
[ 1071.684833][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1071.684833][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1071.684833][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1071.684833][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1071.684833][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1071.684833][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1071.858441][T21853] Mem-Info:
[ 1071.861699][T21853] active_anon:179235 inactive_anon:6859 isolated_anon:0
[ 1071.861699][T21853]  active_file:5836 inactive_file:52631 isolated_file:0
[ 1071.861699][T21853]  unevictable:0 dirty:95 writeback:0 unstable:0
[ 1071.861699][T21853]  slab_reclaimable:5661 slab_unreclaimable:24928
[ 1071.861699][T21853]  mapped:59048 shmem:7095 pagetables:6540 bounce:0
[ 1071.861699][T21853]  free:112239 free_pcp:62 free_cma:0
[ 1071.899976][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1071.928708][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1071.957815][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1071.963219][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1071.995457][T21853] lowmem_reserve[]: 0 0 228 228
[ 1072.000389][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:116kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1072.031924][T21853] lowmem_reserve[]: 0 0 0 0
[ 1072.036503][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1072.048590][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1072.065306][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1072.080421][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1072.090196][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1072.099698][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1072.109472][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1072.119019][T21853] 27291 total pagecache pages
[ 1072.123910][T21853] 0 pages in swap cache
[ 1072.128112][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1072.134387][T21853] Free swap  = 0kB
[ 1072.138140][T21853] Total swap = 0kB
[ 1072.142117][T21853] 1965979 pages RAM
[ 1072.145952][T21853] 0 pages HighMem/MovableOnly
[ 1072.150658][T21853] 1423249 pages reserved
[ 1072.155259][T21853] 0 pages cma reserved
16:17:24 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:24 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:24 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1072.159364][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24480,uid=0
[ 1072.174395][T21853] Out of memory: Killed process 24480 (syz-executor.1) total-vm:74980kB, anon-rss:1864kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1072.208015][ T1822] oom_reaper: reaped process 24480 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:24 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
r4 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000180)=0x9)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$AUDIT_TRIM(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x10, 0x3f6, 0x2, 0x70bd2b, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000010}, 0xd1)

[ 1073.115105][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1073.127840][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1073.136555][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1073.137675][T21853] Call Trace:
[ 1073.137675][T21853]  dump_stack+0x1c9/0x220
[ 1073.137675][T21853]  dump_header+0x1e7/0xd00
[ 1073.137675][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1073.137675][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1073.170530][T21853]  ? ___ratelimit+0x542/0x720
[ 1073.172072][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1073.172072][T21853]  oom_kill_process+0x216/0x580
[ 1073.172072][T21853]  out_of_memory+0x181e/0x1cc0
[ 1073.172072][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1073.172072][T21853]  alloc_pages_current+0x67d/0x990
[ 1073.172072][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1073.172072][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1073.210234][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1073.210234][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1073.210234][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1073.210234][T21853]  ? debug_shrink_set+0x220/0x220
[ 1073.210234][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1073.210234][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1073.210234][T21853]  do_syscall_64+0xb8/0x160
[ 1073.210234][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1073.210234][T21853] RIP: 0033:0x45cb29
[ 1073.210234][T21853] Code: Bad RIP value.
[ 1073.210234][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1073.210234][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1073.210234][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1073.210234][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1073.210234][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1073.210234][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1073.311143][T21853] Mem-Info:
[ 1073.314489][T21853] active_anon:178763 inactive_anon:6859 isolated_anon:0
[ 1073.314489][T21853]  active_file:5836 inactive_file:52637 isolated_file:0
[ 1073.314489][T21853]  unevictable:0 dirty:109 writeback:0 unstable:0
[ 1073.314489][T21853]  slab_reclaimable:5661 slab_unreclaimable:24931
[ 1073.314489][T21853]  mapped:58990 shmem:7095 pagetables:6556 bounce:0
[ 1073.314489][T21853]  free:112702 free_pcp:62 free_cma:0
16:17:25 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1073.352637][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1073.382001][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1073.411191][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1073.416612][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1073.448184][T21853] lowmem_reserve[]: 0 0 228 228
16:17:25 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1073.453276][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1073.484715][T21853] lowmem_reserve[]: 0 0 0 0
[ 1073.489297][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1073.501430][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1073.518026][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1073.533165][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1073.542908][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1073.552395][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:17:25 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1073.562167][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1073.571481][T21853] 27308 total pagecache pages
[ 1073.576338][T21853] 0 pages in swap cache
[ 1073.580541][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1073.586788][T21853] Free swap  = 0kB
[ 1073.590544][T21853] Total swap = 0kB
[ 1073.594381][T21853] 1965979 pages RAM
[ 1073.598219][T21853] 0 pages HighMem/MovableOnly
[ 1073.603115][T21853] 1423249 pages reserved
[ 1073.607386][T21853] 0 pages cma reserved
[ 1073.611496][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=25181,uid=0
[ 1073.626405][T21853] Out of memory: Killed process 25181 (syz-executor.3) total-vm:74980kB, anon-rss:1768kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000
16:17:25 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:25 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1073.664419][ T1822] oom_reaper: reaped process 25181 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:25 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00')
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x20, r2, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_SCAN_SUPP_RATES={0xc, 0x11d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_5GHZ={0x5}]}]}, 0x20}}, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000080)={@mcast1, <r3=>0x0}, &(0x7f00000000c0)=0x14)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r5, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r5, &(0x7f0000000280)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000840)=ANY=[@ANYBLOB="500000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="65350600050000001c0012800c0001006d6163766c616e000c00028008000100080000000a000500040000000000000008000a00", @ANYRES32=r6, @ANYBLOB="6613c35d3baf75e763af62888b0b45cec0d7d3c5746c2697b22874afcd545664cf8e5302c442b833a67deaf7ee8126fed3d0078fa59ddaf571182929aacedef8bfaf992bb4fddad2e2788cfb0818fe9ec4a6e1475aa42e738dd9c887d178af9981fbb90a8d3f446f86b4ed4fc2f40e244ae95b617b99b68d10dc46d087d73f9553b48b745c10922085b1f03675e76c9b9421425ea7dab6befd66cd06ecc65af2159ef3102a31fd459ca82024ed6ee16bec21ca20b127b88297f64838df08cce27b7fb6adade4359c430625f5d35b5e974030c1c3f426b255c68a51b5665c416d4e2600f7"], 0x50}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r8, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r8, &(0x7f0000000280)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x50}}, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@initdev, @in6=@ipv4={[], [], @initdev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in=@dev}, 0x0, @in6=@dev}}, &(0x7f0000000340)=0x4a)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, r2, 0x8, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HT_OPMODE={0x6, 0x16, 0x13}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x6}]}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x40004)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1074.342313][T26535] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
[ 1074.347596][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1074.363250][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1074.371966][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1074.373070][T21853] Call Trace:
[ 1074.384342][T21853]  dump_stack+0x1c9/0x220
[ 1074.384342][T21853]  dump_header+0x1e7/0xd00
[ 1074.393941][T26535] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
[ 1074.384342][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1074.384342][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1074.384342][T21853]  ? ___ratelimit+0x542/0x720
[ 1074.384342][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1074.384342][T21853]  oom_kill_process+0x216/0x580
[ 1074.384342][T21853]  out_of_memory+0x181e/0x1cc0
[ 1074.384342][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1074.384342][T21853]  alloc_pages_current+0x67d/0x990
[ 1074.384342][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1074.384342][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1074.384342][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1074.384342][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1074.384342][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1074.384342][T21853]  ? debug_shrink_set+0x220/0x220
[ 1074.384342][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1074.384342][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1074.384342][T21853]  do_syscall_64+0xb8/0x160
[ 1074.384342][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1074.384342][T21853] RIP: 0033:0x45cb29
[ 1074.384342][T21853] Code: Bad RIP value.
[ 1074.384342][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1074.384342][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1074.384342][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1074.384342][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1074.384342][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1074.384342][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1074.554503][T21853] Mem-Info:
[ 1074.557767][T21853] active_anon:178503 inactive_anon:6859 isolated_anon:0
[ 1074.557767][T21853]  active_file:5835 inactive_file:52580 isolated_file:0
[ 1074.557767][T21853]  unevictable:0 dirty:100 writeback:17 unstable:0
[ 1074.557767][T21853]  slab_reclaimable:5661 slab_unreclaimable:24931
[ 1074.557767][T21853]  mapped:59110 shmem:7095 pagetables:6608 bounce:0
[ 1074.557767][T21853]  free:113143 free_pcp:62 free_cma:0
[ 1074.596021][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1074.624765][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1074.653821][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1074.659090][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1074.690466][T21853] lowmem_reserve[]: 0 0 228 228
[ 1074.695586][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1074.727739][T21853] lowmem_reserve[]: 0 0 0 0
[ 1074.732456][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1074.744489][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1074.761061][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1074.776355][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1074.786095][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1074.796898][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1074.806636][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1074.816110][T21853] 27293 total pagecache pages
[ 1074.820820][T21853] 0 pages in swap cache
[ 1074.825161][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1074.831269][T21853] Free swap  = 0kB
[ 1074.835217][T21853] Total swap = 0kB
[ 1074.838980][T21853] 1965979 pages RAM
16:17:26 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1074.842987][T21853] 0 pages HighMem/MovableOnly
[ 1074.847698][T21853] 1423249 pages reserved
[ 1074.852165][T21853] 0 pages cma reserved
[ 1074.856279][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=25209,uid=0
[ 1074.871476][T21853] Out of memory: Killed process 25209 (syz-executor.1) total-vm:74980kB, anon-rss:1756kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1074.901781][ T1822] oom_reaper: reaped process 25209 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:27 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:27 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
prctl$PR_SET_PTRACER(0x59616d61, r1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:27 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, &(0x7f0000000240), &(0x7f0000000280)=0x4)
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:27 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:27 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1075.425091][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1075.437796][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1075.446528][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1075.447676][T21853] Call Trace:
[ 1075.447676][T21853]  dump_stack+0x1c9/0x220
[ 1075.447676][T21853]  dump_header+0x1e7/0xd00
[ 1075.447676][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1075.447676][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1075.447676][T21853]  ? ___ratelimit+0x542/0x720
[ 1075.447676][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1075.447676][T21853]  oom_kill_process+0x216/0x580
[ 1075.447676][T21853]  out_of_memory+0x181e/0x1cc0
[ 1075.447676][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1075.447676][T21853]  alloc_pages_current+0x67d/0x990
[ 1075.447676][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1075.447676][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1075.447676][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1075.447676][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1075.447676][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1075.447676][T21853]  ? debug_shrink_set+0x220/0x220
[ 1075.447676][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1075.447676][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1075.447676][T21853]  do_syscall_64+0xb8/0x160
[ 1075.447676][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1075.447676][T21853] RIP: 0033:0x45cb29
[ 1075.447676][T21853] Code: Bad RIP value.
[ 1075.447676][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1075.447676][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1075.447676][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1075.447676][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1075.447676][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1075.447676][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1075.621198][T21853] Mem-Info:
[ 1075.624599][T21853] active_anon:177939 inactive_anon:6859 isolated_anon:0
[ 1075.624599][T21853]  active_file:5836 inactive_file:52564 isolated_file:0
[ 1075.624599][T21853]  unevictable:0 dirty:106 writeback:0 unstable:0
[ 1075.624599][T21853]  slab_reclaimable:5661 slab_unreclaimable:24931
[ 1075.624599][T21853]  mapped:59007 shmem:7095 pagetables:6486 bounce:0
[ 1075.624599][T21853]  free:113711 free_pcp:62 free_cma:0
[ 1075.662845][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1075.691613][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1075.720764][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1075.726227][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1075.757632][T21853] lowmem_reserve[]: 0 0 228 228
[ 1075.762740][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1075.794489][T21853] lowmem_reserve[]: 0 0 0 0
[ 1075.799073][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1075.811153][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1075.827731][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1075.842844][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1075.852574][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1075.862122][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1075.871723][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1075.881212][T21853] 27220 total pagecache pages
[ 1075.886062][T21853] 0 pages in swap cache
[ 1075.890254][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1075.896506][T21853] Free swap  = 0kB
[ 1075.900278][T21853] Total swap = 0kB
[ 1075.904164][T21853] 1965979 pages RAM
[ 1075.907998][T21853] 0 pages HighMem/MovableOnly
[ 1075.912838][T21853] 1423249 pages reserved
[ 1075.917109][T21853] 0 pages cma reserved
[ 1075.921224][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=24097,uid=0
[ 1075.936207][T21853] Out of memory: Killed process 24097 (syz-executor.2) total-vm:74980kB, anon-rss:176kB, file-rss:35860kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[ 1075.955421][ T1822] oom_reaper: reaped process 24097 (syz-executor.2), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB
[ 1076.011001][T26536] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
16:17:28 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:28 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x40802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = fcntl$dupfd(r0, 0x406, r0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000080)={0x5, 0x10, 0xfa00, {0x0, r4}}, 0x18)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000140)={0x4, 0x8, 0xfa00, {r4, 0x8}}, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0xfffffffffffffedd)
socket$netlink(0x10, 0x3, 0x0)
r7 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r7, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@mpls_newroute={0x148, 0x18, 0x20, 0x70bd28, 0x25dfdbff, {0x1c, 0x10, 0x14, 0x2b, 0xff, 0x0, 0xfd, 0x5, 0x100}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0x80}, @RTA_TTL_PROPAGATE={0x5, 0x1a, 0xff}, @RTA_NEWDST={0x84, 0x13, [{0x80}, {0x4, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x1ff}, {0x7, 0x0, 0x1}, {0x3ff, 0x0, 0x1}, {0x3f, 0x0, 0x1}, {0x30}, {0x7fff}, {0x8, 0x0, 0x1}, {0x8, 0x0, 0x1}, {}, {0x0, 0x0, 0x1}, {0x3f, 0x0, 0x1}, {0x81}, {0x5}, {0x2ba, 0x0, 0x1}, {0xf8a}, {0x24f}, {0x40, 0x0, 0x1}, {0x3ff}, {0x1, 0x0, 0x1}, {0xfff, 0x0, 0x1}, {0xc1, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x100}, {0x2000}, {0x2}, {0x9, 0x0, 0x1}, {0x7fff}]}, @RTA_VIA={0x14, 0x12, {0x29, "14eae81ed59f36e2daf5e05761d7"}}, @RTA_NEWDST={0x84, 0x13, [{0x4, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x3f}, {0x5}, {0x5}, {0x1, 0x0, 0x1}, {0x7, 0x0, 0x1}, {0x7}, {0x6, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x800}, {0x3}, {0x8}, {0x1e000, 0x0, 0x1}, {0x4c4}, {0xcd, 0x0, 0x1}, {0x7}, {0xb7, 0x0, 0x1}, {0x7}, {0x5732}, {0x7}, {0x50}, {}, {0xffffb, 0x0, 0x1}, {0x1}, {0x5}, {0x3f}, {0x3f, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x20, 0x0, 0x1}]}]}, 0x148}}, 0x0)
ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000040)="8623b18421a6859ac70c3cf933e086ef98b4123bcb4fbd0bde2515d7e4b2fb4197d95a4458cc55ec526d1cd64065e40e97e9734a202ed5d6f2531094c41370f5f53ebdcd87fb44513e3c1292f1908a412cf9f42ef48d6eb6e19c3e4f5524ed4060b0d34dc8a1feb122b4057be3ecbeba1027eb92dc20c136e2b70a407f97271beb059659bf57f4694c3292e8678f9658396c2c3a99217a2d47ccd0d9f8d55648fe87fe20b991e2a203c56db79adb8d993c17d694d1da7d221beae249e0fb8c11af69c9de3536abb2294af4f9c5718ff0b42e2748e310ab04a4142f639ae40d41fbcd36bd17d3ebb5a49938c5217ac4f070f88d3cda0c9bcb081d59fe0798cc2e")

[ 1076.366373][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1076.379346][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1076.388072][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1076.388971][T21853] Call Trace:
[ 1076.388971][T21853]  dump_stack+0x1c9/0x220
[ 1076.388971][T21853]  dump_header+0x1e7/0xd00
[ 1076.388971][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1076.388971][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1076.388971][T21853]  ? ___ratelimit+0x542/0x720
[ 1076.427345][T21853]  ? task_will_free_mem+0x176/0x830
[ 1076.427345][T21853]  oom_kill_process+0x216/0x580
[ 1076.427345][T21853]  out_of_memory+0x181e/0x1cc0
[ 1076.427345][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1076.427345][T21853]  alloc_pages_current+0x67d/0x990
[ 1076.427345][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1076.427345][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1076.427345][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1076.427345][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1076.427345][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1076.427345][T21853]  ? debug_shrink_set+0x220/0x220
[ 1076.427345][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1076.487997][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1076.487997][T21853]  do_syscall_64+0xb8/0x160
[ 1076.487997][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1076.487997][T21853] RIP: 0033:0x45cb29
[ 1076.487997][T21853] Code: Bad RIP value.
[ 1076.487997][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1076.487997][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1076.487997][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1076.487997][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1076.487997][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1076.487997][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1076.562457][T21853] Mem-Info:
[ 1076.565717][T21853] active_anon:177952 inactive_anon:6859 isolated_anon:0
[ 1076.565717][T21853]  active_file:5835 inactive_file:52643 isolated_file:0
[ 1076.565717][T21853]  unevictable:0 dirty:112 writeback:0 unstable:0
[ 1076.565717][T21853]  slab_reclaimable:5661 slab_unreclaimable:24930
[ 1076.565717][T21853]  mapped:59081 shmem:7095 pagetables:6428 bounce:0
[ 1076.565717][T21853]  free:113761 free_pcp:62 free_cma:0
[ 1076.605310][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123808kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1076.634176][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1076.663527][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1076.668809][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1076.700149][T21853] lowmem_reserve[]: 0 0 228 228
[ 1076.705229][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1076.736745][T21853] lowmem_reserve[]: 0 0 0 0
[ 1076.741325][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1076.753446][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1076.770065][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1076.785278][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1076.795063][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1076.804619][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1076.814408][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1076.823911][T21853] 27294 total pagecache pages
[ 1076.828621][T21853] 0 pages in swap cache
[ 1076.833034][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1076.839133][T21853] Free swap  = 0kB
[ 1076.843090][T21853] Total swap = 0kB
[ 1076.846878][T21853] 1965979 pages RAM
[ 1076.850716][T21853] 0 pages HighMem/MovableOnly
[ 1076.855652][T21853] 1423249 pages reserved
[ 1076.859934][T21853] 0 pages cma reserved
16:17:28 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1076.864301][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=26547,uid=0
[ 1076.903357][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1076.916063][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1076.924802][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1076.925947][T21853] Call Trace:
[ 1076.925947][T21853]  dump_stack+0x1c9/0x220
[ 1076.925947][T21853]  dump_header+0x1e7/0xd00
[ 1076.925947][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1076.925947][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1076.925947][T21853]  ? ___ratelimit+0x542/0x720
[ 1076.925947][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1076.925947][T21853]  oom_kill_process+0x216/0x580
[ 1076.925947][T21853]  out_of_memory+0x181e/0x1cc0
[ 1076.925947][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1076.925947][T21853]  alloc_pages_current+0x67d/0x990
[ 1076.925947][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1076.925947][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1076.925947][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1076.925947][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1076.925947][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1076.925947][T21853]  ? debug_shrink_set+0x220/0x220
[ 1076.925947][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1076.925947][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1076.925947][T21853]  do_syscall_64+0xb8/0x160
[ 1076.925947][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1076.925947][T21853] RIP: 0033:0x45cb29
[ 1076.925947][T21853] Code: Bad RIP value.
[ 1076.925947][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1076.925947][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1076.925947][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1076.925947][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1076.925947][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1076.925947][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1077.099239][T21853] Mem-Info:
[ 1077.102663][T21853] active_anon:177918 inactive_anon:6859 isolated_anon:0
[ 1077.102663][T21853]  active_file:5835 inactive_file:52643 isolated_file:0
[ 1077.102663][T21853]  unevictable:0 dirty:112 writeback:0 unstable:0
[ 1077.102663][T21853]  slab_reclaimable:5661 slab_unreclaimable:24930
[ 1077.102663][T21853]  mapped:59064 shmem:7095 pagetables:6403 bounce:0
[ 1077.102663][T21853]  free:113829 free_pcp:62 free_cma:0
[ 1077.143947][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123816kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1077.172721][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.202009][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1077.207286][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1077.238714][T21853] lowmem_reserve[]: 0 0 228 228
[ 1077.243764][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.275441][T21853] lowmem_reserve[]: 0 0 0 0
[ 1077.280022][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1077.292264][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1077.308907][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1077.324066][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1077.333837][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1077.343457][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1077.353246][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1077.362752][T21853] 27289 total pagecache pages
16:17:29 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1077.367469][T21853] 0 pages in swap cache
[ 1077.371672][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1077.377989][T21853] Free swap  = 0kB
[ 1077.381762][T21853] Total swap = 0kB
[ 1077.385703][T21853] 1965979 pages RAM
[ 1077.389601][T21853] 0 pages HighMem/MovableOnly
[ 1077.394462][T21853] 1423249 pages reserved
[ 1077.398820][T21853] 0 pages cma reserved
[ 1077.403119][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=23882,uid=0
[ 1077.418153][T21853] Out of memory: Killed process 23882 (syz-executor.5) total-vm:75244kB, anon-rss:192kB, file-rss:35832kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1077.444460][ T1822] oom_reaper: reaped process 23882 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB
[ 1077.465245][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1077.478386][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1077.487213][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1077.487850][T21853] Call Trace:
[ 1077.487850][T21853]  dump_stack+0x1c9/0x220
[ 1077.501503][T21853]  dump_header+0x1e7/0xd00
[ 1077.507394][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1077.507394][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1077.507394][T21853]  ? ___ratelimit+0x542/0x720
[ 1077.507394][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1077.507394][T21853]  oom_kill_process+0x216/0x580
[ 1077.507394][T21853]  out_of_memory+0x181e/0x1cc0
[ 1077.507394][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1077.507394][T21853]  alloc_pages_current+0x67d/0x990
[ 1077.507394][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1077.507394][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1077.507394][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1077.507394][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1077.507394][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1077.507394][T21853]  ? debug_shrink_set+0x220/0x220
[ 1077.507394][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1077.507394][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1077.507394][T21853]  do_syscall_64+0xb8/0x160
[ 1077.507394][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1077.507394][T21853] RIP: 0033:0x45cb29
[ 1077.507394][T21853] Code: Bad RIP value.
[ 1077.507394][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1077.507394][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1077.507394][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1077.507394][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1077.507394][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1077.507394][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1077.661350][T21853] Mem-Info:
[ 1077.664708][T21853] active_anon:177781 inactive_anon:6859 isolated_anon:0
[ 1077.664708][T21853]  active_file:5835 inactive_file:52644 isolated_file:0
[ 1077.664708][T21853]  unevictable:0 dirty:119 writeback:0 unstable:0
[ 1077.664708][T21853]  slab_reclaimable:5661 slab_unreclaimable:24930
[ 1077.664708][T21853]  mapped:58976 shmem:7095 pagetables:6393 bounce:0
[ 1077.664708][T21853]  free:114014 free_pcp:62 free_cma:0
[ 1077.702906][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123816kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1077.731724][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.760900][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1077.766285][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1077.797656][T21853] lowmem_reserve[]: 0 0 228 228
[ 1077.802747][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1077.834190][T21853] lowmem_reserve[]: 0 0 0 0
[ 1077.838871][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1077.850953][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1077.867538][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1077.882704][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1077.892472][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1077.902002][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1077.911626][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1077.921085][T21853] 27300 total pagecache pages
[ 1077.925907][T21853] 0 pages in swap cache
[ 1077.930105][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1077.936308][T21853] Free swap  = 0kB
[ 1077.940078][T21853] Total swap = 0kB
[ 1077.943933][T21853] 1965979 pages RAM
[ 1077.947770][T21853] 0 pages HighMem/MovableOnly
[ 1077.952591][T21853] 1423249 pages reserved
[ 1077.956862][T21853] 0 pages cma reserved
[ 1077.960974][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=24023,uid=0
[ 1077.975910][T21853] Out of memory: Killed process 24023 (syz-executor.5) total-vm:74848kB, anon-rss:164kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1077.996468][ T1822] oom_reaper: reaped process 24023 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB
[ 1078.172596][  T761] tipc: TX() has been purged, node left!
[ 1078.265672][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1078.278386][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1078.287100][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1078.288258][T21853] Call Trace:
[ 1078.288258][T21853]  dump_stack+0x1c9/0x220
[ 1078.288258][T21853]  dump_header+0x1e7/0xd00
[ 1078.288258][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1078.288258][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1078.288258][T21853]  ? ___ratelimit+0x542/0x720
[ 1078.288258][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1078.288258][T21853]  oom_kill_process+0x216/0x580
[ 1078.288258][T21853]  out_of_memory+0x181e/0x1cc0
[ 1078.288258][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1078.288258][T21853]  alloc_pages_current+0x67d/0x990
[ 1078.288258][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1078.288258][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1078.288258][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1078.288258][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1078.288258][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1078.288258][T21853]  ? debug_shrink_set+0x220/0x220
[ 1078.288258][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1078.288258][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1078.288258][T21853]  do_syscall_64+0xb8/0x160
[ 1078.288258][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1078.288258][T21853] RIP: 0033:0x45cb29
[ 1078.288258][T21853] Code: Bad RIP value.
[ 1078.288258][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1078.288258][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1078.288258][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1078.288258][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1078.288258][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1078.288258][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1078.462159][T21853] Mem-Info:
[ 1078.465422][T21853] active_anon:177850 inactive_anon:6859 isolated_anon:0
[ 1078.465422][T21853]  active_file:5835 inactive_file:52591 isolated_file:0
[ 1078.465422][T21853]  unevictable:0 dirty:147 writeback:0 unstable:0
[ 1078.465422][T21853]  slab_reclaimable:5661 slab_unreclaimable:24932
[ 1078.465422][T21853]  mapped:59036 shmem:7095 pagetables:6461 bounce:0
[ 1078.465422][T21853]  free:113962 free_pcp:62 free_cma:0
[ 1078.503587][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123816kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1078.532237][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1078.561259][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1078.566651][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1078.598031][T21853] lowmem_reserve[]: 0 0 228 228
[ 1078.603086][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1078.634569][T21853] lowmem_reserve[]: 0 0 0 0
[ 1078.639150][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1078.651211][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1078.667766][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1078.682814][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.692727][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1078.702181][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1078.711790][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1078.721216][T21853] 27246 total pagecache pages
[ 1078.726041][T21853] 0 pages in swap cache
[ 1078.730244][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1078.736446][T21853] Free swap  = 0kB
[ 1078.740365][T21853] Total swap = 0kB
[ 1078.744209][T21853] 1965979 pages RAM
[ 1078.748132][T21853] 0 pages HighMem/MovableOnly
[ 1078.752966][T21853] 1423249 pages reserved
[ 1078.757234][T21853] 0 pages cma reserved
[ 1078.761343][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=24765,uid=0
[ 1078.776270][T21853] Out of memory: Killed process 24765 (syz-executor.1) total-vm:74848kB, anon-rss:828kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000
[ 1078.800077][ T1822] oom_reaper: reaped process 24765 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:30 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1079.132315][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1079.145411][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1079.154135][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.154890][T21853] Call Trace:
[ 1079.154890][T21853]  dump_stack+0x1c9/0x220
[ 1079.154890][T21853]  dump_header+0x1e7/0xd00
[ 1079.154890][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1079.154890][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1079.154890][T21853]  ? ___ratelimit+0x542/0x720
[ 1079.190243][T21853]  ? task_will_free_mem+0x176/0x830
[ 1079.198101][T21853]  oom_kill_process+0x216/0x580
[ 1079.198101][T21853]  out_of_memory+0x181e/0x1cc0
[ 1079.198101][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1079.198101][T21853]  alloc_pages_current+0x67d/0x990
[ 1079.198101][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1079.198101][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1079.198101][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1079.198101][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1079.198101][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1079.198101][T21853]  ? debug_shrink_set+0x220/0x220
[ 1079.198101][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1079.198101][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1079.198101][T21853]  do_syscall_64+0xb8/0x160
[ 1079.198101][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1079.198101][T21853] RIP: 0033:0x45cb29
[ 1079.198101][T21853] Code: Bad RIP value.
[ 1079.198101][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.198101][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1079.293520][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1079.293520][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1079.293520][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1079.293520][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1079.329256][T21853] Mem-Info:
[ 1079.332622][T21853] active_anon:177615 inactive_anon:6859 isolated_anon:0
[ 1079.332622][T21853]  active_file:5836 inactive_file:52581 isolated_file:0
[ 1079.332622][T21853]  unevictable:0 dirty:138 writeback:0 unstable:0
[ 1079.332622][T21853]  slab_reclaimable:5661 slab_unreclaimable:24928
[ 1079.332622][T21853]  mapped:59019 shmem:7095 pagetables:6383 bounce:0
[ 1079.332622][T21853]  free:114148 free_pcp:62 free_cma:0
[ 1079.370920][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123816kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1079.399706][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1079.428915][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1079.434330][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1079.465890][T21853] lowmem_reserve[]: 0 0 228 228
[ 1079.470818][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1079.502623][T21853] lowmem_reserve[]: 0 0 0 0
[ 1079.507204][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1079.519323][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1079.535970][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1079.551102][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1079.560859][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1079.570352][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:17:31 executing program 5:
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r2, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
recvmsg$can_bcm(r0, &(0x7f0000000780)={&(0x7f0000000180)=@pppol2tp={0x18, 0x1, {0x0, <r3=>0xffffffffffffffff}}, 0x80, &(0x7f0000000640)=[{&(0x7f0000000200)=""/115, 0x73}, {&(0x7f0000000280)=""/145, 0x91}, {&(0x7f0000000340)=""/130, 0x82}, {&(0x7f0000000080)=""/47, 0x2f}, {&(0x7f0000000100)=""/4, 0x4}, {&(0x7f0000000400)=""/193, 0xc1}, {&(0x7f0000000500)=""/60, 0x3c}, {&(0x7f0000000540)=""/212, 0xd4}], 0x8, &(0x7f00000006c0)=""/161, 0xa1}, 0x2000)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
getsockname$packet(r5, 0x0, &(0x7f0000000140))
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r3, &(0x7f0000000900)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000008c0)={&(0x7f0000000840)={0x50, 0x1407, 0x1, 0x70bd2a, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r5}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
getsockname$packet(r8, 0x0, &(0x7f0000000140))
ioctl$PPPIOCCONNECT(r8, 0x4004743a, &(0x7f0000000040)=0x1)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:31 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1079.580118][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1079.589597][T21853] 27238 total pagecache pages
[ 1079.594483][T21853] 0 pages in swap cache
[ 1079.598721][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1079.605430][T21853] Free swap  = 0kB
[ 1079.609193][T21853] Total swap = 0kB
[ 1079.613082][T21853] 1965979 pages RAM
[ 1079.616919][T21853] 0 pages HighMem/MovableOnly
[ 1079.621649][T21853] 1423249 pages reserved
[ 1079.626152][T21853] 0 pages cma reserved
16:17:31 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1079.630261][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=26560,uid=0
16:17:31 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:31 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
r2 = socket(0x840000000002, 0x3, 0x200000000000ff)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000840)=ANY=[@ANYBLOB="6e617400000000000000000000000000000000000000000000000000070000000000000005000000480300005001000008020000500100000802d00008020000b0020000b0020000b0020000b0020000b0020000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800534e415400000000000000000000000000000000000000000000000000000100000000000000ac1414bbe0eeff020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000022000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000a800000000000000000000000000000000000000000038004ef845544d415000000000000000000000000000000020000000000000000001feffffff000000e0000002ac1e00010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000b80000000000000000000000000000000000000000004800444e4154000000000000000000000000000000000000000000000000000100000000fe8000000000000000000000000000aaac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a51b00000000000000e9ff000000000000000000000000000000000000000000000000000000000000000000007000a80000000000000000000000000000000000000000003800444e415400000000000000000000000000000000000000000000000000000100000000000000e0000001ac1414bb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:32 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1080.587158][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1080.599957][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1080.608687][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1080.609765][T21853] Call Trace:
[ 1080.609765][T21853]  dump_stack+0x1c9/0x220
[ 1080.609765][T21853]  dump_header+0x1e7/0xd00
[ 1080.609765][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1080.609765][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1080.609765][T21853]  ? ___ratelimit+0x542/0x720
[ 1080.609765][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1080.609765][T21853]  oom_kill_process+0x216/0x580
[ 1080.609765][T21853]  out_of_memory+0x181e/0x1cc0
[ 1080.609765][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1080.609765][T21853]  alloc_pages_current+0x67d/0x990
[ 1080.609765][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1080.609765][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1080.609765][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1080.609765][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1080.609765][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1080.609765][T21853]  ? debug_shrink_set+0x220/0x220
[ 1080.609765][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1080.609765][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1080.609765][T21853]  do_syscall_64+0xb8/0x160
[ 1080.609765][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1080.609765][T21853] RIP: 0033:0x45cb29
[ 1080.609765][T21853] Code: Bad RIP value.
[ 1080.609765][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1080.609765][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1080.609765][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1080.609765][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1080.609765][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1080.609765][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1080.783561][T21853] Mem-Info:
[ 1080.786793][T21853] active_anon:177737 inactive_anon:6859 isolated_anon:0
[ 1080.786793][T21853]  active_file:5835 inactive_file:52588 isolated_file:0
[ 1080.786793][T21853]  unevictable:0 dirty:142 writeback:0 unstable:0
[ 1080.786793][T21853]  slab_reclaimable:5661 slab_unreclaimable:24928
[ 1080.786793][T21853]  mapped:59125 shmem:7095 pagetables:6447 bounce:0
[ 1080.786793][T21853]  free:114037 free_pcp:62 free_cma:0
[ 1080.824979][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123816kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1080.853851][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1080.882917][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1080.888138][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1080.919744][T21853] lowmem_reserve[]: 0 0 228 228
[ 1080.924854][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:112kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1080.956354][T21853] lowmem_reserve[]: 0 0 0 0
[ 1080.960954][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1080.973025][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1080.989589][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1081.004634][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1081.014336][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1081.024063][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1081.033811][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1081.043264][T21853] 27229 total pagecache pages
[ 1081.047974][T21853] 0 pages in swap cache
[ 1081.052321][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1081.058416][T21853] Free swap  = 0kB
[ 1081.062300][T21853] Total swap = 0kB
[ 1081.066056][T21853] 1965979 pages RAM
[ 1081.069890][T21853] 0 pages HighMem/MovableOnly
[ 1081.074753][T21853] 1423249 pages reserved
[ 1081.079218][T21853] 0 pages cma reserved
16:17:33 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
socket(0x840000000002, 0x3, 0x200000000000ff)
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1081.083467][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18918,uid=0
[ 1081.098514][T21853] Out of memory: Killed process 18918 (syz-executor.1) total-vm:75376kB, anon-rss:200kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1081.118562][ T1822] oom_reaper: reaped process 18918 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:33 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:33 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:33 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:33 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40000, 0x0)
ioctl$BLKRAGET(r1, 0x1263, &(0x7f0000000080))

16:17:33 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000180), &(0x7f00000001c0)=0x14)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:33 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:34 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1082.283510][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1082.296273][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1082.304997][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1082.306134][T21853] Call Trace:
[ 1082.306134][T21853]  dump_stack+0x1c9/0x220
[ 1082.306134][T21853]  dump_header+0x1e7/0xd00
[ 1082.306134][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1082.306134][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1082.306134][T21853]  ? ___ratelimit+0x542/0x720
[ 1082.306134][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1082.306134][T21853]  oom_kill_process+0x216/0x580
[ 1082.306134][T21853]  out_of_memory+0x181e/0x1cc0
[ 1082.306134][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1082.306134][T21853]  alloc_pages_current+0x67d/0x990
[ 1082.306134][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1082.306134][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1082.306134][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1082.306134][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1082.306134][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1082.306134][T21853]  ? debug_shrink_set+0x220/0x220
[ 1082.306134][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1082.306134][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1082.306134][T21853]  do_syscall_64+0xb8/0x160
[ 1082.306134][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1082.306134][T21853] RIP: 0033:0x45cb29
[ 1082.306134][T21853] Code: Bad RIP value.
[ 1082.306134][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1082.306134][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1082.306134][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1082.306134][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1082.306134][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1082.306134][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1082.479627][T21853] Mem-Info:
[ 1082.483102][T21853] active_anon:177674 inactive_anon:6859 isolated_anon:0
[ 1082.483102][T21853]  active_file:5836 inactive_file:52760 isolated_file:0
[ 1082.483102][T21853]  unevictable:0 dirty:148 writeback:0 unstable:0
[ 1082.483102][T21853]  slab_reclaimable:5661 slab_unreclaimable:24904
[ 1082.483102][T21853]  mapped:59120 shmem:7095 pagetables:6402 bounce:0
[ 1082.483102][T21853]  free:113974 free_pcp:63 free_cma:0
[ 1082.521328][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123828kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1082.550088][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1082.579150][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1082.584532][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB
[ 1082.616022][T21853] lowmem_reserve[]: 0 0 228 228
[ 1082.620978][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1082.652463][T21853] lowmem_reserve[]: 0 0 0 0
[ 1082.657051][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1082.669151][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1082.685844][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1082.700987][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1082.710861][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1082.720369][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1082.730102][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1082.739555][T21853] 27413 total pagecache pages
[ 1082.744379][T21853] 0 pages in swap cache
[ 1082.748574][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1082.755378][T21853] Free swap  = 0kB
[ 1082.759130][T21853] Total swap = 0kB
[ 1082.763033][T21853] 1965979 pages RAM
[ 1082.766872][T21853] 0 pages HighMem/MovableOnly
[ 1082.771579][T21853] 1423249 pages reserved
[ 1082.775979][T21853] 0 pages cma reserved
[ 1082.780084][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18036,uid=0
[ 1082.795088][T21853] Out of memory: Killed process 18036 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
16:17:34 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1082.913319][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1082.926245][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1082.934973][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1082.942063][T21853] Call Trace:
[ 1082.942063][T21853]  dump_stack+0x1c9/0x220
[ 1082.942063][T21853]  dump_header+0x1e7/0xd00
[ 1082.942063][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1082.942063][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1082.942063][T21853]  ? ___ratelimit+0x542/0x720
[ 1082.942063][T21853]  ? task_will_free_mem+0x176/0x830
[ 1082.942063][T21853]  oom_kill_process+0x216/0x580
[ 1082.942063][T21853]  out_of_memory+0x181e/0x1cc0
[ 1082.942063][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1082.991961][T21853]  alloc_pages_current+0x67d/0x990
[ 1082.991961][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1082.991961][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1082.991961][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1082.991961][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1083.022139][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1083.022139][T21853]  ? debug_shrink_set+0x220/0x220
[ 1083.022139][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1083.022139][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1083.022139][T21853]  do_syscall_64+0xb8/0x160
[ 1083.022139][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1083.022139][T21853] RIP: 0033:0x45cb29
[ 1083.022139][T21853] Code: Bad RIP value.
16:17:35 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1083.022139][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1083.062079][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1083.062079][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1083.062079][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1083.062079][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1083.062079][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1083.109158][T21853] Mem-Info:
[ 1083.112493][T21853] active_anon:177577 inactive_anon:6859 isolated_anon:0
[ 1083.112493][T21853]  active_file:5835 inactive_file:52768 isolated_file:0
[ 1083.112493][T21853]  unevictable:0 dirty:120 writeback:28 unstable:0
[ 1083.112493][T21853]  slab_reclaimable:5663 slab_unreclaimable:24904
[ 1083.112493][T21853]  mapped:59030 shmem:7095 pagetables:6320 bounce:0
[ 1083.112493][T21853]  free:114088 free_pcp:63 free_cma:0
[ 1083.150945][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123832kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1083.179679][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.208749][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1083.214118][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB
[ 1083.245614][T21853] lowmem_reserve[]: 0 0 228 228
[ 1083.250542][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.281935][T21853] lowmem_reserve[]: 0 0 0 0
[ 1083.286514][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1083.299220][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1083.315840][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1083.330959][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1083.340754][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.350204][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:17:35 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x4, 0x2000000000882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, 0x0, &(0x7f0000000140))
write$P9_RREMOVE(r4, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x200000, 0x0)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, &(0x7f0000000040))

[ 1083.359897][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.369313][T21853] 27424 total pagecache pages
[ 1083.374112][T21853] 0 pages in swap cache
[ 1083.378311][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1083.384491][T21853] Free swap  = 0kB
[ 1083.388237][T21853] Total swap = 0kB
[ 1083.392130][T21853] 1965979 pages RAM
[ 1083.395967][T21853] 0 pages HighMem/MovableOnly
[ 1083.400681][T21853] 1423249 pages reserved
[ 1083.405041][T21853] 0 pages cma reserved
16:17:35 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:35 executing program 1:
unshare(0x400)
setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'system.', '\x00'}, &(0x7f0000000080)='%{}.-\xce\x00', 0x7, 0x2)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x7, 0x9}, 0x40)
perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26560000000049d2e181baf9459c5c953948c6801d2c0945c08ba8c552fc99a7422007653872ecb4f63acdfe80812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026ed7360627ec60cb27"], 0x86)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, 0x0, 0x0)
bind$inet6(r2, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c)
listen(r2, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x5, 0x0, 0xc)
r3 = socket$key(0xf, 0x3, 0x2)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="6180b6df696ceae9ad8a890baada00b1715e1b2ab418a481762e5eaacbfa8e35496596f52b2cc6b1c3a28ced1cd3b8e06dfdb003a3189fb4ca444090381fe3b4bc2706c0fdca88d9520b882d8aab762b136ffe98f245c4831786"], 0x98}}, 0x0)
preadv(r3, &(0x7f00000017c0), 0x0, 0x2)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={0x0, 0x3}, 0xc)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r0, 0x0}, 0x20)

[ 1083.409178][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=26610,uid=0
[ 1083.470741][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1083.484157][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1083.492878][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1083.493322][T21853] Call Trace:
[ 1083.493322][T21853]  dump_stack+0x1c9/0x220
[ 1083.507594][T21853]  dump_header+0x1e7/0xd00
[ 1083.507594][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1083.507594][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1083.507594][T21853]  ? ___ratelimit+0x542/0x720
[ 1083.507594][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1083.507594][T21853]  oom_kill_process+0x216/0x580
[ 1083.507594][T21853]  out_of_memory+0x181e/0x1cc0
[ 1083.507594][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1083.507594][T21853]  alloc_pages_current+0x67d/0x990
[ 1083.507594][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1083.507594][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1083.507594][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1083.507594][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1083.507594][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1083.507594][T21853]  ? debug_shrink_set+0x220/0x220
[ 1083.507594][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1083.507594][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1083.507594][T21853]  do_syscall_64+0xb8/0x160
[ 1083.507594][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1083.507594][T21853] RIP: 0033:0x45cb29
[ 1083.507594][T21853] Code: Bad RIP value.
[ 1083.507594][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1083.507594][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1083.507594][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1083.507594][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1083.507594][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1083.507594][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1083.666854][T21853] Mem-Info:
[ 1083.670117][T21853] active_anon:177593 inactive_anon:6859 isolated_anon:0
[ 1083.670117][T21853]  active_file:5836 inactive_file:52774 isolated_file:0
[ 1083.670117][T21853]  unevictable:0 dirty:134 writeback:0 unstable:0
[ 1083.670117][T21853]  slab_reclaimable:5663 slab_unreclaimable:24904
[ 1083.670117][T21853]  mapped:59026 shmem:7095 pagetables:6269 bounce:0
[ 1083.670117][T21853]  free:114147 free_pcp:63 free_cma:0
[ 1083.708234][T21853] Node 0 active_anon:667000kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123832kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1083.736853][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.765847][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1083.771114][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB
[ 1083.802541][T21853] lowmem_reserve[]: 0 0 228 228
[ 1083.807461][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26820kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4588kB pagetables:7412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1083.838852][T21853] lowmem_reserve[]: 0 0 0 0
[ 1083.843529][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1083.855564][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1083.872073][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1083.887150][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1083.896848][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.906302][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1083.916015][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1083.925435][T21853] 27430 total pagecache pages
[ 1083.930154][T21853] 0 pages in swap cache
[ 1083.934441][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1083.940532][T21853] Free swap  = 0kB
[ 1083.944383][T21853] Total swap = 0kB
[ 1083.948145][T21853] 1965979 pages RAM
[ 1083.952069][T21853] 0 pages HighMem/MovableOnly
[ 1083.956804][T21853] 1423249 pages reserved
[ 1083.961094][T21853] 0 pages cma reserved
[ 1083.965313][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=17679,uid=0
[ 1083.980241][T21853] Out of memory: Killed process 17679 (syz-executor.1) total-vm:75376kB, anon-rss:200kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1083.999027][ T1822] oom_reaper: reaped process 17679 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1084.135415][    C1] sd 0:0:1:0: [sg0] tag#1363 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1084.146044][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB: Test Unit Ready
[ 1084.152800][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.162650][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.172483][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.182383][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.192209][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.202064][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.211917][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.221677][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.231517][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.241341][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.251178][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.261012][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1084.270841][    C1] sd 0:0:1:0: [sg0] tag#1363 CDB[c0]: 00 00 00 00 00 00 00 00
16:17:36 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
ptrace$setsig(0x4203, r1, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:36 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x410002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_GET_REMOTE_MNG(r2, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x1, 0x70bd25, 0x25dfdbfd, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x44060}, 0x20008081)
r5 = dup(r1)
getsockname$packet(r5, 0x0, &(0x7f0000000140))
pipe2(&(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x8c800)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00')
r9 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r9, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r10=>0x0})
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000001c0)={0x1c, r8, 0x27, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r10}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r6, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0x1c, r8, 0x200, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000080)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000040)={0xa, @sdr={0x3147504d, 0xfffffffb}})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:37 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:37 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:37 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(0xffffffffffffffff)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:37 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:37 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:38 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0xe798e95d48cd5a38, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000040)={0x0, 0x882200})

16:17:38 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:38 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:38 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0xc02, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882202})

16:17:38 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:38 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:38 executing program 4:
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(0xffffffffffffffff)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 5:
r0 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0xdd5, 0x214001)
ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000080)=[0x7, 0x3])
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:17:39 executing program 4:
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 1 (fault-call:3 fault-nth:0):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:39 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1088.254447][T26709] FAULT_INJECTION: forcing a failure.
[ 1088.254447][T26709] name failslab, interval 1, probability 0, space 0, times 0
[ 1088.267483][T26709] CPU: 0 PID: 26709 Comm: syz-executor.1 Not tainted 5.7.0-rc4-syzkaller #0
[ 1088.276951][T26709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1088.277199][T26709] Call Trace:
[ 1088.277199][T26709]  dump_stack+0x1c9/0x220
[ 1088.277199][T26709]  should_fail+0x8b7/0x9e0
[ 1088.277199][T26709]  __should_failslab+0x1f6/0x290
[ 1088.277199][T26709]  should_failslab+0x29/0x70
[ 1088.277199][T26709]  kmem_cache_alloc+0xd0/0xd70
[ 1088.277199][T26709]  ? mempool_alloc_slab+0x66/0xc0
[ 1088.277199][T26709]  ? kmsan_get_metadata+0x4f/0x180
[ 1088.277199][T26709]  ? __msan_poison_alloca+0xf0/0x120
[ 1088.277199][T26709]  mempool_alloc_slab+0x66/0xc0
[ 1088.277199][T26709]  mempool_alloc+0x11f/0x810
[ 1088.277199][T26709]  ? mempool_free+0x430/0x430
[ 1088.277199][T26709]  ? kmsan_get_metadata+0x4f/0x180
[ 1088.277199][T26709]  ? kmsan_get_metadata+0x11d/0x180
[ 1088.277199][T26709]  bio_alloc_bioset+0x346/0xc90
[ 1088.277199][T26709]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 1088.277199][T26709]  ? truncate_inode_pages_range+0x2444/0x24b0
[ 1088.277199][T26709]  ? kmsan_get_metadata+0x11d/0x180
[ 1088.277199][T26709]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1088.277199][T26709]  __blkdev_issue_zero_pages+0x2c3/0x9f0
[ 1088.277199][T26709]  blkdev_issue_zeroout+0x4b6/0x800
[ 1088.277199][T26709]  blkdev_common_ioctl+0x3486/0x3500
[ 1088.277199][T26709]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1088.277199][T26709]  blkdev_ioctl+0x8df/0xd90
[ 1088.277199][T26709]  block_ioctl+0x16e/0x1c0
[ 1088.277199][T26709]  ? blkdev_iopoll+0x190/0x190
[ 1088.277199][T26709]  __se_sys_ioctl+0x2e9/0x410
[ 1088.277199][T26709]  __x64_sys_ioctl+0x4a/0x70
[ 1088.277199][T26709]  do_syscall_64+0xb8/0x160
[ 1088.277199][T26709]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1088.277199][T26709] RIP: 0033:0x45cb29
[ 1088.277199][T26709] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1088.277199][T26709] RSP: 002b:00007f98f01bec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1088.277199][T26709] RAX: ffffffffffffffda RBX: 00000000004e24e0 RCX: 000000000045cb29
[ 1088.277199][T26709] RDX: 0000000020000000 RSI: 000000000000127f RDI: 0000000000000003
[ 1088.277199][T26709] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1088.277199][T26709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
16:17:40 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:40 executing program 4:
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1088.277199][T26709] R13: 0000000000000239 R14: 00000000004c4935 R15: 00007f98f01bf6d4
16:17:40 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

[ 1088.584630][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1088.597729][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1088.606456][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1088.607230][T21853] Call Trace:
[ 1088.607230][T21853]  dump_stack+0x1c9/0x220
[ 1088.607230][T21853]  dump_header+0x1e7/0xd00
[ 1088.607230][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1088.607230][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1088.607230][T21853]  ? ___ratelimit+0x542/0x720
[ 1088.607230][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1088.607230][T21853]  oom_kill_process+0x216/0x580
[ 1088.607230][T21853]  out_of_memory+0x181e/0x1cc0
[ 1088.607230][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1088.607230][T21853]  alloc_pages_current+0x67d/0x990
[ 1088.607230][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1088.607230][T21853]  ? kmsan_get_metadata+0x11d/0x180
16:17:40 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(0xffffffffffffffff)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1088.607230][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1088.607230][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1088.607230][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1088.607230][T21853]  ? debug_shrink_set+0x220/0x220
[ 1088.607230][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1088.607230][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1088.607230][T21853]  do_syscall_64+0xb8/0x160
[ 1088.607230][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1088.607230][T21853] RIP: 0033:0x45cb29
[ 1088.607230][T21853] Code: Bad RIP value.
[ 1088.607230][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1088.607230][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1088.607230][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1088.607230][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1088.607230][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1088.607230][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1088.781290][T21853] Mem-Info:
[ 1088.784686][T21853] active_anon:177637 inactive_anon:6859 isolated_anon:0
[ 1088.784686][T21853]  active_file:5835 inactive_file:52621 isolated_file:0
[ 1088.784686][T21853]  unevictable:0 dirty:41 writeback:16 unstable:0
[ 1088.784686][T21853]  slab_reclaimable:5663 slab_unreclaimable:24860
[ 1088.784686][T21853]  mapped:59114 shmem:7095 pagetables:6290 bounce:0
[ 1088.784686][T21853]  free:114226 free_pcp:146 free_cma:0
16:17:40 executing program 5:
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)=@getroute={0x14, 0x1a, 0x10, 0x70bd28, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050600000000000000003d00f7ff0d0001006e657464657673696d0000000f0002006e657464657673696d3000001c008200736f757263655f6d63635f69735f6d756c74696361737400"], 0x50}}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, r2, 0x400, 0x70bd28, 0x25dfdbff, {}, [{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x1c, 0x82, 'source_mac_is_multicast\x00'}, {0x5}}]}, 0x54}, 0x1, 0x0, 0x0, 0x90}, 0x20000800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)

[ 1088.822989][T21853] Node 0 active_anon:666856kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123836kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1088.851723][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1088.880911][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1088.886373][T21853] Node 0 DMA32 free:42900kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640180kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2812kB bounce:0kB free_pcp:260kB local_pcp:4kB free_cma:0kB
[ 1088.917786][T21853] lowmem_reserve[]: 0 0 228 228
[ 1088.922858][T21853] Node 0 Normal free:9544kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26676kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4556kB pagetables:7312kB bounce:0kB free_pcp:324kB local_pcp:192kB free_cma:0kB
[ 1088.954663][T21853] lowmem_reserve[]: 0 0 0 0
[ 1088.959249][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1088.971520][T21853] Node 0 DMA32: 891*4kB (ME) 459*8kB (M) 215*16kB (UM) 141*32kB (UM) 113*64kB (M) 58*128kB (UM) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42900kB
[ 1088.988356][T21853] Node 0 Normal: 932*4kB (UM) 387*8kB (UM) 92*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9544kB
[ 1089.008351][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.018406][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1089.027950][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1089.037665][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1089.047104][T21853] 27284 total pagecache pages
[ 1089.051903][T21853] 0 pages in swap cache
[ 1089.056105][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1089.062424][T21853] Free swap  = 0kB
[ 1089.066177][T21853] Total swap = 0kB
[ 1089.069941][T21853] 1965979 pages RAM
[ 1089.073901][T21853] 0 pages HighMem/MovableOnly
[ 1089.078609][T21853] 1423249 pages reserved
[ 1089.083001][T21853] 0 pages cma reserved
[ 1089.087108][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=16911,uid=0
[ 1089.102042][T21853] Out of memory: Killed process 16911 (syz-executor.1) total-vm:75376kB, anon-rss:200kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:17:41 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:41 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x90000, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00')
sendmsg$NLBL_MGMT_C_PROTOCOLS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000828bd7000fbdbdf250700000008000700ac1414aa0800020005000000080004000000000014000500fc01000000000000000000000000000114000600fe80000000000000000000000000003b08000200050000000800040003000000"], 0x64}, 0x1, 0x0, 0x0, 0x10000810}, 0x800)
sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="54005141f77aadd64f59fc927f1612f224db18935b51ec53fa78699b7d7190b1eed06d6f7c4451c1c034f7225f375306a5c68fc4f0ca12b7e5e2e113ce7720d46ce07335b5daebfa73a435804eb8cb17b4a351499b84f91561971001a8475ac4bffbbc3c434f03ffb9391961487de24ac5783f2d", @ANYRES16=r4, @ANYBLOB="00082dbd7000fcdbdf2506000000060001003a00000006000b001f000000080002000100000014000600fc00000000000000000000000000000114000500fe8000000000000000000000000000bb"], 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x10)
sendmsg$NLBL_MGMT_C_PROTOCOLS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x40, r4, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast2}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @multicast1}, @NLBL_MGMT_A_CV4DOI={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x19)

16:17:41 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, 0x0)
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:42 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
r3 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x0)
r4 = dup(r3)
ioctl$USBDEVFS_RESETEP(r4, 0x80045515, 0x0)
ioctl$DRM_IOCTL_RES_CTX(r4, 0xc0106426, &(0x7f00000002c0)={0x0, &(0x7f00000001c0)})
ioctl$DRM_IOCTL_SWITCH_CTX(0xffffffffffffffff, 0x40086424, &(0x7f0000000240)={0x0, 0x2})
ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000080)={0x0, 0x23})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000100)={0xc5ffff, 0x4, 0x5, <r5=>r0, 0x0, &(0x7f00000000c0)={0x9909de, 0x7, [], @value64=0x8001}})
ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f0000000140)={0x7, 0x0, 0x8000, 0x9, 0x2, 0x81, 0xfffffc01})
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @multicast2}, 0x10)

16:17:42 executing program 0 (fault-call:6 fault-nth:0):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:42 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1090.332323][T26740] FAULT_INJECTION: forcing a failure.
[ 1090.332323][T26740] name failslab, interval 1, probability 0, space 0, times 0
[ 1090.345155][T26740] CPU: 0 PID: 26740 Comm: syz-executor.0 Not tainted 5.7.0-rc4-syzkaller #0
[ 1090.353878][T26740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1090.355040][T26740] Call Trace:
[ 1090.355040][T26740]  dump_stack+0x1c9/0x220
[ 1090.355040][T26740]  should_fail+0x8b7/0x9e0
[ 1090.355040][T26740]  __should_failslab+0x1f6/0x290
[ 1090.355040][T26740]  should_failslab+0x29/0x70
[ 1090.355040][T26740]  kmem_cache_alloc+0xd0/0xd70
[ 1090.355040][T26740]  ? mempool_alloc_slab+0x66/0xc0
[ 1090.355040][T26740]  ? kmsan_get_metadata+0x4f/0x180
[ 1090.355040][T26740]  ? __msan_poison_alloca+0xf0/0x120
[ 1090.355040][T26740]  mempool_alloc_slab+0x66/0xc0
[ 1090.355040][T26740]  mempool_alloc+0x11f/0x810
[ 1090.355040][T26740]  ? mempool_free+0x430/0x430
[ 1090.355040][T26740]  ? kmsan_get_metadata+0x4f/0x180
[ 1090.355040][T26740]  ? kmsan_get_metadata+0x11d/0x180
[ 1090.355040][T26740]  bio_alloc_bioset+0x346/0xc90
[ 1090.355040][T26740]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 1090.355040][T26740]  ? truncate_inode_pages_range+0x2444/0x24b0
[ 1090.355040][T26740]  ? kmsan_get_metadata+0x11d/0x180
[ 1090.355040][T26740]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1090.355040][T26740]  __blkdev_issue_zero_pages+0x2c3/0x9f0
[ 1090.355040][T26740]  blkdev_issue_zeroout+0x4b6/0x800
[ 1090.355040][T26740]  blkdev_common_ioctl+0x3486/0x3500
[ 1090.355040][T26740]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1090.355040][T26740]  blkdev_ioctl+0x8df/0xd90
[ 1090.355040][T26740]  block_ioctl+0x16e/0x1c0
[ 1090.355040][T26740]  ? blkdev_iopoll+0x190/0x190
[ 1090.355040][T26740]  __se_sys_ioctl+0x2e9/0x410
[ 1090.355040][T26740]  __x64_sys_ioctl+0x4a/0x70
[ 1090.355040][T26740]  do_syscall_64+0xb8/0x160
[ 1090.355040][T26740]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1090.355040][T26740] RIP: 0033:0x45cb29
[ 1090.355040][T26740] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1090.355040][T26740] RSP: 002b:00007f5ae6decc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1090.355040][T26740] RAX: ffffffffffffffda RBX: 00000000004e24e0 RCX: 000000000045cb29
[ 1090.355040][T26740] RDX: 0000000020000000 RSI: 000000000000127f RDI: 0000000000000003
[ 1090.355040][T26740] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1090.355040][T26740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
16:17:42 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1090.355040][T26740] R13: 0000000000000239 R14: 00000000004c4935 R15: 00007f5ae6ded6d4
16:17:42 executing program 5:
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0xeb06, 0x0, 0x1009, 0x80000000, 0x1b9, 0x100, 0x35, 0x1})
write$P9_RSTAT(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="510000007d020000004a00ffff08000000010100000002000000000000000000b1085e280000ffffff7f07000000000000020200458028ac8a905c2f070040245d2d2e2e0b0c002f6465762f6e756c6c62"], 0x51)
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000240)=0x2000000, 0x4)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x7c, &(0x7f0000000140)={r3}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000380)={r3, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1, 0x3ff, 0x7, 0x7, 0x3}, &(0x7f0000000140)=0x98)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="40000000040601edffffffffffffff000a00000a050001407d0000000000000073797a30000000000500010007070000000000020000000000000000000000003b9e3d862abdfb04ed56cf204b73d72869a5b0910897326c0459b50f8a"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x40080)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/nullb0\x00', 0x151000, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000040)={0x3, 0x882201})

16:17:43 executing program 5:
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 0:
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00')
sendmsg$TIPC_NL_MON_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f00000002c0)={0x350, r1, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x255}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4c}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x100}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xd201}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x100, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x6de}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0xffff, @mcast2, 0x6}}, {0x14, 0x2, @in={0x2, 0x4e21, @empty}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @private=0xa010100}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xfd7c, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xffffeeea}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @private0, 0xfffffffb}}, {0x14, 0x2, @in={0x2, 0x4e20, @rand_addr=0x64010101}}}}]}, @TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}]}, @TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}, @TIPC_NLA_NET={0x6c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3d}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x4b}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9df3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}]}, @TIPC_NLA_BEARER={0xec, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @rand_addr=0x64010102}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @loopback, 0x8}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x3, @rand_addr=' \x01\x00', 0x80000}}, {0x14, 0x2, @in={0x2, 0x4e24, @remote}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x80000000, @ipv4={[], [], @remote}, 0x10001}}, {0x14, 0x2, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x44}}}}}, @TIPC_NLA_BEARER_NAME={0xb, 0x1, @l2={'ib', 0x3a, 'wg2\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}]}, @TIPC_NLA_MON={0x54, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x714}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x80f}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xffffffff}]}]}, 0x350}, 0x1, 0x0, 0x0, 0x8000004}, 0x80)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(0xffffffffffffffff, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
perf_event_open(0x0, 0x0, 0xd, r1, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:43 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f0000000340))
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
restart_syscall()
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRESHEX, @ANYRES16, @ANYBLOB="0100000000000000000014000000"], 0x14}, 0x1, 0x0, 0x0, 0x48840}, 0x20000044)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="18010000", @ANYRES16=r3, @ANYBLOB="000423bd7000ffdbdf25020000000000078000000300ff0100000000000000000300270000000000000000020100510a00000000020020000000000002000100008000000100be0900004cb68233e9179aacb2ce0002800400040000000100ff7f00003c00038008000200bb010040080001000000000008000200001000000800010005000000080001000004000008000100010100000800020082ae00000000040014000380080002003f0000000800030007000000"], 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000040))
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000c80)=ANY=[@ANYBLOB="0500cbfcab2d8d5b9d5747d830249a41440590d676bc0d2ac7255f7efe9b1f3f5b15351da26d3ee730913c98f1111e924bbdb403bb32739902c0575ad617c4d036aa37a6b24b3d4f034bfb6f888e837e5789d484d690d86bba19566c4b3ac01a721ea255b5214a98547478dbc4342d992d474b65552d9e65fd1ea91d8148c64b73302ac5df20dfa48cad96fe0bf7e34443c2ef9810", @ANYRES16=0x0, @ANYBLOB="04002abd7000ffdbdf250f000000080001007063690011000200303030303a30303a31302e300000000008000b00060000000600110006000000080001007063690011000200303030303a30303a30302e300000000008000b007f00000006001100070000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ffffffff0600110003000000080001007063690011000200303030303a30303a31302e300000000008000b000600000006001100040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00200000000600110008000000080001007063690011000200303030303a30303a31302e300000000008000b00010000000600110003000000080001007063690600000200303030303a30303a31302e300000000008000b001e0e00000600110009000000080001007063690011000200303030303a30303a31302e300000000008000b00ec0000000600110008000000"], 0x17c}, 0x1, 0x0, 0x0, 0x4000805}, 0x804)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000300)={0x0, 0x4})
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
ioctl$sock_SIOCBRADDBR(r5, 0x89a0, &(0x7f0000000380)='veth0\x00')

16:17:44 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1092.156253][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1092.169056][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1092.177801][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.178819][T21853] Call Trace:
[ 1092.178819][T21853]  dump_stack+0x1c9/0x220
[ 1092.178819][T21853]  dump_header+0x1e7/0xd00
[ 1092.178819][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1092.178819][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1092.178819][T21853]  ? ___ratelimit+0x542/0x720
[ 1092.178819][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1092.178819][T21853]  oom_kill_process+0x216/0x580
[ 1092.178819][T21853]  out_of_memory+0x181e/0x1cc0
[ 1092.178819][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1092.178819][T21853]  alloc_pages_current+0x67d/0x990
[ 1092.178819][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1092.178819][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1092.178819][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1092.178819][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1092.178819][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1092.178819][T21853]  ? debug_shrink_set+0x220/0x220
[ 1092.178819][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1092.178819][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1092.178819][T21853]  do_syscall_64+0xb8/0x160
[ 1092.178819][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1092.178819][T21853] RIP: 0033:0x45cb29
[ 1092.178819][T21853] Code: Bad RIP value.
[ 1092.178819][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1092.178819][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1092.178819][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1092.178819][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1092.178819][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1092.178819][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1092.353697][T21853] Mem-Info:
[ 1092.356933][T21853] active_anon:177651 inactive_anon:6859 isolated_anon:0
[ 1092.356933][T21853]  active_file:5836 inactive_file:52624 isolated_file:0
[ 1092.356933][T21853]  unevictable:0 dirty:55 writeback:0 unstable:0
[ 1092.356933][T21853]  slab_reclaimable:5663 slab_unreclaimable:24855
[ 1092.356933][T21853]  mapped:59144 shmem:7095 pagetables:6356 bounce:0
[ 1092.356933][T21853]  free:114273 free_pcp:76 free_cma:0
[ 1092.395006][T21853] Node 0 active_anon:666712kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123844kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1092.423706][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1092.452744][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1092.458015][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB
[ 1092.489531][T21853] lowmem_reserve[]: 0 0 228 228
[ 1092.494639][T21853] Node 0 Normal free:9320kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26640kB inactive_anon:19160kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4540kB pagetables:7312kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB
[ 1092.526015][T21853] lowmem_reserve[]: 0 0 0 0
[ 1092.530591][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1092.542671][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1092.559272][T21853] Node 0 Normal: 898*4kB (UM) 374*8kB (UM) 93*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9320kB
[ 1092.574358][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1092.584096][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1092.593563][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1092.603242][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1092.612692][T21853] 27280 total pagecache pages
[ 1092.617402][T21853] 0 pages in swap cache
[ 1092.621598][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1092.627838][T21853] Free swap  = 0kB
[ 1092.631598][T21853] Total swap = 0kB
[ 1092.635429][T21853] 1965979 pages RAM
[ 1092.639262][T21853] 0 pages HighMem/MovableOnly
[ 1092.644094][T21853] 1423249 pages reserved
[ 1092.648454][T21853] 0 pages cma reserved
16:17:44 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1092.652692][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=13063,uid=0
[ 1092.667671][T21853] Out of memory: Killed process 13063 (syz-executor.1) total-vm:75376kB, anon-rss:200kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1092.686555][ T1822] oom_reaper: reaped process 13063 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:44 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(0xffffffffffffffff, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:44 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffe8c)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
socketpair(0x26, 0x3, 0x8, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
ioctl$PPPOEIOCSFWD(r1, 0x4008b100, &(0x7f0000000080)={0x18, 0x0, {0x2, @multicast, 'ip6tnl0\x00'}})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r4, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r4, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
ioctl$FITHAW(r2, 0xc0045878)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r5, 0x1}, 0x14}}, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0406618, &(0x7f0000000040)={{0x1, 0x0, @identifier="77a47e6330bc5cbd17249ae8af02f71a"}})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(0xffffffffffffffff, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:45 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ptrace$setsig(0x4203, 0x0, 0x99, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:46 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffce6)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x20)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r1, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100)='nl80211\x00')
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x20, r3, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_SCAN_SUPP_RATES={0xc, 0x11d, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_5GHZ={0x5}]}]}, 0x20}}, 0x0)
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x8, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x80)

16:17:46 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:46 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:46 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000004940)={'wg2\x00', r1})
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x50}}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000004a00)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000340)="4bd01cc897e74551fa7a494dc061a487c880eff31c9edaa1f1017d95a0be13e4f225", 0x22}, {&(0x7f0000000380)="568af8063f4ff50eecaf973cc6e5202c3711ffdb22562d5ef3136f72e2f6095e27347bd33d38f58fe4b286d3599832a664448455b54ddd350b53aaae0368ccdb02b8a5b3f840c656c485d4dce0e6dcbb3adbe2aedd6d0ff4b939688a289fb1c9a0cdbe020800cdabd1cb22c323f115bfef4f6a125690ffeee2acd3c898dcbe834ee9d8fe111320e01e3460876d3baf8302ceedafac90c3b85de6e7d0de6bf52fb755b8a0b87ae9b0d569a50cbe9fad33c7bc1d63cee44fb4082970aa093fcf3d6522d19606d9fa033cd9c400edd8", 0xce}, {&(0x7f0000000480)="51cffcee016f00aba7ae22a4520a7c452b7c37eafc20a6ac49f18b13c9e31fd2ec5bc9fd54b0aa11ccacfa60c430997cf106fe19f5d51d4321036451c6429cb2c82660f481a0fa48728098c8f058851efa45b6a9d11c4a9cedbf2413e062767d7ea8ac1ea27c8a306e0eaa34f90993ae0e838c7e48015378ba2c635677e897a4ce44c838d2646cf6d739c57a33fa16032ec03a9e8c090ece34f03876343b988b5bb206eaf465956c7f6b05f045d71c8bd2e1ca89845e3a7d9b7629f33525aa85", 0xc0}, {&(0x7f0000000540)="3fbd151bb8c88e35f90d48dbb213d613453d6cc997c0e9fb30ba65d60bf6a47a105d24149d15fd3b17e36e2a3ded268135531a589ae6a79faf73075295ad53eef2ed01599528fea30c1a8f11733b80e0694a9e0679d91531c3208602d7e0913eccd8a78386e07b585e81f40fcdcbea6881c86ed0c6b194f0d8a2ccb4286f96a10ad729d316e8babba5937bb0e1129dcc2ff942fd882061ef3815226e5653f4cb2aa2c97b04bf399040dc774abbcf7923f56c63de2fb8368e9a2716a86e5000850914e9c0665dad526baa463e229cd484172ee1511c8e1300ab9a5f3227020ae391cbebfd213da7d2", 0xe8}, {&(0x7f0000000640)="62cd062ef03fe0834a48f253c59d22eb3b600f28971767ba698d284a7992bf1028632a4552290514daa08da56f1bd6c983b795c1b38154322502ff4b129ae28406a3caf8ad7add08f6dfc0d8212d2da35e79a7007c113441fd056eae3f7b6df7553c6eab650113cd208df5b06cdebb9d91df60ea2c702c03fbed60a9f49db8503e58908149b8b6897cec2ced3af80bb5bccbeb", 0x93}], 0x5, &(0x7f0000000780)=[@ip_ttl={{0x14, 0x0, 0x2, 0x9}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@rr={0x7, 0xb, 0xf9, [@multicast1, @broadcast]}]}}}], 0x38}}, {{&(0x7f00000007c0)={0x2, 0x4e21, @remote}, 0x10, &(0x7f0000001d40)=[{&(0x7f0000000840)="f9eea53642054142926899d28adfc84b4875c4f64b4d5924fc4a3616987677a61674aadcb29752cbc19299744f197bdf312ce16ac1fe18ad46f90749fdc805b82829c49d26dcf103207e2c6cb9b3b4ad1687ebe162bbb391f611e175b24d92bc6ab4b9579d87bea7b59a49e49ca7df18ba3224ba8ba0f17a57b5f6a7f37d258e720bb1da531fa316ecccb178d05f408b62005af338c147d57b0f6155d1e3", 0x9e}, {&(0x7f0000000900)="75754bc5c96704492f305b718a01706ebe987b97a274a1187ce79556ea22172f86e81c2ba979279750a5b5742f6addf69abcd75bdaaf038e5b34fc0a91a6ddcb2791ea67041e6635f2aaf16c630c6729175ca1d60b1238fa75df2ae7f98a7d5e718fac7df4c12324a778829178d76ca572c7ba", 0x73}, {&(0x7f0000000980)="c8456a492a1057b770cecf56404ea9cf4d34c915217f1a3fe576dd263fcc8a391f7fe9022f16", 0x26}, {&(0x7f00000009c0)="b347159b256791945e280ca4162cc248b6b049258c5ff2147176d12038e4567e281a472471a3982bdbb2e05a99a7b9f59a9a6cf0e537aed55023eb4969a5bbc9d82190d10cf64a38b87a51cb2c0bab06df8e99c5dbfeb9024814cfbc5b612b2b88843e01c56742da384816904510c3252bbc67c81063eb533faa3e59f289f2bbdafce7e3f5296285c97ba72ce880f037f1cf138d8b467f43aa4ee56768f6839c03f99a08", 0xa4}, {&(0x7f0000000a80)="330a32252daa856fafd3aae86a0c9432c1c4af9aaa6e7e984e652f850be05179098e37e38b8fe90d579deb673f185cb05fb5030762af02a5da6892d371af05be76079dfaca74c90e41ecbbfb437b46b4840affb443dbcdebbb5b701382defd32195256e309cc915ecd0b6022fd43ba7ac5d161d81c31e4cbbb365be78c2bcea2847c0b485c0001309ef4ed119271cbc7947512c879d1104ed06a45761e8738027067e9983a63e485edf6b98b52cf25a49132c0c34e9431c4d430a32c", 0xbc}, {&(0x7f0000000b40)="02d9817481896f0f0e41b37465a1bd78f838eb19bec8ddd8cc2ed9e413054fcf0ba1ed888eda00d2a2aceefeb77284e7a4b93ac0239aaa0d0e6242a3aa67ad2e5c6b105cc7b5c7a881e69d5dedd2ca30cb37426b88f6104b66e32449f5ae3373987cf0f50a0c3570ef070dfeaa1dad55f3918675cd3a76b2003cdd850892e8928347af5bb87c9219df9c7524692e4b5e094dd23c9a045b1ba6d9687ea5624899adea77b4f121a7e73515d3b811e98ef0352d8e3180cb02570ebd3e9a0d9ff205dd9e6c49e36a950850702efe16", 0xcd}, {&(0x7f0000000c40)="97e7eec63558b4b772ff6e4a2e5f3c4119fc5e8a34489410f6c4ad918543a9c057815a6a19ae93558938350b55b1b961ba02b93e64da7b567a7a8479c9b81f94e1744f5395ba6ec58e375cfa98d74455a4d4", 0x52}, {&(0x7f0000000cc0)="577096cd66c845d5f93cfea45bc5d9d2f780bc9b7bce7fd0c469cf1f5d348c8b4fa55614eef1db6885666731a580df182217f2d40a6adc5fb2390c0b038058fbce07d370919f8c1206111fc6d8262f4efc95272cca04f4e1a0470fdbbc0d2da2b5ba66e9f20cf11394d967d52d9695c2217216b6e2960f2c53240891137ff869448acbca7a8450e9b1f77b5b7299115f60a040369a4459c4f23b07fac36471bd10b410aeaba9a6da25fba26493a174ac936c3ae3b8030270c55550c99e85e990a921c2f95ebb698ea9a5f0c523fb12ce0f1680cc5235c0146340dcd9a9d73d73e640f22395995708986b34278b63925b95be4612b1d66b05f486c2195e7f98af95bc9e6482256d8d0aa30ce919e6b3454568be6638ac3f645c313f6f0b455e1336dc05a9913559d1a0ea0d61521df8db2081692a44921d9c0a536841b21a016987322634877ed07d1c2b3145f61d3e21d9a6d3024976b39161d51dc1b461b40a4fcf38d41bc9bb666687ebc9157c30c74dc3c9c92c95b758c1c236d3e6895d4a89caf4fc543f83e1f684ef3fd47f08ee7a90f0aeefc479fe1c2590f74c68a31d94d08f474398ef7771472e98803931ac33c3b54d8c31b139c3b87fe914ee5af03eac4bd758dd6d30bc235e9e9bdb20edecc5c89c61dd60ccd64253da3dd7ed3476f74b959f0a46aaa254760968db5809763d4faf6230a7f7fa9e49d294d447fcf09e0eb741afedbb97461daa0824b5f0644d2e9ed2cc53ccc94bbc0848a41bfcd9555e8313c931820e1d89c0c9765e0da78b663edf9c8a0b8b02a4101a9082d25677fce4afbd5bd6bb9e34dc9006b0bbd74dc05d908217a8c271cf0630c292969270743aca8f4baccd607978878e33ac8a0b6ab3a29a997fd035a749fda208806da3d7b8bb08fd3dbe28f4db53c5a27f627b9efe67309f361a038ff3bf2d7bd6f64e01814d7bd67f103cec681d7bb6a0b3bcfd594b377a8fbf8122eba5addce6669aada7597e4545122b8ead80aab07b6255632e6d670ac155c4b5721d93456478b78f4320b2c612c3519dc5744f374ed5b62de6daf9cf38e6a94f3a6eda9968be87ecfb58080acdf29d03dc740980da682a81c7bb4320b210e810bc2ff1b55e1227478c593c5afc72ba11df045b732a135921b0b8d4dd95c3eaf7339807e9454e99affbd837a52377bf2a2f73adeb17909d89adbb1bc3505d7eb8935c29b6467776b24283fd0f224bce5be9ece408d7fe51d6ace70af3a7de0dcf84bee5a16a8990b5fce8fc6b3a69dd96f966f57d2802d7ce1b4ad9a408902769a7f5552f29b288af257d37adbb614c488611fe4e547dca504bf7000c38542dfea1c9d285066feb901822069ee017aa4b3867d67529aa3064d93d11d6060848fe7436ddf43a455652b76ef1480145450489f12682bff568657e079ab1e2385448ea2d176ccb1f64fe707fca7141801541cf749f86cd2c73d4792d0a41cd85728717cbcef9bf87b402d9a52974dcd66e86ac984fdfa124dbc3a86aba08313fc6944fb7f28fe9215eefc1bbff7f7fea3af35f0ff01160829d49112b802ea0c1c192be04bbaadbb59f55cb5da8d65b977a28c0b7111a1a94a614840fd7cad86e07d7a38d08e0e22d5dd4ea75188c02c567cd99fb1cf249f6efcf95997308f73c0eedb18ae8c7d4a0febb7dd9a6af60a7c404faada611067772e640a795df702d31527849a394e1c4f1041bda43adda98cea6852ffd7f1012da9e33b2bc866e15bef448da7057e2cd81e81fe13b4e952efc24523ad85d57b6e355bae70d276305d439c3b66cfc780ef6eab3fadd1ac11f25bc6665e4b720881cbe49a7f95930c2a200e77d5086ec67d91b2ef7724f54f8131f07c17b4a5c15eae26f40b0eac9a18be0a43fddb45758b31ee35b30cccc82dd8b089eee4064a04e45cabb8b38662939746139a959cfe76f99a219364d213dc49e07c8849512063666110e7d5ae644a73757b16c702c41db336ec069d33d9280e7dcfe0032f43b4f0e8dbf53ad50ecbc9b66a1e56140e2a5eaa8cc3e977fb7673d615e7600587229ab77989df60cde5f57602363ec897d29b5693eb7b72b3e881b3f5d517b93329b9deb25ceea8be76853646ad16708a1c8d787301ef6f04cacb75a3e589859b99b9c32f98543debc98a41aa8690210df6509d3f195c889af4d5b4ac205c179425e42e2b307156fef1dc68638ebeb260b1934e15046d970db0ddb68bdf27a301dccb2583fce79579df78756e4b6b58fb367a1516089b12f0fa514d2cac29daac0be32267d0c130520cbc7b9200bba5fc99ebec4942cccb87b6b09e801c0768542bce8c6ac5b03d293c4dc69d6c1441dc708100c3a825a3155cb53cfa7900e940804849d28c99a130327cf9fce8eea54532b11ca8d3fd3978ae01cab57b245e4de2cb61628fadf58414a26421c0852b6f7c8f5091f6ff88d87061f0f713d7d802f91aec440088f2632162ca8473e33a8f107861304b2d0b0f3b5024e815d1a5df7715d70fb381533fe395d4143062c3958751876d8a8e5eaa3c09252c0b9707982c5a6b169d105f5bb01c6a4ed57e6856b477a1d2561e2ae3d96a2f683b7fcfd01aa4ce69ed6b4ef2fcf56b5d814d547b205eb94948d63a854c14ac12f420d6b730921895e87ecb7044869cb3ec73baba1ab712d0397ce322add312d9ed72b427b88e766beed5c8f5b7c52873988acde5f5eeae039fbaffce6b2cb9ee5211e5907aa7851bc254cfbbc366f93ad5ce8674727e8dfcdf5951df08f306d8e0ef28aa298f5cc55c5a5fcd1ff425654b1812d5477ced04c751c1c1ddf51eec7b21b58ed5dd903867a553d35bf5ed17ce16abf5b62ff6e2e144622a61af22aa979326ff8ff954566b103bd6c8e1ca333e39efd03e2192aaf92b8cd9a3b9abbb8445e9f6304ecb113cfb5c34afa21b5b5ad42eda3382ee46821fc447ed64023f668ea19200833a0eb10ecca1790fb0dc7ebc09dc5d8327c0494c7009be72a950e716e8fe34f38e519d76c2040f8dcf22b3152edd17ddd131e26119c0460922bd1ff407e0ae38d25341906be50f1636a1989fe375caf6938ad985e379d36e4107ab3b9caaa11b72aaeb3534cf36d09b0559bb1d1c1a9fbd9da6e555ba0d1083a564a06a8257a4d66ece0fab6e8b8495079486dbc29615d89f8227e2167dae74316ca36c4e93d3e7b2b4f48afe1fa4828af0bcfe361fd691486e0abab08888f06628a7672c4dfff2738c927494a75b9c0b994cd859a09ca22853a498d9d8939735679c87d29b9f942258eebf917c07eb7c40afa5567580d0b200c5c3dca6a0a93f3332d727f51fd6fedf8472f5aaa7f87612911db21a61c3752bcc0df7f19de7c6be249b80e23492eb41ac8c53af9296d9b3aaac604fbc5118effc20fe1d34a9dac9babd5b2782f46e5241ccc9dcb047f82b785acc68400b38616c74455f2e7e722158700e2a896070f62888e06f3ecbd254ffb6bd096a54bb7115ba80e3e2f38f2630724dbe3325961c7255aa4099d470191f5a85397a750fdba1324931ae5e728a58be94411c81b7755b1d99dba6120ccc3a99622d41d7777da4c2e62ac982d49cd65d78dda4e263ad2db67e1781c3c624af1be99acbfcd1dcee718d87be348cfab1f701d90d51fe82a361a8cdfdf8e24d8a61cf5f88945b841aa09d869ae4569e063e8b3415b9485764a92fc283b87755df389d47fc02b83331bee4a4cd52901939909dbb6ec83e955792d6e9cbd116009df4c9b284df8c06ce86201d5b5e1b1f9da0dcbf0add9e043c30c0a0289004aee894e0de15c9768e1689aa2ddeefae86dd1a6b4f924ecc372e0dfd45000afd3e2b34dd814259b9cd66223753189fa2e93dedeba087bbf2223319ca1ea305b6a4550d8a2b8f75180726329ba36356e474210008be1bcdc6a04796315f785ff7127dce799ae4975b4d58c4e1082cadbd4858d53a7dafecb2bcb27409c6c5deec8fa9f268089b329948f2e7c39e9b3728769f31738e612abad1784d0d122cc5c913d6848d27b19ce41664c9ef57423f5585b9c90593373b49500f18b0321925e5038c3c4e51d56e2743121521a8c2e9d11ebd0b769d4a7f8f5ab7c6663030d8ebdcf183412a5d872bd33e317b6a80f138a28870906946a7287ac66ff237f8c79ebac4f4165d8fccee63d818d7614957c34776109a00b504990b011c34521655024f948f24dd13177a8845260f8b2cd6b911c9bc2702142d9b6649b9d1d9e9e2435d95ae2da7f1a09bee5321270ec87dcf7151a0351d1ffdc759d3e00f5bfb6b826cceed6848c9442f23248ce55fddfa714f927be902fb558d73c649342fd3fef2bd0f05dea4d25b6dc8673357ecca45051d01f7a0ab3e314f1b9ead386d631b4047d1247aee0371065c13c18eab609f4011d26ac5a9a969023f340e9585695efb801f1bf6576abeb8fe12f53389c4edc2cb510519e344390b4509902cb37c891e703a9696328a1c4c6dcc455e1474cdc3add4036c4e7c5c09df44d70f6963634ec31447c018fd922b332b63e69d2c4f6594e940283c16c824430cf7eb5b29b0bda270136886036d47dac9e5b101a4a67e4be0224a83a541bcd22b2c0fcb5c42d75716836eabd1a03469ec79c72d27f501e10e625d38859fa4d81f23d15f9ecd2cb806428e4ad6967bede38e0dee3ba9e25f773a3d0a97858b5d2111d1e56acb28ac84600d3b5ca522f3a60d9c5cbf86d8309aeaa66650d48da0e231420ae270e95a2a8c2320105638654e3a409bb4578f7157d9d286bbca215df24520f6fb67b1cde04bf5aa3104b66b041516b22326974465599996442d6b6b621cbbf968a17d6cbdc90da525ed720e3cdd2ec7eaa50fada1be25076d34fdb4aac9577ada4dd1aa22612b1deb60627e99243e41a8c8f8f88c29eaf75446e23a4beba5ffb30142f1d137a1fd9a3e1b36582ea0ae44fadf6aade6a0a2f582c80f912015f1da80836fdf215c981ac124eb03968690cc94f55fc7a6fca552fa1b0ad9eeb1cff4b6afd6d524cfdd0563f38cf0f6851aa76214a2c89043435f7fa17cfa17d014434de986eeac075022121dd083309d0ecc13ece258ab622168f80b6cad87d7764f02e47deec8929806fcc2d0d209301a88b1e24b0a5f99332dd7b01c455d964c0746b45e6eb022abdadafd45dad7a4fee17cb74449d95ee10fce887ca44844eaa125d3965a43fe7be1a1f5d29eca09764e6dce7f645e644bd664f910ab653a91d33aecd0c22c9c3888639101862974c81a1a6fa404f80ad486fd9fa67d2eb9979094590814827155a60d45052f8f656aed75cca3f6eb1af626a58324c684d22d37537b1a0144292acf31f08444ff349abfae2e57633b6fc8e4249069c2130ff9f40b5819a797cfea478e3d366eb07bde0f5a5b99270d50e6a529a6f084dc41aedb650484b6311646b0a74a6b52bb1974cab189c9b9292fac91dee448fc92fbf951937af375c75733c19d61f7e674b4ff7b50e3e2e03c011837bbd4d1f4a358dee7a579f89d98aa7fd999b5939a434bc1e5f9963b88abcaba3166382e57bccd0fca1a293ba44704bb9622b22e7a4094f47189667e80f0aa5f407f52d803e0d4ebf727c7f90b878e74921eca475afc00fee952ac34baa4a34802a9b18346a720702fdbe84ff00a923bd93d58a3cb83e0ecce37e8be61be28b5731168b721eb88ce1c6ae27a6cf49030d3a8a3cff1f54cccc237011cc8264b866fbcf6ab5d9c7a0ed8814850b89e594b295693299df054a8b2ed03e433828f243139b8791214b03edf524c3cc0c90", 0x1000}, {&(0x7f0000001cc0)="0600f2f257a86a9bacfa27b56d41bd978a6eb9b78acf4054e2158fb05b14a6dc6c9f7df8323c89e56e3329a627caa3ddca83bd69844a9b61b27c907a019067c2b38c5c889ce0030fc48428", 0x4b}], 0x9, &(0x7f0000001e00)=[@ip_retopts={{0x68, 0x0, 0x7, {[@timestamp={0x44, 0xc, 0x4d, 0x0, 0x9, [0x6, 0x8001]}, @cipso={0x86, 0x10, 0x2, [{0x5, 0xa, "651b6d40765f7454"}]}, @cipso={0x86, 0x32, 0x2, [{0x0, 0x11, "dadd972c248a4caac5c422b1f94e13"}, {0x7, 0x10, "d508e22ffef9c6aeb9611ecd7102"}, {0x0, 0x2}, {0x2, 0x9, "202a1ce32f2502"}]}, @ra={0x94, 0x4}, @ra={0x94, 0x4, 0x1}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x81}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}], 0xb0}}, {{&(0x7f0000001ec0)={0x2, 0x4e21, @multicast1}, 0x10, &(0x7f0000003140)=[{&(0x7f0000001f00)="362d038c8fd10584797e53d0bf52866b4d83521763ee808777fadb4ac064327ebbf3190a7d536840142a1ea14c4d0f69481a35dc9fcebeac0036ca233a594945ade957efe308c0adf7d27c3f6609aca5a5cb4286b0316fc5266440411a44ed66896ce30232bcda21a3899653570fe73af278ca139e6796ac4ef325099a939ae072c9dcba098235e5afe0d2c9", 0x8c}, {&(0x7f0000001fc0)="93e4a2a0b158975e46b412224fb58e771483bc06d20e544d84a12d2f317c2006af324944", 0x24}, {&(0x7f0000002000)="562e0b31e01dbd939c6bf8781e46b1e474937fb502c0612c4691dfa81c4cc80345d8104f02b79105f33acaf7a89ba30e7e8461758fef3d3f5de6745d2956014243b462b807293e3c287ecac617dab840513f532746001782557daff3", 0x5c}, {&(0x7f0000002080)="cb8943924562d25ca56d69f6a4b469a2d50c381459c0", 0x16}, {&(0x7f00000020c0)="347b82c92da3477d72bc0ce14e8eb318d07321ae15054754a8864deebedea846e22eda5f7ec1227ce7c5f882004d7daa41d598e9dede0e4152bac8145a6504e7517d153bb7e90224ae31ca0d24434e7fc5557cb00f5481571e217c8e48071f2943f5f419a648", 0x66}, {&(0x7f0000002140)="672139c541fc134e4b5d88806a351601e2914f74d5cb460879a5eb7eb95f6bdce965a53cf3b5a5ad136fd040f5cc1812fda7fc2ed8250b0b9b2ac53d12b267d4c04b11f072887f9dad18bae23642c368604550c5612be5772cc4dfb8dc9df223be3a3b52271b62caaa913a224b08fb915635e612e23bed89fd87adf516d37eef0ba171f5b80339174537d099dd7ae58c912cb36f7eb68ccb700a9d1b43aa1ae7c35587186f2fdff44883ec26fa383ad03b2d0b5b400ce7ae1661604d21ec14a1cdcf908141347cd2185cdeec0e92270161444c53c09f04158f59eb0142cc8ec9cab4a45e1ac937650d702e46353d6a65c35ce8af71905de80d6fb18daf233f041f5746b18261686ff0df4c0889511a35723a9e782c4aa9b9f417a00e309ba4db2747d2918f1ab9ac92e588edb075398d7f73fcf994039ddfa08c39e4de5c63c561f0cc06c86bbfeb7e6507804794e84c84a01ddada1aac12814fb86c3bcda10a1c73689f7aefa3fafae8cab1c730ea76c5eb696dce472211fcf3d59b3fa85e299d881504d075d7598276a6f4a7fb48116ec1a33256e44acbf7ed541c62e0bfbd9ce02e6a0184a9c69568b238bf51289f4838e57755ae8dc669a5ac43273d7bee33f335359a7c346679dc783b06623e54f4f5169199c48afa820c1db802da1c6a94a6a61eaf660d6d0c340e54a417d9c7de24752ed081fdb2e7d69ed28db3af2672a5ab77628960d10abc85b6d404ccc5510d162559c9439649505e0d2b0638e02df43becf5d68b7f51ddf57e1d72ee5fa43ca13796766b36c1cd9d72efd5246a578d983f4813c9f25c509c8e65357b8441ef38d425f1aeb5e0970b4fdace0f4f6ebd665ed7ed68f87009cf22a151cf849b6ce83e6bc0f81d9fe5678410320dd4db6a285d2374f53680cd33cb6858bb5bd19ab6ee29db81738447b4b8a60ecf085d80b116bad581f7e3b1d08a5e26482003eca69096e6fbd68b75208fd6b175e6d9848a0c92b8783757a3c7f84b22ced2241a061771870632ed27d18e0f84524af566eace94d2dbcf3152a6fa32e766ad97481625d53b317e77a94f51ffbeff9c1d663ce45eb0754636d3fc990ac783eb547e00eb834a3876336b0aa6a3e8a69995e28f5859d59b5cf3273c6ca052089a257948fb8cfaec1bd93cdf374bab3cb814489abc01cddc78a7f013d3af5a3be8c7403c09d0a6fcd6610ddd4cb1a53a9bdc88a1bb368e609f942ca095a0f504818a0d3592a981a65d0f101800be452df7cb6dfd7758246d8b0228d218fa49c08c47d764bd61c05495c2bab11228cb1e1c4b9ea07f5ae9c600d98bc8fc4c8e5b54a97b5a8b3067e803469b1d0b58003065946b8c208039e0f5bf5627e8c0c1283ad243f15954b5c9752a2d3e07a0a94c6b5a3a1ed68d48e189a8931b798a5796c10b999841b3de9dd2bd866e08dbf2a4028ec6b217aa7e01c7e62ae20ea3285e47d402dd9293ec76deece21724d685b6b6df89b39a68b8b0b153aba61009e13d9a8fab73281ce3cf1e6910df3f46bcbd9c40cc98f8619967f94fe791834f25731bdd89776a3dff7fc34e45c2a1865f81ad8d72b79f9231780792e6c4b2517e6b8ca9f2adfb847925aaeff33acb9bd9d63176c5f92b693500f73b058e3573aca4d1336da593eec35b2e58a09bc2ee1fb4171adf17acd12ab2b0e65f481648a450600c8473c671089ea797e4dba2ca5cdec9110fda32799960580d16bebf5d2784ccd17caaf7e179567fdb26da371bcd9503a5faa114cd49eb4a425ef8a6605b051d05112848b20fbc65d15d4cc2875960f341bdb0531635d580848d11cd2e2312a8ef345649fea5558d3c07b9b9c0180f38cc5f0f704a0c23ce82b4da6246a558dbd0e5a124226fea9ed8253ab5945b2b32017a7a08fbf8b301700f0b1226ad6a54e457f26d339318dfa39f3890424ec29082196ed61bb245b6974bdfcc69094bd52b8e5e3be9caa8ab729d8d679bf717006e384a06d020d618d22c60da1ea373fbabbec085255550d9341a3ddae1b065b91acd2aa760ca3c021f6c734b1c2a087c5856e8e852cd0114bdc4abfabc823f2ce8ad40a954d2a833d3387a7c97cfdd68d747a183b31ff7706825177c048b1e5039cff4021c4e0459a8ad3fd581db5adddb0ab702d521dfad04f37121727f7751bca6908231790f95f199599851e2ae096f9c49e1bbff381c1ca29969cd5e88a6137b55d783de9b14e363ef797ae853e17bbdb9632514814efcc0bb7a0c9211b215efbc2f6d03f89232f49ec40d2b1d37cc99bb2de798cb7088df17e604cbaff81a976e9cec355afe0985addcb8a09696935fab02c292913298ae6fb5521fc02a5fdf29c6f39a7cfb5619ad9749d891a7ace26167eaa03e3f29b26ba796dc40b4c843b6221f8d4e9fc1c59d8dff54cb4242923867a6e08d8b48e10df9aa9ed796ef10f67b1acad594fb8176fc78270ee81e95a8c523797c97270d0415556e00532ed0730ab8b4173276f75a8a29a95c51bedf63e2c6787d5df943702ef536f374bcf3b6892d88d2c50d4d0ab9c5c2df83d52f6c018bd020a77acc3b24f430acbf1949cec27b1c574533da61f791522b5a23be733650da5e763bbe9b0b4710ecf9dc1dd286ad105fc4adf4671cd611b016c33e376f3e2a69c9f07eb6251e6e1f5ef57cedd262bd194ffe99ac450a17739e2c71e06c4241c39706c33e6ef4c7d863f6a3d0f60ee56013e67210b55aaafa911001044c35dd38552091ce42f3750b922226ea5c5f9da2af4e34c492540030250cbab1eab5376cf13ef956dfdcc1e54e5cb168531aec9725d627ad7603f57403254d4bdf46c275473189e912f390287c21699c79e6f9914fc487e823b9c969ac12ee569860098e4b4cb3d13c3b8f62771fe886c4ac027a9cc96d8e8d58feb34bcba5dc08562e9c8f8ab847c73b04efc83116d8c1d33404f3dff449d3f3d2998307bbcc81e2728cc06b4a576682afa2642917c09084543306237a931de6a1edc703941fa7a88cbe64b81e16da9b4e626cbd54c069e84dbf5b6249170808cc778efb3e5ea9d19bd936f297037aa492be871a8148634bdd55a6fbf63db95648a95420af07f50a90345dd4a1ed1c486b5d1080cd3072502e706a49bf55dc6d10acd72cdd54d1f52a0d2b8e661bc95d03f94bbc7a579d2010367677ecd60e80725879ad08b32be5ac1e2fd345dd0096c420d4e34f143f7ac2becc60de2032ea8537d45e83d1861a2539ba012f2e7efffa7e31f0c9117526aea94f11ea41d19007d2a50a57502da53a8dc37dd767392b3094a25bc121f6d32bc2981101b5bfee4aed0e5dd9dbfb3b50cb2b01e40a9f41f325c7547ac58536f9a502b7c5d58110df0161438df9860802b22d4994a98954d916aabbb91d4c2f7a52ccb1c2d7db9c7bd2389c2a554c3908f43a279e6d0b38b58c90d7c900d9c529e10c10548f94cdcfece1458eb8993daa539164970184ca42428571f336b4066a55e1513cbec42ef982204eb73c6e9cbaf760e900e4744a8c6fa1541ab0b78f0f7a0cc43bac25e1d1a225bd9de799dfe3a83c3ab55bcad658d54f1c7efec21046bf04a2e4fb38aa915531d5e89b4a1db218df5d2f2014a7f51859fb49df3024bdd488efc6c1827f301f8aeca1b4c7ad93a0e84967c91d9376552f5772ab6a1a3c6064eb2b4e6b2f9f34baf0a7a167b84873f321fa13a95016c60f77fa53c1f5cd9f8fb3ea07c468aba037b6aa13268ec445f1b6890210107257204aca51a689839e7b9bd82101870725e15097c2747bcc0adc84f98913e08b43034e74eb29803efcd42e707260ded139934ca44be34b52e94c5768ba1144703416f9061f3ced71b0760cf8b5e826b80a451a919bdf40c5ce0dff67165912906640750f2024bb5c155aaa0008ed40c21a6ae0b2c3825268456da4c7b651b89f59bda705013376358aa433776fb1137fadf6fe2374095345a394a68f0144a407a1d5fe065beb788d1d619eb30b8d2454cd45374f1bd55b31e863ee0b901f86787cdb05443fd5d7e40a17d41f764990ebef03370b9d9116386b33a9c82be42f4f73170905e71b2a7615d4d1422dfd2f88eb259248806de62e88a1bfe16906bee7dd9001c7203ad4371357dcf85a9217e31861789af7f7e117461c5302114d311ca981a3718d96a03d651cdd3ab9785dce9aa0dd2a70277a4c6afeb8390fb45403988d0e112a81dcf055a0122ce9caf145d178a3f38d273ea09ffa0bb58109c23c62c6ff37deca5a929180cfd743b3d4e4c9026acb5b5a2db0973cf9170c40a2cc53f233e18c89ab337556c1335c8321a5819f4c5f9e3fddc9c6ee3b34fb39f455051eea35d87a74a826f5d065542f3d2628f08c3a74f8a570ee07628327561a93f6225fe806aae4d63ead9e9a3171f0299e3978eddd1eb8802044cd2fea4ca2653a0c8136ceaed8d63d0d17a401d67684804900a44f04ce42567203f256d5f347e2e66f7279a42abbb677688064e837dd71ca31b58ececd751f5cbea615ee096c1270d324051133417b3248a16d40ed65d69a2945d846df13308717f1e4098f24dd119a30ec66f41adc1de8bffd7860f53b4e382237b94522e20c2a143dfa3d48661b43f59916abdd1c3ad22cb60910e71eb35ec2ab5997646f167959ea233e18e8177756f5db982984c5ad6c78ea12db609f977fc4d7db9580cdbe7b45a0f355bb7ba56b9c8cb08e40d2e6f11d22f1ff9b1fb08514184042b5265de7bf66c0a4669dffad5f3054bacb98076a70671835fdd6d5226b59132943e27555ebe9114ae7453f7a205453432454bb3ce1fdcc4f5c3930f54022f47c6be49d19e9a5dd175a7f4f5b90c891eca4f4250f807b29c18c19358a47d5d6131ea583f89feb61b3b8770e718a66b2d78cf47b35f0a5d9f86f4a7b71b51c4a9f7524fa74869d90617ddf9f106102bdf4e702ca44ef13917a49705a1b9dd3947cbb9bff51c6bb5f3e853d16585c0cf05879be0485a654dd56a9dfb63aec7b2ef2fa6f3de47ae825ba69c224eb584b96fd814d5132d247f1d9b8c542e87d6f2802283cffbd21cdeeab686fb0c100a1c8303592faa74636e5c4ce5f6e3293db2c50894c8768fadf5e54c59b568e506eabd2c285fda19a934b89a7d1685a078ce0ebf7c5b013ab12346b2831b861ac178d89800415d1d80c8f93e933a5deb9fe1e19316089b775d553d16e466f0870b4ca1a723c49f14827cc0608e7bac453363980f306774d659b0e20e3ec023c352cab14c0bd3fb46a901400ec3164ec8f43e6d31b59246682920b1405f08049208df388ad8dc9fc4afc2210aa7e84ee1430451366ebf52019e25b7360b9e2d4c0c88e4bf4231c633afe98d108b7f2a427298110b538651973b0c1f0c67d03bb4c1fbca9244210ab24674efc549207fd32375fc784983e353c616bcfea53f62e4e7189042010fcfc3681c22afaa191e87a46c3aa3c60a637a1847e4ce0115407493eb8498a5b793e720bc77d07235d02e7e7d31ae93cdfe7c4d9ac34a11f275e36a0b664b1a53129febeee940abfb07c3987ac0d563e7f5a71cb624a0e8f9f416a6a8d5fec1852a6d967d4eef01fcb8321b0f68041cf23085808cb33a3079419f5a8f10419fb71e7b47ed00cf6b90f6d964955eef635122b9e7bdbfc462cab8540e3860b27d79506634ee2684e35e6c06b14095e6d4ba6b3a128147c90fad915b7a61de9078cfb759c43a3e88d96442aa996dbadf0771cbb4e9bb1514817287c0bd9010e05316e55bf4da8313a42efb8d797be32ce1fb69648b4c8ccdcf4", 0x1000}], 0x6, &(0x7f00000031c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x1f}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x6}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0x48}}, {{&(0x7f0000003240)={0x2, 0x4e24, @private=0xa010102}, 0x10, &(0x7f00000045c0)=[{&(0x7f0000003280)="e54d8c7eda282b964c40837731b2b8c840f32797c5303f2c0fb64e7ee454673a6fb12fb6b264fae407a4cd5ea3dea1b16253f7ec695703bb81b01d01b8e1a050e5", 0x41}, {&(0x7f0000003300)="9031a97cc2331c97ba16ab73814c8538bb9a8a47ad1bf2cc83b9063f70bd9ca49272040c619ca6d594e9c9ca0e1dfae8e9f93dae1abb8424d2d6f20c06ea382d0fc52feb0a65845ffdb86cb08e0bdbb71f51aebd3e5674", 0x57}, {&(0x7f0000003380)="9ab73ceeda6d2e1c634abf2c4cf02610f07fd96111aa6387d490d3795654ab9b6b302c864c639c9e83ad03b7c0f2ac1c672997f0e8ca61ae21ba8b0f46ca206cbf981b01926ac5734a60e3b79945029232bf6ff610a4413d6e23192f5d912fe268bc829cc15067c8ff59b52116777c5476ce5a58fd4d6ea1a52e5298", 0x7c}, {&(0x7f0000003400)="55f5c973645b76941ac2472941eead4569eca670ab129a869db8f01356165663c3", 0x21}, {&(0x7f0000003440)="99d4ba1663f894a4fcf7e1acf5414687874a0fa37042fd840c71d5e0457224b1f3584cb5c3bde7499503c6e76cf6e526359648d834922b6a983c5c3a468efbf30ddbe87df3b8ed2b534330322914726678b69a781e54cf2c75cf11bee9d0be566873b0a610707a415f076bb7704bbdc095f7a5a0d223f863b4d53ef53f0b62678edfe1b75a40e4fe6ac3ac42a2d17d5ccb02275fe2ca2f32449b46fed3f4fd2ffb3ecb32b0e4087af72450298d", 0xad}, {&(0x7f0000003500)="bc2aa6e6566e24769a5db72f0a1f2e350b3ab38dcfd3b24dc3c6383e20598578d13873a1b0df27d6c0fa18858186e4231aa5a67ea9e394e729301e72f075ab60bb192342700e65b02a311af40fb8c9d3b979ef4fc7e22785153a049b03e25061642f94027d73f2829968961f1536279313062537cf078f3e0784a387990db217d98b1e7cf5efcd9e9813e81a4fa6659755ec48add21899d038f7df3bdbf7f14eebfa443f81ae3a9e4855fb12d279f938f7cf46cb229a1702490d89276a5c520bdca02e4b30571e96332c8a25beafbc7a5d3a8a18a5df85940a8a6927be091a7f6277c8daf4085b9f838e958235aed76894f811ec8fcdd594b7a398ff6a8483090bb25d1ce16d225eef2e54ccc344f453252a59c34aa02d50c28a83c7208af98f46b69d3b6260a72ca31771d4a951860bc435d412245ee2de96b3a734edab1ed40ce40754a0636fa42ef4508a318890adf325df978dd1f11d4a6f34ad27cf27c0e35ebb2cbeeafc57e2a669e604c064ed22b5975d01d729139911e4ea95e4917f906174c6ddfe59279d48a5f97d628016734f1f383f3c190e8c46595207f51611aaf073e566c32bf0e68f5ba22a79a48b23a510a738165337952a01f054180180830673b70e1f1f23741eedce998e0e45632856f20817a1b39afa13f61ba4d6f211a612beaad04a1dd166c4afb6bafd285b4bf5bc93e234afe2b3c0be96a7144f1f2e712f415efa4a63c86281cf29dbeb7cbc586d8d5caf82655ae6c5188005894bcbcb2be64203e1250080c3d382f1886e286df77b465e11ef4f5a13a527ad510eec95b6dd5391277addb17b29eadb1913d717b738a8de67c97e1ddd4196d44dd7990c3505b1478c7a019f3fcc550533fa97eb8b007037c01d1ae58a408a3836259656473c28aee90eb19665717a08ab2537df1ea971e68358bcba956e28c23b3097918f47a5ed433fa63a680ad1c9d08b99403ac88e48402aea2b5f857bda09bab8a78e1b2a98ec9f2b4916277cac1586a83e43be9d5d27a817a687db4ba6e7d081a54be2d5b639c78214629d813b2cdf5954e5d644a08315b1a2a0a6a809e822a08b766ace817c04dec6933890e00b1f65fa93ca59614357ecefccde2134b78cab0788c5acf2e3aef07fa475d5fb62c3d5e4700b6bd60e6c8f283fcdee0254ff36036200d7e6e1a085d28fc17d90414a1fd82484b2e848ca12dc1bffacf3e6cc70f4f9255a07cd951d4ae02235eafa78305c56d533020a17fec9bfc9c6e54bea97d34deba79ddbd78eef8fdbc695fc6bfaa87ba61f07449cb5e683108f4f14902d8b808119161477a847eb1effd6b561102e1f6139c238b3735362383292ad2e46c5fe24c5e52ae794d02f1fea68fdbe5115a966443e32fe8316dffbb8fc3d76fb6f1b4118c5fb6f4d1023e95c621937f0bae587fbe4427f20d41c57b492e51d523fbaa8013487127054cc1a4b332d8e3348c38dbe0516a705cf1bab3a116412921d09b3ea7cd56245bb895bed6798e0e29d10a0665f8cddc1e79b494bc70c09d6938e415689a875303edef9ca175e9ff4f296443486c89561436837d5cdaf70bb4f1a837ffc4b102d94ac45db9770a324de8155d4dd6d287ce2636128bf36c5435c4399d915270b97c19d41bb4e5374588f4f9449b98c2b32a295b78918a3e801b085cf374681224e300f6eeca962eba7e5c4296080df9295868982f24dad4f6e4534d0a9c53d3a52b220b83d658c441ad2c56f5c850345cc1f10b957208e93159952d2142e4de394e9885a036321745619198d279b1db82ae37f4cac9893b0c980018b753f24e9ba89dfee21841d7f5d8d0849f1425f713dcfd947f454eee636c263ee26aba542f11cf697574f980d50d6dba7111224ed08cc97d401d53719862e80e656a0260ff224841c8478a6665dbb6ad3e2d99f5917d1e48703b239fe2a6b5d65c5b18aa75bf47cf917e1ec156b4e1a73e5c2533800f972ce7a92241cabada42d48b88b5da82057385d8a830baab468af70e781b633d68e8c440f4e8a77ba8f267a2b5a11fdc1631247ca62c3c1263537b77f1194ff6930bb62d275d3dfa10a1e302d15fddd76a8be6decc5ddacc51b67d2b3dd3b04117ce69d8950241767bd6d0c385d91355bfad74f548c883b914072d959cb03c918fa17aa17f44e00d79b32a33b13c6ff16027e2262faa3dfe8e13b4dadf2983c1dc11180ceb364445bb1cd2e1c29f4416defc3b0f11340fcdf28a82c58a92959d117ae9395c6947c6b17f36c0c8272fd2cb6f3371b0c28d46bb67bca992047e40e7c39ae6a95f9a618646c0869ec0fade3eb30bb30416c46edf91b6bdc58907677a0b60a7cf47f32740105f0ba2499f389556035127307b9bb4e0a8dd5954d454369a3ff6993599f38f5be38185cb2f512d058a3a2ae437c0effc4ac42c0bb5566f839e0f73b1d13dcaab434038f3f28acaf0b53d2769ab261f6dffc9e5692df40d8d07ea4b2093af05ef57dfabf74fca1533735f1fea8b467fb072798638f33ca1283eff33d8d39c16077b85b7b1934d987e6c10c039c34c400fbb283cea84c8898f4cbd0b268e913b88a018ae7454b5dd5ff770d13cd370acb0e533162f513522746e33e8528da4eb13cd67a3b3d12e12b1a12b5091dae96f83f8e8ac5ac567c78638bcacbd5a8d6f72bbaee82dad0c3fd9dbdcce9f386ae6156ae67da29df862be084a917772eaadb1fc6101f49ac6c0ef806a38944550e1b131715a72d658a5e56356d2cf93539a1a5abb4e48771ca60ee1ca6d0f1150a0cd798d7717484da9ad30bdda0d8aeda73c57537ea1cafd260101bcc0ca66c2e508f77873b90399b7a299e78ef2148568f3f9787fbffb23778355b01af5cbda29fceddfeb1f34a8b2e9846837b7563438d763281aa615197dd5a4e51b7ffb36ef818f6caf07b836494e9b936e0e33d3fe33129c880ab1ef44706e191ae5e2d047b8b3edec6eb57c7437389c7322b35f578d746b0c397510e2a769b70c6c0b91ac08b96a27d05560df9d532060409f449c89c7ba150c4c258fb9bc5856eabbd891145d8ad86bff891d57e6b70312e4f387c9072d75c1c96ce4adbd197e91356575208776f39791ac41ba28dcd3705b06d01881f9988a5591c7e967241950065ebb56c3ecbfbc996ed030f58b29f76097a76144084e71f576f0a55044d49e7c6a8f6dfa2cec8609350896a8c0f4c3f1b6e33404a9c212f1a8efbb03c127fa8dd96611d142dd541431cdb789fef5b4f95b261d7e639b0a6061be4d23af5c7f88463083ab9f23c00c84ad0bd51896fcadb5d232c1b860919273270e8bc30d19344341edfcf805a60ecf6c5c5aa949be84e8bf9f885fe52c28dabfe79648770e69231fc9f70aa40f7626492196ad8feff811a9179e712bbb1deddf4bbe235a238cdf5457b204a4a9c4d5b4cc76b77ee57be761412cfc0f2d11ccd914c8b7e3e68391a46d0c1d5cd6f6ebd152e1a56c0c46108942982b3ad4c5b46df2e5796eae59ca9ad9012e546de22d27f0a603e163dd65c16705ac1a6cb8c938bc1db42a526256ad0247c1badc7a683508eff1bc47891a1c7bdefc11874cda2488f0d1654a24d36814a56f1c986ba78e4301e690cb5e27e3b0dd2f8b4470ba30bf71f6fe07059a28af9af58ae3480a0eef0afdbcd76d2f8287d71a30fecd2285aec8a5e30dbf82bed9ab4571642b4a15c0f60ab5119e9d473b666cb7f0d98652c21c75af1588aee59d7f737f19d4ebc4345fddffdd42a1fa72f201a0c918e3fbee06b21d7b16e7a328743d78d3e1673c7adf1c219e077b0266f44a1f5699195612e5919d61b5c3a0152f096ab499960411b14bea9735db1f18d80856c1f7d9834b09ee0177ade22932acb00b80459551c12345ca0df2f6446283263aa08361d6d458fcfe9d3c7e8a1ef1ee1809e5d6211f6320d70f55ea2fa43fcd8374495f05f2226e92f1acfe4aa3f2d293a3239e845d55c451b040f4ebfa1e4de9723a3380e5772b36971a098ea7ad8cdc14a350fb264aabfe6eaebcfb6cb7e977705a48bf6f33df9c3941ec9d7cb4b3903a23c5b93e7fbd69d4b4a2c6c3736d58630d0b0529822e0542eaf4bf187e43c0cc22a73ddcb1122aa870becc54010a8ddf8b8328e7e3bc4d78237325960225c1bd4db5ffc106adbecb30f92a74e0e4df0b471875b83ddc2565d14968ff5ef9e01e260575a0cc3f40125a755338750435839f498d9a5a384a53ba45a506138c17ccf8310b29e899ce099946f9c7a3c87b196e24d10fe48d7946ed474e066727dfff76383e5d8bd7e26a849dbfa71af10b39c6cefae9d757076a90fa572bc18ca48a501ab1e7978e7ad9122630e2df3db75967918169d6c472ab8aebddfd2862abcb9f522426f9588f140ceb709453b7f994edec0d08ea64fe50b55bbf433e62c5e1e89f41af60f01725435e586c78c63aed14585eba1fd4f78ea82cb77c329005c40a9b5e170012e9537adeb59c38098831766356bfd3bf293032995e67598bfdc5e99a7223e5a093aaa7a60b0cb033149eefd364b866e9ab6e5dffd2c5ba5258fa556ce96bc2f2fdc4031884df6c06fac9a478c792266b44c8c13002c2abe42e1a7f538ddd785a158cf5b4b89717c45520b0e42f01dc0614e4f13c7f7df52cac6c809a9fb01c161b80b1efbe4240768e6918dc5b23ef1939982e24b2eeb075b5a4cfcad0ac25c1fe3d35a0133f34285e9c63e355cbd5a90618bb3b68eda2dabdfcfeb952a4bf90d265a1cf4e612353033f2d76268d23e7e5cb92870a62726bb1df7b1f0b6029c164544ad4ffff00b1d70f40ee81640df3e1c4139e025b3f0c796e8b98a5b48e619548839416c5ba1c023ff78b80c54246ba036d09865319142e3b826199915bc21dc7ed3e060640c10c581e98f9a60381d9d5873522bfc0507d4864a901d475d0be601114c3463312b556056a966b89d835e8b8b230f3132cd32d60e25588a44103c5778d9403dd29c3a9ad984b6199b5c239002b5abacce981a2d6b0b525bf8ac145ee1ba15062c437f384f652dd9c417becda2aef0d3c3094b46e9e7d17532f3b941d816d27e2f60944fe4d652ad47015a882eab636cb4bf546dd6f0d4e55a3b29f6fb4f31ca61df42c11dfb9472238d7bfacffd5a588f35289776bc3b25506526a69423e25637da5889e65f8e2c7312c054ea200c18bb54c2729f2d618f288ccf3fa5470d188e655d1000d027c88f10d102451813f3865d7a1922bb28a1dc15ac6fedd9dda0b02a90c178f7a84065a22d313ac81346906a2e4e760385a961aa72d33ef919b85fb4d8190b35311b96d5f668cc880f5d638e6bff15381968e732bb0b76e4e68fcab5e5980c7922937cd71466ed5e4ed9fdaffad341fcc21122d6079ef0b281afdd17861763b792c0f6af91f35b0e16ba2bbce8d606e6225c09a157f055efa4b1426fa393d36209382a7e7fcd41054090c010078a87c2add84ea0d0b6d4b71ce0b106ca63b0c70e9447a98a3dbdf32f839528a74c6b19fd55d3db999af5b32162c175c6b55c28fb2cb8eae709f2c20feab192265537f022ea4b57e61b561d134e9da51a01a7fcebbc208a1882f533213bc46e3449a52b1c20d5b56aeef62b2a4924ba50527b8a8d672039ced5df9400045cce2242b22ffa4457aae6db8139b81f64015e3d368d4464e87eebabb363ad0980f69c92a4677d1735ea5e2faa39e4b01e878de4b7228c3dd487688ba3dc1677d1ad6e0cb2a68fdfb45955e8464dc35be9c230e463dc5cfa2ebf2f7af11caf86b6b29dd0a881feefccdcb0", 0x1000}, {&(0x7f0000004500)="7147e5801c3f7f6c9ebfdf672ce3136420d77f7546b2b82bec4e4966d6f8a68243132dfbaae10e3edb49347230d36b7f63ea78cc34366e022307405b086cf8d2f95cc61460f6b298f2c26c92a83b48e686e46b0dbcb09d2e9d2d20722bc020c4413e4b46e20b2b8a9e6aeba6df14c7b98ac70df212f0f17ce245f74a8014d226fd831b06305244399e3fae51b039eb51", 0x90}], 0x7, &(0x7f0000004640)=[@ip_retopts={{0xa0, 0x0, 0x7, {[@cipso={0x86, 0x52, 0x2, [{0x0, 0x11, "deb55808a1405b6d5617ffd0fb8e51"}, {0x1, 0xc, "1c6df1b7bd91f3c17c3b"}, {0x1, 0x9, "0c2807eca348be"}, {0x1, 0x11, "dfc4695380f65664817cc7a2626fe6"}, {0x2, 0x3, "8f"}, {0x6, 0x12, "a7e8e886bea5a1926d740ad40e3a8ecb"}]}, @noop, @lsrr={0x83, 0x1b, 0x76, [@dev={0xac, 0x14, 0x14, 0x3b}, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @lsrr={0x83, 0x17, 0x9d, [@broadcast, @empty, @multicast1, @multicast2, @private=0xa010100]}, @generic={0x83, 0xb, "4f637a0e8d2419afea"}]}}}, @ip_retopts={{0x3c, 0x0, 0x7, {[@cipso={0x86, 0x14, 0x2, [{0x2, 0xe, "a08f12a766c8ac9f3f6dc660"}]}, @timestamp={0x44, 0x4, 0x3c, 0x0, 0x2}, @ssrr={0x89, 0x13, 0x94, [@initdev={0xac, 0x1e, 0x1, 0x0}, @empty, @remote, @local]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x135}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}], 0x140}}, {{&(0x7f0000004780)={0x2, 0x4e23, @local}, 0x10, &(0x7f0000004900)=[{&(0x7f00000047c0)="f9c42aa6c53c3355ee0edcef188e281afa56553df70a3ab2c414fc40aaa427acc87fec04c293f5e3cf730751255feb1c3a2d46e5a22255d6eb6485d996c4a42116fd9f3e9e68bd0cc96979f855245547342d4d6e3c914d46d121145405d720701083f2d27f23f1f0b70fff0c5c6335385503d6a90e5a26167fde72c598fb70c0f9babb73c37b4613121a504602f30c", 0x8f}, {&(0x7f0000004880)="cc7ebd4eb6013e3573e5f3a0cf8c19ecf08ff667758ff4eb5672a535ee6ad37b94d46390a796624cc5173e9bc158bbfff5af2f8398e5f0097482", 0x3a}, {&(0x7f00000048c0)="dfa8a922965e3b8fc8332fce1108010fc4c5db075184f6ee8011015f71a70bb905335d03fc04c483348c73f21f53ebf59fdb8d37", 0x34}], 0x3, &(0x7f0000004980)}}], 0x5, 0x40)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x440, 0x0)
add_key$user(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="f4e943e405005d437c352709e50654071774d3434b3aca61de6e12f1903b6106bc2ed3477eb65d299b3d410c3338791e06c924012becf5e45cd354775a9a708021729ff460200e9cfd9eca0e4d220c9ffe213edbe66772578efc0aecf040b4c49e771d3caf7225b90d318363cf4c988a5e03d10306d833c7971e88efe7313bcf71d580d9637e6ec9c36a59517454", 0x8e, 0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getsockname$packet(r7, 0x0, &(0x7f0000000140))
ioctl$SOUND_OLD_MIXER_INFO(r7, 0x80304d65, &(0x7f00000002c0))
sendmsg$NFNL_MSG_CTHELPER_DEL(r5, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x2, 0x9, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFCTH_STATUS={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400000c0}, 0x4)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000300)='NET_DM\x00')

16:17:46 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1094.961470][T26818] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
16:17:47 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3c)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
r3 = gettid()
ptrace$setopts(0x4206, r3, 0x0, 0x0)
tkill(r3, 0x3c)
ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r3, 0x0, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sloppy_tcp\x00', 0x2, 0x0)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000025bd7000fbdbdf25310000000800db00", @ANYRES32=r1, @ANYBLOB="0800db00", @ANYRES32, @ANYBLOB='\b\x00R\x00', @ANYRES32=r2, @ANYBLOB="80", @ANYRES32=r3, @ANYBLOB="08000100030000000800db00", @ANYRES32=r4, @ANYBLOB], 0x44}, 0x1, 0x0, 0x0, 0x24004018}, 0x80)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1095.474533][T26818] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
16:17:47 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:47 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0xa0401, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:47 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:47 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4940, 0x0)
r2 = gettid()
ptrace$setopts(0x4206, r2, 0x0, 0x0)
tkill(r2, 0x3c)
ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r2, 0x0, 0x0)
write$FUSE_LK(r1, &(0x7f0000000180)={0x28, 0x0, 0x8, {{0x7, 0x6, 0x0, r2}}}, 0x28)
setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000100)={'broute\x00', 0x0, 0x0, 0x0, [], 0x0, &(0x7f0000000080)=[{}, {}, {}, {}, {}]}, 0x78)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:47 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:48 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0)=0x545e50f9, 0x4)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r2 = socket(0x25, 0x6, 0x4)
bind$l2tp(r2, &(0x7f0000000080)={0x2, 0x0, @loopback, 0x1}, 0x10)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x400000, 0x0)
ioctl$RTC_UIE_OFF(r3, 0x7004)

16:17:48 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
r1 = gettid()
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3c)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r1, 0x0, 0x0)
capget(&(0x7f0000000040)={0x20080522, r1}, &(0x7f0000000080)={0x7fffffff, 0x1, 0x20, 0x3f, 0x64b9})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1096.600935][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1096.614096][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1096.622812][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1096.623545][T21853] Call Trace:
[ 1096.623545][T21853]  dump_stack+0x1c9/0x220
[ 1096.623545][T21853]  dump_header+0x1e7/0xd00
[ 1096.623545][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1096.623545][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1096.623545][T21853]  ? ___ratelimit+0x542/0x720
[ 1096.623545][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1096.623545][T21853]  oom_kill_process+0x216/0x580
[ 1096.623545][T21853]  out_of_memory+0x181e/0x1cc0
[ 1096.623545][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1096.623545][T21853]  alloc_pages_current+0x67d/0x990
[ 1096.623545][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1096.623545][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1096.623545][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1096.623545][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1096.623545][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1096.623545][T21853]  ? debug_shrink_set+0x220/0x220
[ 1096.623545][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1096.623545][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1096.623545][T21853]  do_syscall_64+0xb8/0x160
[ 1096.623545][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1096.623545][T21853] RIP: 0033:0x45cb29
[ 1096.623545][T21853] Code: Bad RIP value.
[ 1096.623545][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1096.623545][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1096.623545][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1096.623545][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1096.623545][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1096.623545][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1096.801318][T21853] Mem-Info:
[ 1096.804682][T21853] active_anon:177530 inactive_anon:6859 isolated_anon:0
[ 1096.804682][T21853]  active_file:5836 inactive_file:52630 isolated_file:0
[ 1096.804682][T21853]  unevictable:0 dirty:65 writeback:0 unstable:0
[ 1096.804682][T21853]  slab_reclaimable:5663 slab_unreclaimable:24853
[ 1096.804682][T21853]  mapped:59160 shmem:7095 pagetables:6314 bounce:0
[ 1096.804682][T21853]  free:114399 free_pcp:80 free_cma:0
[ 1096.842732][T21853] Node 0 active_anon:666712kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123852kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1096.871378][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
16:17:48 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, 0xffffffffffffffff, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1096.901048][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1096.906434][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB
[ 1096.937729][T21853] lowmem_reserve[]: 0 0 228 228
[ 1096.942757][T21853] Node 0 Normal free:9320kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26640kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4524kB pagetables:7312kB bounce:0kB free_pcp:72kB local_pcp:0kB free_cma:0kB
[ 1096.974203][T21853] lowmem_reserve[]: 0 0 0 0
[ 1096.978780][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1096.990802][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1097.007342][T21853] Node 0 Normal: 898*4kB (UM) 374*8kB (UM) 93*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9320kB
[ 1097.022409][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1097.032121][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1097.041462][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1097.051182][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1097.060617][T21853] 27286 total pagecache pages
[ 1097.065531][T21853] 0 pages in swap cache
[ 1097.069729][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1097.075958][T21853] Free swap  = 0kB
[ 1097.079724][T21853] Total swap = 0kB
[ 1097.083585][T21853] 1965979 pages RAM
[ 1097.087424][T21853] 0 pages HighMem/MovableOnly
[ 1097.092240][T21853] 1423249 pages reserved
[ 1097.096533][T21853] 0 pages cma reserved
16:17:49 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80482, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080), &(0x7f00000000c0)=0x14)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1097.100644][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=21282,uid=0
[ 1097.115600][T21853] Out of memory: Killed process 21282 (syz-executor.2) total-vm:75112kB, anon-rss:188kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
16:17:49 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f0000000040)={0x37})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:49 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:49 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0xda)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000002c0)=@filter={'filter\x00', 0xe, 0x4, 0x468, 0xffffffff, 0x198, 0x0, 0x298, 0xffffffff, 0xffffffff, 0x3d0, 0x3d0, 0x3d0, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@ip={@broadcast, @private=0xa010102, 0xff, 0xff000000, 'ip6_vti0\x00', 'veth1\x00', {}, {}, 0x73, 0x1, 0x2}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0xfffffffa, 'system_u:object_r:qemu_device_t:s0\x00'}}}, {{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@ah={{0x30, 'ah\x00'}, {[0x2, 0xb72]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x4, [0x3, 0x1, 0x3, 0x9, 0x4, 0x2], 0x3, 0x7}, {0xffffffffffffffff, [0x1, 0x6, 0x1, 0x6, 0x8, 0x7], 0x6, 0x6}}}}, {{@uncond, 0x0, 0x110, 0x138, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz1\x00', 0x0, 0x2, 0x1, 0x2}}, @common=@osf={{0x50, 'osf\x00'}, {'syz0\x00', 0x0, 0x8, 0x1}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c8)
r4 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
fsetxattr$security_capability(r0, &(0x7f00000007c0)='security.capability\x00', &(0x7f0000000840)=@v2={0x2000000, [{0x80000001, 0x3}, {0xfe, 0x6}]}, 0x14, 0x2)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_SIOCBRDELBR(r4, 0x89a1, &(0x7f0000000080)='syzkaller0\x00')

[ 1097.487013][ T1275] tipc: TX() has been purged, node left!
16:17:49 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x6, 0x2)
recvmmsg(r1, &(0x7f0000007040)=[{{&(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @local}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000100)=""/207, 0xcf}, {&(0x7f0000000200)=""/149, 0x95}, {&(0x7f0000000840)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/107, 0x6b}], 0x4, &(0x7f0000001840)=""/4096, 0x1000}, 0xfffffffe}, {{&(0x7f0000000380)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000400)=""/192, 0xc0}, {&(0x7f00000004c0)=""/254, 0xfe}, {&(0x7f00000005c0)=""/4, 0x4}, {&(0x7f0000000600)=""/242, 0xf2}, {&(0x7f0000002840)=""/4096, 0x1000}], 0x5}, 0x1}, {{&(0x7f0000000780)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @loopback}}, 0x80, &(0x7f0000004b80)=[{&(0x7f0000003840)=""/62, 0x3e}, {&(0x7f0000003880)=""/146, 0x92}, {&(0x7f0000003940)=""/111, 0x6f}, {&(0x7f00000039c0)=""/28, 0x1c}, {&(0x7f0000003a00)=""/45, 0x2d}, {&(0x7f0000003a40)=""/4096, 0x1000}, {&(0x7f0000004a40)=""/51, 0x33}, {&(0x7f0000004a80)=""/10, 0xa}, {&(0x7f0000004ac0)=""/155, 0x9b}], 0x9, &(0x7f0000004c40)=""/186, 0xba}, 0xd75}, {{&(0x7f0000004d00)=@generic, 0x80, &(0x7f0000006f80)=[{&(0x7f0000004d80)=""/155, 0x9b}, {&(0x7f0000004e40)}, {&(0x7f0000004e80)=""/4096, 0x1000}, {&(0x7f0000005e80)=""/134, 0x86}, {&(0x7f0000005f40)=""/4096, 0x1000}, {&(0x7f0000006f40)=""/38, 0x26}], 0x6, &(0x7f0000007000)=""/8, 0x8}, 0x5}], 0x4, 0x40000002, 0x0)

16:17:50 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1098.362513][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1098.375631][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1098.384351][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1098.385075][T21853] Call Trace:
[ 1098.385075][T21853]  dump_stack+0x1c9/0x220
[ 1098.385075][T21853]  dump_header+0x1e7/0xd00
[ 1098.385075][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1098.385075][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1098.385075][T21853]  ? ___ratelimit+0x542/0x720
[ 1098.385075][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1098.385075][T21853]  oom_kill_process+0x216/0x580
[ 1098.385075][T21853]  out_of_memory+0x181e/0x1cc0
[ 1098.385075][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1098.385075][T21853]  alloc_pages_current+0x67d/0x990
[ 1098.385075][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1098.385075][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1098.385075][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1098.385075][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1098.385075][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1098.385075][T21853]  ? debug_shrink_set+0x220/0x220
[ 1098.385075][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1098.385075][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1098.385075][T21853]  do_syscall_64+0xb8/0x160
[ 1098.385075][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1098.385075][T21853] RIP: 0033:0x45cb29
[ 1098.385075][T21853] Code: Bad RIP value.
[ 1098.385075][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1098.385075][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1098.385075][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1098.385075][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1098.385075][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1098.385075][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1098.561068][T21853] Mem-Info:
[ 1098.564431][T21853] active_anon:177417 inactive_anon:6859 isolated_anon:0
[ 1098.564431][T21853]  active_file:5835 inactive_file:52668 isolated_file:0
[ 1098.564431][T21853]  unevictable:0 dirty:74 writeback:0 unstable:0
[ 1098.564431][T21853]  slab_reclaimable:5663 slab_unreclaimable:24800
[ 1098.564431][T21853]  mapped:59094 shmem:7095 pagetables:6265 bounce:0
[ 1098.564431][T21853]  free:114426 free_pcp:81 free_cma:0
16:17:50 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1098.602440][T21853] Node 0 active_anon:666712kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123860kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1098.631141][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1098.631267][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1098.631328][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB
[ 1098.631461][T21853] lowmem_reserve[]: 0 0 228 228
[ 1098.631507][T21853] Node 0 Normal free:9320kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26640kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4524kB pagetables:7312kB bounce:0kB free_pcp:72kB local_pcp:72kB free_cma:0kB
[ 1098.631631][T21853] lowmem_reserve[]: 0 0 0 0
[ 1098.631740][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1098.749990][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1098.766575][T21853] Node 0 Normal: 898*4kB (UM) 374*8kB (UM) 93*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9320kB
[ 1098.781878][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1098.791479][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1098.800958][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
16:17:50 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1098.810713][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1098.820158][T21853] 27324 total pagecache pages
[ 1098.824977][T21853] 0 pages in swap cache
[ 1098.829170][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1098.835404][T21853] Free swap  = 0kB
[ 1098.839166][T21853] Total swap = 0kB
[ 1098.843048][T21853] 1965979 pages RAM
[ 1098.846978][T21853] 0 pages HighMem/MovableOnly
[ 1098.851750][T21853] 1423249 pages reserved
[ 1098.856120][T21853] 0 pages cma reserved
[ 1098.860300][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=21115,uid=0
[ 1098.875260][T21853] Out of memory: Killed process 21115 (syz-executor.3) total-vm:75244kB, anon-rss:188kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1098.894793][ T1822] oom_reaper: reaped process 21115 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:17:50 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x10c, r2, 0x400, 0x270bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x98, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'bridge0\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x4}, 0x68)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:51 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x7c, &(0x7f0000000140)={r3}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000040)={r3, 0x20}, &(0x7f0000000080)=0x8)

[ 1099.748678][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1099.761418][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1099.770156][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1099.771265][T21853] Call Trace:
[ 1099.771265][T21853]  dump_stack+0x1c9/0x220
[ 1099.771265][T21853]  dump_header+0x1e7/0xd00
[ 1099.771265][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1099.771265][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1099.771265][T21853]  ? ___ratelimit+0x542/0x720
[ 1099.771265][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1099.771265][T21853]  oom_kill_process+0x216/0x580
[ 1099.771265][T21853]  out_of_memory+0x181e/0x1cc0
[ 1099.771265][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1099.771265][T21853]  alloc_pages_current+0x67d/0x990
[ 1099.771265][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1099.771265][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1099.771265][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1099.771265][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1099.771265][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1099.771265][T21853]  ? debug_shrink_set+0x220/0x220
[ 1099.771265][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1099.771265][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1099.771265][T21853]  do_syscall_64+0xb8/0x160
[ 1099.771265][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1099.771265][T21853] RIP: 0033:0x45cb29
[ 1099.771265][T21853] Code: Bad RIP value.
[ 1099.771265][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1099.771265][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1099.771265][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1099.771265][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1099.771265][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1099.771265][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1099.944587][T21853] Mem-Info:
[ 1099.947840][T21853] active_anon:177387 inactive_anon:6858 isolated_anon:0
[ 1099.947840][T21853]  active_file:5836 inactive_file:52674 isolated_file:0
[ 1099.947840][T21853]  unevictable:0 dirty:80 writeback:0 unstable:0
[ 1099.947840][T21853]  slab_reclaimable:5663 slab_unreclaimable:24798
[ 1099.947840][T21853]  mapped:59086 shmem:7095 pagetables:6234 bounce:0
[ 1099.947840][T21853]  free:114638 free_pcp:121 free_cma:0
[ 1099.986208][T21853] Node 0 active_anon:666600kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123860kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1100.014938][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1100.044374][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1100.049646][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB
[ 1100.081069][T21853] lowmem_reserve[]: 0 0 228 228
[ 1100.086189][T21853] Node 0 Normal free:9320kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26528kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4524kB pagetables:7272kB bounce:0kB free_pcp:232kB local_pcp:116kB free_cma:0kB
[ 1100.117941][T21853] lowmem_reserve[]: 0 0 0 0
[ 1100.122665][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1100.134801][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1100.151412][T21853] Node 0 Normal: 898*4kB (UM) 374*8kB (UM) 93*16kB (UM) 25*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9320kB
[ 1100.166529][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1100.176273][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1100.185736][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1100.195519][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1100.204990][T21853] 27330 total pagecache pages
[ 1100.209762][T21853] 0 pages in swap cache
[ 1100.214154][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1100.220248][T21853] Free swap  = 0kB
[ 1100.224213][T21853] Total swap = 0kB
[ 1100.228002][T21853] 1965979 pages RAM
[ 1100.232005][T21853] 0 pages HighMem/MovableOnly
[ 1100.236712][T21853] 1423249 pages reserved
[ 1100.240982][T21853] 0 pages cma reserved
[ 1100.245253][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=20421,uid=0
[ 1100.260251][T21853] Out of memory: Killed process 20421 (syz-executor.1) total-vm:74980kB, anon-rss:176kB, file-rss:34836kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:17:52 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:52 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:52 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:53 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:53 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:53 executing program 4:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:54 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r1, 0x1}, 0x14}}, 0x0)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup(r2)
r4 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r4, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r4, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000040)=0x1, 0x4)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400204)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000000)={0x0, 0x882000})

16:17:54 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, 0x0, 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:54 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:54 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r3)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000040)={0x8, 0x8, {<r4=>r3}, {0xee00}, 0x81, 0x4})
rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x37, &(0x7f0000000080)={0xb, 0x7fe, 0x80000001})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1102.206977][ T1275] tipc: TX() has been purged, node left!
16:17:54 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:54 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

16:17:54 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1102.981402][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1102.994498][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1103.003226][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1103.004126][T21853] Call Trace:
[ 1103.004126][T21853]  dump_stack+0x1c9/0x220
[ 1103.004126][T21853]  dump_header+0x1e7/0xd00
[ 1103.004126][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1103.004126][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1103.004126][T21853]  ? ___ratelimit+0x542/0x720
[ 1103.004126][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1103.004126][T21853]  oom_kill_process+0x216/0x580
[ 1103.004126][T21853]  out_of_memory+0x181e/0x1cc0
[ 1103.004126][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1103.004126][T21853]  alloc_pages_current+0x67d/0x990
[ 1103.004126][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1103.004126][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1103.004126][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1103.004126][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1103.004126][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1103.004126][T21853]  ? debug_shrink_set+0x220/0x220
[ 1103.004126][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1103.004126][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1103.004126][T21853]  do_syscall_64+0xb8/0x160
[ 1103.004126][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1103.004126][T21853] RIP: 0033:0x45cb29
[ 1103.004126][T21853] Code: Bad RIP value.
[ 1103.004126][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1103.004126][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1103.004126][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1103.004126][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1103.004126][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1103.004126][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1103.177633][T21853] Mem-Info:
[ 1103.180911][T21853] active_anon:178121 inactive_anon:6859 isolated_anon:0
[ 1103.180911][T21853]  active_file:5835 inactive_file:52744 isolated_file:0
[ 1103.180911][T21853]  unevictable:0 dirty:86 writeback:1 unstable:0
[ 1103.180911][T21853]  slab_reclaimable:5659 slab_unreclaimable:24679
[ 1103.180911][T21853]  mapped:59182 shmem:7095 pagetables:6189 bounce:0
[ 1103.180911][T21853]  free:113985 free_pcp:172 free_cma:0
[ 1103.219097][T21853] Node 0 active_anon:666480kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123864kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1103.247799][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1103.276818][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1103.282442][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB
[ 1103.314129][T21853] lowmem_reserve[]: 0 0 228 228
[ 1103.319069][T21853] Node 0 Normal free:9412kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26408kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4524kB pagetables:7172kB bounce:0kB free_pcp:436kB local_pcp:320kB free_cma:0kB
[ 1103.351012][T21853] lowmem_reserve[]: 0 0 0 0
[ 1103.355759][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1103.367844][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1103.384520][T21853] Node 0 Normal: 901*4kB (UM) 380*8kB (UM) 93*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9412kB
[ 1103.399649][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1103.409415][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1103.418899][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1103.428775][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1103.438266][T21853] 27339 total pagecache pages
[ 1103.443128][T21853] 0 pages in swap cache
[ 1103.447323][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1103.453570][T21853] Free swap  = 0kB
[ 1103.457322][T21853] Total swap = 0kB
[ 1103.461074][T21853] 1965979 pages RAM
[ 1103.465079][T21853] 0 pages HighMem/MovableOnly
[ 1103.469784][T21853] 1423249 pages reserved
[ 1103.474235][T21853] 0 pages cma reserved
[ 1103.478339][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19775,uid=0
[ 1103.493334][T21853] Out of memory: Killed process 19775 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:17:55 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

[ 1103.530166][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1103.543230][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1103.551952][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1103.562046][T21853] Call Trace:
[ 1103.562064][T21853]  dump_stack+0x1c9/0x220
[ 1103.562064][T21853]  dump_header+0x1e7/0xd00
[ 1103.562064][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1103.562064][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1103.562064][T21853]  ? ___ratelimit+0x542/0x720
[ 1103.562064][T21853]  ? task_will_free_mem+0x176/0x830
[ 1103.562064][T21853]  oom_kill_process+0x216/0x580
[ 1103.562064][T21853]  out_of_memory+0x181e/0x1cc0
[ 1103.562064][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1103.562064][T21853]  alloc_pages_current+0x67d/0x990
[ 1103.562064][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1103.562064][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1103.562064][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1103.631961][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1103.631961][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1103.631961][T21853]  ? debug_shrink_set+0x220/0x220
[ 1103.631961][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1103.631961][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1103.631961][T21853]  do_syscall_64+0xb8/0x160
[ 1103.631961][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1103.631961][T21853] RIP: 0033:0x45cb29
[ 1103.631961][T21853] Code: Bad RIP value.
[ 1103.631961][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1103.631961][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1103.631961][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1103.631961][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1103.631961][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1103.631961][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1103.725904][T21853] Mem-Info:
[ 1103.729180][T21853] active_anon:177968 inactive_anon:6859 isolated_anon:0
[ 1103.729180][T21853]  active_file:5835 inactive_file:52692 isolated_file:0
[ 1103.729180][T21853]  unevictable:0 dirty:86 writeback:16 unstable:0
[ 1103.729180][T21853]  slab_reclaimable:5659 slab_unreclaimable:24680
[ 1103.729180][T21853]  mapped:59095 shmem:7095 pagetables:6135 bounce:0
[ 1103.729180][T21853]  free:113978 free_pcp:187 free_cma:0
16:17:55 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="500000001000050700"/20, @ANYRES32=0x0, @ANYBLOB="65350600050000001c0012800c0001006d6163766c616e000c00028008000100080000000a000500040000000000000008000a00", @ANYRES32=r3, @ANYBLOB="208ca53983a8342d1e7714aa21615182a98ef90eca8bbc9782d9965fa43bc9fa3eb190758536826841c798a255bdec0d7bb9bb82be761b3e53771ddae343a20e09dc4fbd66d7a4fd080975e7e951cda9a4d831001572cfad520f9f"], 0x50}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg2\x00', r3})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value, &(0x7f0000000080)=0x8)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1103.767736][T21853] Node 0 active_anon:666480kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123864kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1103.796409][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1103.825480][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1103.830777][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB
[ 1103.862382][T21853] lowmem_reserve[]: 0 0 228 228
[ 1103.867318][T21853] Node 0 Normal free:9412kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26408kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4500kB pagetables:7172kB bounce:0kB free_pcp:496kB local_pcp:320kB free_cma:0kB
[ 1103.899084][T21853] lowmem_reserve[]: 0 0 0 0
[ 1103.903900][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1103.916055][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
16:17:55 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, 0x0, 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1103.932597][T21853] Node 0 Normal: 901*4kB (UM) 380*8kB (UM) 93*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9412kB
[ 1103.947678][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1103.957417][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1103.966913][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1103.976669][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1103.986147][T21853] 27346 total pagecache pages
[ 1103.990859][T21853] 0 pages in swap cache
[ 1103.995231][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1104.001361][T21853] Free swap  = 0kB
[ 1104.005259][T21853] Total swap = 0kB
[ 1104.009037][T21853] 1965979 pages RAM
[ 1104.013020][T21853] 0 pages HighMem/MovableOnly
[ 1104.017734][T21853] 1423249 pages reserved
[ 1104.022161][T21853] 0 pages cma reserved
[ 1104.026288][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=26919,uid=0
[ 1104.041230][T21853] Out of memory: Killed process 26924 (syz-executor.5) total-vm:74980kB, anon-rss:172kB, file-rss:35912kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1104.061167][ T1822] oom_reaper: reaped process 26924 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
[ 1104.146791][T26934] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[ 1104.199841][T26935] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
16:17:56 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write$UHID_DESTROY(r2, &(0x7f0000000040), 0x4)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:56 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00')
sendmsg$IPVS_CMD_SET_SERVICE(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x2c, r4, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x2c}}, 0x0)
sendmsg$IPVS_CMD_GET_DAEMON(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x128, r4, 0x2, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x8b91}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xb4f}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xff}, @IPVS_CMD_ATTR_DAEMON={0x40, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'geneve0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast1}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@dev={0xfe, 0x80, [], 0xe}}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x8, 0x8}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x4090}, 0x1)
dup(0xffffffffffffffff)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f0000000040)={0x0, 'wg2\x00', {0x2}, 0xa5e})
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:56 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:56 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:17:57 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, 0x0, 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1105.146348][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1105.159214][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1105.167932][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1105.169091][T21853] Call Trace:
[ 1105.169091][T21853]  dump_stack+0x1c9/0x220
[ 1105.169091][T21853]  dump_header+0x1e7/0xd00
[ 1105.169091][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1105.169091][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1105.169091][T21853]  ? ___ratelimit+0x542/0x720
[ 1105.169091][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1105.169091][T21853]  oom_kill_process+0x216/0x580
[ 1105.169091][T21853]  out_of_memory+0x181e/0x1cc0
[ 1105.169091][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1105.169091][T21853]  alloc_pages_current+0x67d/0x990
[ 1105.169091][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1105.169091][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1105.169091][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1105.169091][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1105.169091][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1105.169091][T21853]  ? debug_shrink_set+0x220/0x220
[ 1105.169091][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1105.169091][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1105.169091][T21853]  do_syscall_64+0xb8/0x160
[ 1105.169091][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1105.169091][T21853] RIP: 0033:0x45cb29
[ 1105.169091][T21853] Code: Bad RIP value.
[ 1105.169091][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1105.169091][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1105.169091][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1105.169091][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1105.169091][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1105.169091][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1105.342333][T21853] Mem-Info:
[ 1105.345638][T21853] active_anon:178032 inactive_anon:6859 isolated_anon:0
[ 1105.345638][T21853]  active_file:5835 inactive_file:52701 isolated_file:0
[ 1105.345638][T21853]  unevictable:0 dirty:98 writeback:0 unstable:0
[ 1105.345638][T21853]  slab_reclaimable:5659 slab_unreclaimable:24679
[ 1105.345638][T21853]  mapped:59194 shmem:7095 pagetables:6157 bounce:0
[ 1105.345638][T21853]  free:114048 free_pcp:187 free_cma:0
[ 1105.383881][T21853] Node 0 active_anon:666452kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123864kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1105.414331][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1105.443472][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1105.448773][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:4kB free_cma:0kB
[ 1105.480179][T21853] lowmem_reserve[]: 0 0 228 228
[ 1105.485274][T21853] Node 0 Normal free:9412kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26380kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4492kB pagetables:7172kB bounce:0kB free_pcp:496kB local_pcp:176kB free_cma:0kB
[ 1105.517238][T21853] lowmem_reserve[]: 0 0 0 0
[ 1105.522001][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1105.534130][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1105.550729][T21853] Node 0 Normal: 901*4kB (UM) 380*8kB (UM) 93*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9412kB
[ 1105.565871][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1105.575703][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1105.585207][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1105.594987][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1105.604463][T21853] 27357 total pagecache pages
[ 1105.609171][T21853] 0 pages in swap cache
[ 1105.613572][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1105.619687][T21853] Free swap  = 0kB
[ 1105.623642][T21853] Total swap = 0kB
[ 1105.627467][T21853] 1965979 pages RAM
[ 1105.631308][T21853] 0 pages HighMem/MovableOnly
[ 1105.636184][T21853] 1423249 pages reserved
[ 1105.640455][T21853] 0 pages cma reserved
[ 1105.644952][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19681,uid=0
[ 1105.659919][T21853] Out of memory: Killed process 19681 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:17:57 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:57 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:17:57 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000))

16:17:58 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r2, 0x40405514, &(0x7f0000000040)={0x3, 0x1, 0x401, 0x9, 'syz1\x00', 0x5})
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0xfffffffffffffffe, 0x400000882200})
r1 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0xe6fb9b6, 0x100)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x1c, r3, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x34, r3, 0x400, 0x70bd26, 0x25dfdbff, {{}, {}, {0x18, 0x17, {0x17, 0x77a, @udp='udp:syz0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20000000)

16:17:58 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
faccessat(r1, &(0x7f0000000040)='./file0\x00', 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x600, 0x0)
ptrace$setopts(0x4206, 0x0, 0x0, 0x0)
tkill(0x0, 0x3c)
ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, 0x0, 0x0, 0x0)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={0xffffffffffffffff, 0xc0, &(0x7f00000001c0)={0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000002c0)={r5}, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={0x0, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000100)='//{\'\x00', r5}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={<r6=>0x0, r4, 0x0, 0xc, &(0x7f0000000080)='/dev/nullb0\x00', r5}, 0x30)
sched_getattr(r6, &(0x7f0000000180)={0x38}, 0x38, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r3)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000040)={0x8, 0x8, {<r4=>r3}, {0xee00}, 0x81, 0x4})
rt_tgsigqueueinfo(r4, 0xffffffffffffffff, 0x37, &(0x7f0000000080)={0xb, 0x7fe, 0x80000001})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:58 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:59 executing program 5:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x8001)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f0000000040))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:59 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:17:59 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300)='batadv\x00')
r5 = socket$inet6_dccp(0xa, 0x6, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r6=>0x0})
sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000001c0)={0x1c, r4, 0x27, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r6}]}, 0x1c}}, 0x0)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r4, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xf1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}]}, 0x34}, 0x1, 0x0, 0x0, 0x2000}, 0x4)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1107.418292][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1107.431069][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1107.439798][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1107.440888][T21853] Call Trace:
[ 1107.452095][T21853]  dump_stack+0x1c9/0x220
[ 1107.452095][T21853]  dump_header+0x1e7/0xd00
[ 1107.452095][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1107.452095][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1107.452095][T21853]  ? ___ratelimit+0x542/0x720
[ 1107.452095][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1107.452095][T21853]  oom_kill_process+0x216/0x580
[ 1107.452095][T21853]  out_of_memory+0x181e/0x1cc0
[ 1107.452095][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1107.452095][T21853]  alloc_pages_current+0x67d/0x990
[ 1107.452095][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1107.452095][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1107.452095][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1107.452095][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1107.452095][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1107.452095][T21853]  ? debug_shrink_set+0x220/0x220
[ 1107.452095][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1107.452095][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1107.452095][T21853]  do_syscall_64+0xb8/0x160
[ 1107.452095][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1107.452095][T21853] RIP: 0033:0x45cb29
[ 1107.452095][T21853] Code: Bad RIP value.
[ 1107.452095][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1107.452095][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1107.452095][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1107.452095][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1107.452095][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1107.452095][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1107.614727][T21853] Mem-Info:
[ 1107.617993][T21853] active_anon:178047 inactive_anon:6859 isolated_anon:0
[ 1107.617993][T21853]  active_file:5836 inactive_file:52765 isolated_file:0
[ 1107.617993][T21853]  unevictable:0 dirty:120 writeback:0 unstable:0
[ 1107.617993][T21853]  slab_reclaimable:5659 slab_unreclaimable:24679
[ 1107.617993][T21853]  mapped:59202 shmem:7095 pagetables:6199 bounce:0
[ 1107.617993][T21853]  free:113960 free_pcp:232 free_cma:0
[ 1107.656244][T21853] Node 0 active_anon:666312kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123872kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1107.685425][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1107.714564][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1107.719824][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640072kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:252kB local_pcp:248kB free_cma:0kB
[ 1107.751317][T21853] lowmem_reserve[]: 0 0 228 228
[ 1107.756424][T21853] Node 0 Normal free:9532kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26240kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4460kB pagetables:7072kB bounce:0kB free_pcp:676kB local_pcp:320kB free_cma:0kB
[ 1107.788272][T21853] lowmem_reserve[]: 0 0 0 0
[ 1107.792983][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1107.805069][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1107.821629][T21853] Node 0 Normal: 917*4kB (UM) 385*8kB (UM) 94*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9532kB
[ 1107.836810][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1107.846541][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1107.856119][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1107.865838][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1107.875252][T21853] 27419 total pagecache pages
[ 1107.879960][T21853] 0 pages in swap cache
[ 1107.884246][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1107.890342][T21853] Free swap  = 0kB
[ 1107.894187][T21853] Total swap = 0kB
[ 1107.897941][T21853] 1965979 pages RAM
[ 1107.901886][T21853] 0 pages HighMem/MovableOnly
[ 1107.906596][T21853] 1423249 pages reserved
[ 1107.910869][T21853] 0 pages cma reserved
16:17:59 executing program 4 (fault-call:2 fault-nth:0):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1107.915076][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19139,uid=0
[ 1107.929998][T21853] Out of memory: Killed process 19139 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1107.948653][ T1822] oom_reaper: reaped process 19139 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
[ 1108.351238][T27002] FAULT_INJECTION: forcing a failure.
[ 1108.351238][T27002] name failslab, interval 1, probability 0, space 0, times 0
[ 1108.364196][T27002] CPU: 1 PID: 27002 Comm: syz-executor.4 Not tainted 5.7.0-rc4-syzkaller #0
[ 1108.372918][T27002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1108.373926][T27002] Call Trace:
[ 1108.373926][T27002]  dump_stack+0x1c9/0x220
[ 1108.373926][T27002]  should_fail+0x8b7/0x9e0
[ 1108.373926][T27002]  __should_failslab+0x1f6/0x290
[ 1108.398505][T27002]  should_failslab+0x29/0x70
[ 1108.398505][T27002]  kmem_cache_alloc+0xd0/0xd70
[ 1108.398505][T27002]  ? mempool_alloc_slab+0x66/0xc0
[ 1108.398505][T27002]  ? kmsan_get_metadata+0x4f/0x180
[ 1108.398505][T27002]  ? __msan_poison_alloca+0xf0/0x120
[ 1108.398505][T27002]  mempool_alloc_slab+0x66/0xc0
[ 1108.398505][T27002]  mempool_alloc+0x11f/0x810
[ 1108.398505][T27002]  ? mempool_free+0x430/0x430
[ 1108.398505][T27002]  ? kmsan_get_metadata+0x4f/0x180
[ 1108.398505][T27002]  ? kmsan_get_metadata+0x11d/0x180
[ 1108.398505][T27002]  bio_alloc_bioset+0x346/0xc90
[ 1108.398505][T27002]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[ 1108.398505][T27002]  ? truncate_inode_pages_range+0x2444/0x24b0
[ 1108.398505][T27002]  ? kmsan_get_metadata+0x11d/0x180
[ 1108.398505][T27002]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1108.398505][T27002]  __blkdev_issue_zero_pages+0x2c3/0x9f0
[ 1108.398505][T27002]  blkdev_issue_zeroout+0x4b6/0x800
[ 1108.398505][T27002]  blkdev_common_ioctl+0x3486/0x3500
[ 1108.398505][T27002]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1108.398505][T27002]  blkdev_ioctl+0x8df/0xd90
[ 1108.398505][T27002]  block_ioctl+0x16e/0x1c0
[ 1108.398505][T27002]  ? blkdev_iopoll+0x190/0x190
[ 1108.398505][T27002]  __se_sys_ioctl+0x2e9/0x410
[ 1108.398505][T27002]  __x64_sys_ioctl+0x4a/0x70
[ 1108.398505][T27002]  do_syscall_64+0xb8/0x160
[ 1108.398505][T27002]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1108.398505][T27002] RIP: 0033:0x45cb29
[ 1108.398505][T27002] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1108.398505][T27002] RSP: 002b:00007f56b7d08c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1108.398505][T27002] RAX: ffffffffffffffda RBX: 00000000004e24e0 RCX: 000000000045cb29
[ 1108.398505][T27002] RDX: 0000000020000000 RSI: 000000000000127f RDI: 0000000000000003
[ 1108.398505][T27002] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1108.398505][T27002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
16:18:00 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1108.398505][T27002] R13: 0000000000000239 R14: 00000000004c4935 R15: 00007f56b7d096d4
16:18:00 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:00 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="14680f07575f9aeb3bd18b16cb6256765e479a3a0e7b0fc8f3fab0be23ff932424b5a91840dff2ccf6d18ca962e78f646ef83247a859a093a1d274fa42f8e6c8f0d10fdfbbec5e6fce5879b4a17817b1f8cac408bf1df96229d3a18a88b12db202", @ANYRES16=r3, @ANYBLOB="0100000000000000000014000000"], 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x138, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xc4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e23, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e21, @rand_addr=0x64010102}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffff80}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x20}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x20000810}, 0x40004)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000200)='/dev/btrfs-control\x00', 0x2000, 0x0)
write$P9_RFLUSH(r4, &(0x7f00000002c0)={0x7, 0x6d, 0x1}, 0x7)
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:01 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x7c, &(0x7f0000000140)={r4}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={r4, 0xe7e}, 0x8)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000080)={0x100000000, 0x8021ff})
r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x8800, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0)

[ 1109.662511][ T1275] tipc: TX() has been purged, node left!
[ 1109.727162][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1109.739856][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1109.748573][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1109.749726][T21853] Call Trace:
[ 1109.749726][T21853]  dump_stack+0x1c9/0x220
[ 1109.749726][T21853]  dump_header+0x1e7/0xd00
[ 1109.749726][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1109.749726][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1109.749726][T21853]  ? ___ratelimit+0x542/0x720
[ 1109.749726][T21853]  ? task_will_free_mem+0x176/0x830
[ 1109.749726][T21853]  oom_kill_process+0x216/0x580
[ 1109.749726][T21853]  out_of_memory+0x181e/0x1cc0
[ 1109.749726][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1109.749726][T21853]  alloc_pages_current+0x67d/0x990
[ 1109.749726][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1109.749726][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1109.749726][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1109.749726][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1109.749726][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1109.749726][T21853]  ? debug_shrink_set+0x220/0x220
[ 1109.749726][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1109.749726][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1109.749726][T21853]  do_syscall_64+0xb8/0x160
[ 1109.749726][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1109.749726][T21853] RIP: 0033:0x45cb29
[ 1109.749726][T21853] Code: Bad RIP value.
[ 1109.749726][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1109.749726][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1109.749726][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1109.749726][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1109.749726][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1109.749726][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1109.923941][T21853] Mem-Info:
[ 1109.927208][T21853] active_anon:177994 inactive_anon:6859 isolated_anon:0
[ 1109.927208][T21853]  active_file:5835 inactive_file:52723 isolated_file:0
[ 1109.927208][T21853]  unevictable:0 dirty:114 writeback:0 unstable:0
[ 1109.927208][T21853]  slab_reclaimable:5659 slab_unreclaimable:24575
[ 1109.927208][T21853]  mapped:59148 shmem:7095 pagetables:6159 bounce:0
[ 1109.927208][T21853]  free:114095 free_pcp:166 free_cma:0
[ 1109.965512][T21853] Node 0 active_anon:666168kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123872kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1109.994442][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1110.023488][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1110.028768][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640060kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:736kB pagetables:2712kB bounce:0kB free_pcp:292kB local_pcp:276kB free_cma:0kB
[ 1110.060313][T21853] lowmem_reserve[]: 0 0 228 228
[ 1110.065552][T21853] Node 0 Normal free:9652kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26108kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6972kB bounce:0kB free_pcp:372kB local_pcp:64kB free_cma:0kB
[ 1110.097390][T21853] lowmem_reserve[]: 0 0 0 0
[ 1110.102264][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1110.114398][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1110.130989][T21853] Node 0 Normal: 925*4kB (UM) 396*8kB (UM) 94*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9652kB
[ 1110.146131][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.155885][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.165397][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1110.175145][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1110.184638][T21853] 27404 total pagecache pages
[ 1110.189375][T21853] 0 pages in swap cache
[ 1110.193758][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1110.199860][T21853] Free swap  = 0kB
[ 1110.203800][T21853] Total swap = 0kB
[ 1110.207582][T21853] 1965979 pages RAM
[ 1110.211449][T21853] 0 pages HighMem/MovableOnly
[ 1110.216298][T21853] 1423249 pages reserved
[ 1110.220592][T21853] 0 pages cma reserved
[ 1110.224927][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=27001,uid=0
[ 1110.239892][T21853] Out of memory: Killed process 27002 (syz-executor.4) total-vm:74848kB, anon-rss:164kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1110.258992][ T1822] oom_reaper: reaped process 27002 (syz-executor.4), now anon-rss:0kB, file-rss:34756kB, shmem-rss:0kB
16:18:02 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
write$input_event(r5, &(0x7f0000000700)={{0x0, 0xea60}, 0x14, 0x101, 0xff}, 0x18)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, &(0x7f00000001c0)=0x10000)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)={0x24c, 0x14, 0x800, 0x70bd29, 0x25dfdbfb, {0x29, 0x6}, [@INET_DIAG_REQ_BYTECODE={0x5c, 0x1, "5a6e02ad97d72dadc37ba85b7203e108e305bd73382de731361a80e3772b4f9a92565bfd87daca1c38310206c2296ea50a634974847e2bf4416b4ac5948ce8c690de92663bfba18852c18c5c5249f4da38b874b8a47c67ed"}, @INET_DIAG_REQ_BYTECODE={0x5a, 0x1, "a5760e4bc3a33b358655a3b88a15471e3d0639495a74f5e99f53e29a4e695728832d51215fff7db0e1cb5a904bbe24b5a998a73ee51889354be9dce7e3381be7bbedb2f8b8c65839038305890db45d5267e640ad9fa2"}, @INET_DIAG_REQ_BYTECODE={0x7c, 0x1, "e1fa2a144e80e8c5734a7242065af4f233adc8e0f61bd4579b95c5ce53f1568398a1089d16d8556b51d8d8a3bb307260c16cdd59852a556c6b44c8bc75090dc9bf9823e938a24c27c5ef664c453eb1a0b90c06d17738ce3005f37ede1ca312c1ddfa7e545dd9ed80a04781b456320a02cd8c54c541c22ed9"}, @INET_DIAG_REQ_BYTECODE={0x102, 0x1, "3df41150d3b80e4c3ac82fe92a6538085ff9447be313b93918494bb7b5aeddd23dfc7dae294822c8774f0c8c9a9c918e08cd8643d467932905b55a2b4a32256c51af07df7d729a0e51df610f7b9928c05f251504be567371be499ed0d265d3609ce1966b62cdb5d49493697d6f73ff9feb7ba01592afc4b7dc0b7431993d3031840036741101a8a0871aad1375160c21b981319b02677554912df04ca90594761d0f839ab3d174bf95572ef5c55457d4337f4c652f4666460701e539193d2dd8e675664094a11cabd4e03ddaafc187bdac6b79cd7c325a8a6edea027fc494a890fc7814c891907098b9eeeed7609b32bc15b4e8a033ddbf3d252e9978378"}]}, 0x24c}, 0x1, 0x0, 0x0, 0x4040410}, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000000)={0xfffffffffffffffd, 0x882200})
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x122)
ioctl$FS_IOC_FIEMAP(r7, 0xc020660b, &(0x7f0000000200)={0x3f, 0x1000, 0x0, 0x400, 0x5, [{0x3ff, 0x8001, 0x7fff, [], 0x2800}, {0x6, 0x2, 0x7, [], 0x580}, {0x4, 0x5ddbf8b1, 0x4f7976e, [], 0x81}, {0x5, 0x4, 0x8, [], 0x10c}, {0x5, 0x0, 0x3, [], 0x3011}]})
fcntl$getownex(r0, 0x10, &(0x7f0000000180))

16:18:02 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:02 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x490280, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:02 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x241, 0x0)
mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000001, 0x100010, r1, 0x8000000)

16:18:02 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:02 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x38e02, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x50}}, 0x0)
sendmsg$IPSET_CMD_TEST(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x88, 0xb, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_ADT={0x20, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x4}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8e}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x20}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000850)

16:18:03 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r1)
ptrace$setsig(0x4203, r1, 0x0, 0x0)
prctl$PR_SET_FPEMU(0xa, 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1111.304580][T27039] netlink: 'syz-executor.5': attribute type 5 has an invalid length.
16:18:03 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:03 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000001d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c090000010000000000a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092c0100b049f3fc65d61c2b3c65f2f80a61ea8577718cf3df1186f5fe54475288cef527baac33bd96963936c5d32d35522b908d7a5c81891961c183f588e6e5860c13c9879a17aa"], 0x14f)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, <r0=>0x0}, &(0x7f0000000040)=0x375)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000340)}], 0x1, 0x0, 0x0, 0x8041}, {&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000600)="31a8a74c68e0576d9cd0c4741a0f6839f84fc6baa465a3f1153fbe538f25a929d282536660351a3581028e66de385e10e131124fe3f5ba72073e2d3c3f96cfb6d13ca9b9c6d5a0fee2b32c81839ef87b1843cf32bb270e925b79761d84da87242cd3d95cf159acc29f558ec395850eaaaa9061726fb30646066dd00503f0eec9f7c956570dddedbf0e6692cbf6427e52855de62360ab42e3", 0x98}, {&(0x7f0000000800)="d0a5fa7f0cb087dc535dfdf450ae158bbc5c6c79303c3eebd9d824d333f53078f9f6cb8e76f89d4fb5a1a0caf8a384addf7c760763a1dd76a620ecc2c609911aa557764397da1f5473a207332c65c5e2db9127ed52dc54b0b16703fecf2098a18341a916b13e1c3432acf88389398be97f38883ea36e1ddb21b0c3", 0x7b}, {&(0x7f0000000900)="525ff4c0d7782b41717deb7f1afff48415cd28092b64355e883331de6f58ce5273b3e1cbffb5419e1dafbd06fbfba3cc1b091df7424a9f5f4d0889a1936f8c8df12585d15a2acb32e1694bfaa185709d39e8fc7e37f393305d8fe04e2c5a8fb5f787a2b21a23a4ae7409ecbb499c02937c5fb32383c1a40c454e63d53179ad14101cada44359d2bc922784f11ffbdcb9ace625deb13433cf9a4a6309fef2f8c57420c2181cbecc403ad93fad", 0xac}, {&(0x7f0000000a00)}, {&(0x7f0000000740)="efd0bf25fe40ac2ee963d5580eecffb337e212f47cf2602fae610ae0821cf88788dc6ca033", 0x25}, {&(0x7f0000000ac0)="399d0210dcdacdcfc962b6b1e6a648c706b138082fe892fc7182d998a8ebe7434ed827118dfae41d466b687c54ee7de1a1a7d161c69189c18fa3e6725fb232affdeeeb5f00512d184d7742481fe79bc233f329b9d0d4208db657723a2c2808f0d046a1e794ee44e6fa84bb4588f7797bb32979da462f5021d24ebe82b2a26e871ee8916b24b21ad7ed57a55b9f9157f37f335379b3acef4f56e9b3b95fb732e294f61e226657dd1c9ffe29f78b589084a55a8b66", 0xb4}], 0x6, &(0x7f0000001f00)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0, 0x20028041}], 0x2, 0x50)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='fuse\x00', 0x820404, &(0x7f0000000240)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id'}, 0x2c, {'group_id', 0x3d, r0}, 0x2c, {[{@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}], [{@smackfstransmute={'smackfstransmute'}}, {@seclabel='seclabel'}, {@obj_type={'obj_type', 0x3d, '%*-'}}, {@fsname={'fsname', 0x3d, 'cpuset\x00'}}]}})
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
r3 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff7, 0x400007f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r4, &(0x7f0000001d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c090000010000000000a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092c0100b049f3fc65d61c2b3c65f2f80a61ea8577718cf3df1186f5fe54475288cef527baac33bd96963936c5d32d35522b908d7a5c81891961c183f588e6e5860c13c9879a17aa"], 0x14f)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, <r5=>0x0}, &(0x7f0000000040)=0x375)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000340)}], 0x1, 0x0, 0x0, 0x8041}, {&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000600)="31a8a74c68e0576d9cd0c4741a0f6839f84fc6baa465a3f1153fbe538f25a929d282536660351a3581028e66de385e10e131124fe3f5ba72073e2d3c3f96cfb6d13ca9b9c6d5a0fee2b32c81839ef87b1843cf32bb270e925b79761d84da87242cd3d95cf159acc29f558ec395850eaaaa9061726fb30646066dd00503f0eec9f7c956570dddedbf0e6692cbf6427e52855de62360ab42e3", 0x98}, {&(0x7f0000000800)="d0a5fa7f0cb087dc535dfdf450ae158bbc5c6c79303c3eebd9d824d333f53078f9f6cb8e76f89d4fb5a1a0caf8a384addf7c760763a1dd76a620ecc2c609911aa557764397da1f5473a207332c65c5e2db9127ed52dc54b0b16703fecf2098a18341a916b13e1c3432acf88389398be97f38883ea36e1ddb21b0c3", 0x7b}, {&(0x7f0000000900)="525ff4c0d7782b41717deb7f1afff48415cd28092b64355e883331de6f58ce5273b3e1cbffb5419e1dafbd06fbfba3cc1b091df7424a9f5f4d0889a1936f8c8df12585d15a2acb32e1694bfaa185709d39e8fc7e37f393305d8fe04e2c5a8fb5f787a2b21a23a4ae7409ecbb499c02937c5fb32383c1a40c454e63d53179ad14101cada44359d2bc922784f11ffbdcb9ace625deb13433cf9a4a6309fef2f8c57420c2181cbecc403ad93fad", 0xac}, {&(0x7f0000000a00)}, {&(0x7f0000000740)="efd0bf25fe40ac2ee963d5580eecffb337e212f47cf2602fae610ae0821cf88788dc6ca033", 0x25}, {&(0x7f0000000ac0)="399d0210dcdacdcfc962b6b1e6a648c706b138082fe892fc7182d998a8ebe7434ed827118dfae41d466b687c54ee7de1a1a7d161c69189c18fa3e6725fb232affdeeeb5f00512d184d7742481fe79bc233f329b9d0d4208db657723a2c2808f0d046a1e794ee44e6fa84bb4588f7797bb32979da462f5021d24ebe82b2a26e871ee8916b24b21ad7ed57a55b9f9157f37f335379b3acef4f56e9b3b95fb732e294f61e226657dd1c9ffe29f78b589084a55a8b66", 0xb4}], 0x6, &(0x7f0000001f00)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r5}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r4, r3]}}, @cred={{0x1c}}], 0xb0, 0x20028041}], 0x2, 0x50)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='fuse\x00', 0x820404, &(0x7f0000000240)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r2}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}], [{@smackfstransmute={'smackfstransmute'}}, {@seclabel='seclabel'}, {@obj_type={'obj_type', 0x3d, '%*-'}}, {@fsname={'fsname', 0x3d, 'cpuset\x00'}}]}})
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f0000000080)={0x78, 0x0, 0x4, {0x9, 0x9b53, 0x0, {0x2, 0x2, 0x7, 0x0, 0x42, 0xff, 0x4, 0xee14, 0x8, 0x101, 0x2, 0x0, r5, 0x1, 0x7}}}, 0x78)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
modify_ldt$read(0x0, &(0x7f0000000040)=""/54, 0x36)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1111.670017][    C0] sd 0:0:1:0: [sg0] tag#1384 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1111.680671][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB: Test Unit Ready
[ 1111.687458][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.697325][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.707162][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.717041][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.726903][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.736854][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.746759][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.756677][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:18:03 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-vsock\x00', 0x2, 0x0)
r5 = dup(r4)
getsockname$packet(r5, 0x0, &(0x7f0000000140))
write$FUSE_NOTIFY_INVAL_ENTRY(r5, &(0x7f0000000040)={0x2d, 0x3, 0x0, {0x5, 0xc, 0x0, '/dev/nullb0\x00'}}, 0x2d)

[ 1111.766553][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.776442][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.786302][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.796193][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1111.806065][    C0] sd 0:0:1:0: [sg0] tag#1384 CDB[c0]: 00 00 00 00 00 00 00 00
16:18:03 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x480000, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x6000)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:04 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
ioctl$PPPIOCGFLAGS1(r1, 0x8004745a, &(0x7f0000000040))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:04 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:04 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000580)=@req={0x28, &(0x7f00000001c0)={'bond_slave_1\x00', @ifru_addrs=@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}})
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(0xffffffffffffffff)
r3 = accept(r2, &(0x7f0000000380)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, &(0x7f0000000400)=0x80)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)={0x38, r7, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x24, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x5, 0x5}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x38}}, 0x0)
r8 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0)='NLBL_UNLBL\x00')
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r6, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r8, 0x202, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40041}, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r5, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x84, r8, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'team0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @empty}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, [], 0x1}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x84}, 0x1, 0x0, 0x0, 0x4}, 0x800)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r4, &(0x7f0000000380)={&(0x7f0000000140), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r8, 0x330, 0x70bd25, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x26}}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'bond0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ip_vti0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}]}, 0x4c}, 0x1, 0x0, 0x0, 0x15}, 0x1)
sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x78, r8, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @local}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'caif0\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_SECCTX={0x27, 0x7, 'system_u:object_r:kmsg_device_t:s0\x00'}]}, 0x78}, 0x1, 0x0, 0x0, 0x4800}, 0x4800)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:04 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1112.576740][T27069] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[ 1112.782670][    C0] sd 0:0:1:0: [sg0] tag#1385 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1112.793321][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB: Test Unit Ready
[ 1112.799965][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.809881][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.819802][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.829703][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.839599][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.849494][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.859393][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.869287][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.879200][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.889051][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.898926][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.908781][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1112.918621][    C0] sd 0:0:1:0: [sg0] tag#1385 CDB[c0]: 00 00 00 00 00 00 00 00
[ 1113.473779][T27080] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
16:18:05 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x40800, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}})

16:18:05 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:05 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, 0x0, 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:06 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0xffffffffffffffff, 0x1})
r0 = socket$inet6(0xa, 0x6, 0x3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
ioctl$SOUND_PCM_READ_CHANNELS(r2, 0x80045006, &(0x7f0000000080))
ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040))

[ 1114.243309][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1114.256016][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1114.264752][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1114.265918][T21853] Call Trace:
[ 1114.265918][T21853]  dump_stack+0x1c9/0x220
[ 1114.281894][T21853]  dump_header+0x1e7/0xd00
[ 1114.281894][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1114.281894][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1114.281894][T21853]  ? ___ratelimit+0x542/0x720
[ 1114.281894][T21853]  ? task_will_free_mem+0x176/0x830
[ 1114.281894][T21853]  oom_kill_process+0x216/0x580
[ 1114.281894][T21853]  out_of_memory+0x181e/0x1cc0
[ 1114.281894][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1114.281894][T21853]  alloc_pages_current+0x67d/0x990
[ 1114.281894][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1114.281894][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1114.281894][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1114.281894][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1114.281894][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1114.281894][T21853]  ? debug_shrink_set+0x220/0x220
[ 1114.281894][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1114.281894][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1114.281894][T21853]  do_syscall_64+0xb8/0x160
[ 1114.281894][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1114.281894][T21853] RIP: 0033:0x45cb29
[ 1114.281894][T21853] Code: Bad RIP value.
[ 1114.281894][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1114.281894][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1114.281894][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1114.281894][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1114.281894][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1114.281894][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1114.438637][T21853] Mem-Info:
[ 1114.441992][T21853] active_anon:177940 inactive_anon:6859 isolated_anon:0
[ 1114.441992][T21853]  active_file:5835 inactive_file:52733 isolated_file:0
[ 1114.441992][T21853]  unevictable:0 dirty:136 writeback:0 unstable:0
[ 1114.441992][T21853]  slab_reclaimable:5657 slab_unreclaimable:24545
[ 1114.441992][T21853]  mapped:59143 shmem:7095 pagetables:6133 bounce:0
[ 1114.441992][T21853]  free:114202 free_pcp:167 free_cma:0
[ 1114.480570][T21853] Node 0 active_anon:666168kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123892kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1114.509312][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1114.540116][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1114.545557][T21853] Node 0 DMA32 free:42896kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640060kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:720kB pagetables:2712kB bounce:0kB free_pcp:292kB local_pcp:276kB free_cma:0kB
[ 1114.577182][T21853] lowmem_reserve[]: 0 0 228 228
[ 1114.582252][T21853] Node 0 Normal free:9652kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26108kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6972kB bounce:0kB free_pcp:376kB local_pcp:68kB free_cma:0kB
[ 1114.613915][T21853] lowmem_reserve[]: 0 0 0 0
[ 1114.618575][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1114.630655][T21853] Node 0 DMA32: 888*4kB (ME) 454*8kB (UM) 220*16kB (UM) 140*32kB (M) 113*64kB (UM) 58*128kB (M) 33*256kB (M) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 42896kB
[ 1114.647194][T21853] Node 0 Normal: 925*4kB (UM) 396*8kB (UM) 94*16kB (UM) 26*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9652kB
[ 1114.662265][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.672026][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1114.681358][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1114.691091][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1114.700592][T21853] 27497 total pagecache pages
[ 1114.705455][T21853] 0 pages in swap cache
[ 1114.709651][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1114.715930][T21853] Free swap  = 0kB
[ 1114.719683][T21853] Total swap = 0kB
[ 1114.723616][T21853] 1965979 pages RAM
[ 1114.727452][T21853] 0 pages HighMem/MovableOnly
[ 1114.732312][T21853] 1423249 pages reserved
[ 1114.736592][T21853] 0 pages cma reserved
16:18:06 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$TIOCNXCL(r2, 0x540d)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1114.740707][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=27067,uid=0
[ 1114.755634][T21853] Out of memory: Killed process 27081 (syz-executor.0) total-vm:75244kB, anon-rss:184kB, file-rss:35912kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1114.775858][ T1822] oom_reaper: reaped process 27081 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB
16:18:06 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x50}}, 0x0)
dup(r3)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:07 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1115.278693][T27103] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
16:18:07 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, 0x0, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x3}, 0xe)
shutdown(r2, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000180)=0x10)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x7c, &(0x7f0000000140)={r4}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000400)={<r5=>r4, 0x8}, &(0x7f0000000440)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000480)={r5, @in={{0x2, 0x4e24, @multicast2}}, 0x1000, 0x7}, &(0x7f0000000540)=0x90)
r6 = dup(r1)
getsockname$packet(r6, 0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
getsockname$packet(r8, 0x0, &(0x7f0000000140))
ioctl$KVM_HYPERV_EVENTFD(r6, 0x4018aebd, &(0x7f0000000040)={0x1, r8})

[ 1116.000255][T27103] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
16:18:08 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:08 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:08 executing program 0:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000080)=0x1e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r4, 0x1}, 0x14}}, 0x0)
dup2(r3, r0)

16:18:08 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = fsopen(&(0x7f0000000040)='ufs\x00', 0x0)
fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000080))

16:18:08 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video36\x00', 0x2, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000080))
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:08 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:09 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:09 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0)
setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080)=0x1, 0x4)
setxattr$trusted_overlay_opaque(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='trusted.overlay.opaque\x00', &(0x7f0000000280)='y\x00', 0x2, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000000c0)={0xdffffffffffffffd, 0x800882200})
r2 = gettid()
prctl$PR_SET_PTRACER(0x59616d61, r2)
ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, &(0x7f00000001c0))
sendmsg$AUDIT_SET(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, 0x3e9, 0x2, 0x70bd2d, 0x25dfdbfb, {0x4, 0x0, 0x1, r2, 0x20, 0x4, 0xe44, 0x7fffffff, 0x0, 0x1}, ["", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x20000040}, 0x80)

[ 1118.111434][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1118.124379][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1118.133123][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1118.133998][T21853] Call Trace:
[ 1118.133998][T21853]  dump_stack+0x1c9/0x220
[ 1118.133998][T21853]  dump_header+0x1e7/0xd00
[ 1118.133998][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1118.133998][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1118.133998][T21853]  ? ___ratelimit+0x542/0x720
[ 1118.133998][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1118.133998][T21853]  oom_kill_process+0x216/0x580
[ 1118.133998][T21853]  out_of_memory+0x181e/0x1cc0
[ 1118.133998][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1118.133998][T21853]  alloc_pages_current+0x67d/0x990
[ 1118.133998][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1118.133998][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1118.133998][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1118.133998][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1118.133998][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1118.133998][T21853]  ? debug_shrink_set+0x220/0x220
[ 1118.133998][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1118.133998][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1118.133998][T21853]  do_syscall_64+0xb8/0x160
[ 1118.133998][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1118.133998][T21853] RIP: 0033:0x45cb29
[ 1118.133998][T21853] Code: Bad RIP value.
[ 1118.133998][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1118.133998][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1118.133998][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1118.133998][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1118.133998][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1118.133998][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1118.307628][T21853] Mem-Info:
16:18:10 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x210080, 0x0)
ioctl$RTC_EPOCH_SET(r1, 0x4008700e, 0x1ff)
prctl$PR_GET_FP_MODE(0x2e)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000140)=@can={0x1d, <r3=>0x0}, 0x80, &(0x7f0000000400)=[{&(0x7f00000001c0)=""/7, 0x7}, {&(0x7f0000000200)=""/103, 0x67}, {&(0x7f00000002c0)=""/154, 0x9a}, {&(0x7f0000000380)=""/97, 0x61}], 0x4, &(0x7f0000000440)=""/147, 0x93}, 0x22)
sendmsg$can_raw(r2, &(0x7f0000000640)={&(0x7f0000000540)={0x1d, r3}, 0x10, &(0x7f0000000600)={&(0x7f0000000580)=@canfd={{0x0, 0x0, 0x1}, 0x13, 0x1, 0x0, 0x0, "a75423f0ce55701fed368c4c79e490db1936590912a7ad27420f5935661fb6e4112127a43b0975f4278a37e3b751eebc1d88dfd062317aef0700524e4da75bdf"}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x8001)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1118.310917][T21853] active_anon:178046 inactive_anon:6858 isolated_anon:0
[ 1118.310917][T21853]  active_file:5836 inactive_file:52789 isolated_file:0
[ 1118.310917][T21853]  unevictable:0 dirty:128 writeback:0 unstable:0
[ 1118.310917][T21853]  slab_reclaimable:5659 slab_unreclaimable:24470
[ 1118.310917][T21853]  mapped:59226 shmem:7095 pagetables:6154 bounce:0
[ 1118.310917][T21853]  free:114249 free_pcp:14 free_cma:0
16:18:10 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1118.349178][T21853] Node 0 active_anon:666168kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123892kB dirty:0kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1118.377824][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1118.411579][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1118.416932][T21853] Node 0 DMA32 free:43188kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640060kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:720kB pagetables:2712kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1118.448074][T21853] lowmem_reserve[]: 0 0 228 228
[ 1118.453085][T21853] Node 0 Normal free:9200kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26108kB inactive_anon:19160kB active_file:4kB inactive_file:116kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6972kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB
[ 1118.484688][T21853] lowmem_reserve[]: 0 0 0 0
[ 1118.489272][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1118.501315][T21853] Node 0 DMA32: 897*4kB (UME) 452*8kB (M) 219*16kB (UM) 141*32kB (M) 113*64kB (UM) 58*128kB (M) 34*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43188kB
[ 1118.518041][T21853] Node 0 Normal: 946*4kB (UM) 379*8kB (M) 77*16kB (UM) 22*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9200kB
[ 1118.533122][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1118.542851][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1118.552343][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1118.562249][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1118.571568][T21853] 27453 total pagecache pages
[ 1118.576427][T21853] 0 pages in swap cache
[ 1118.580626][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1118.586866][T21853] Free swap  = 0kB
[ 1118.590642][T21853] Total swap = 0kB
[ 1118.594538][T21853] 1965979 pages RAM
[ 1118.598374][T21853] 0 pages HighMem/MovableOnly
[ 1118.603230][T21853] 1423249 pages reserved
[ 1118.607544][T21853] 0 pages cma reserved
16:18:10 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0xd, 0x8821fe})

16:18:10 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x4000000000000000, 0xfffffffffffffffb})
r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x2, 0x200000)
write$P9_RREAD(r1, &(0x7f0000000840)=ANY=[@ANYRES16], 0x108)

[ 1118.611660][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18989,uid=0
[ 1118.626805][T21853] Out of memory: Killed process 18989 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1118.646624][ T1822] oom_reaper: reaped process 18989 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB
16:18:10 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x0, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1119.368869][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1119.381658][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1119.390379][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1119.391480][T21853] Call Trace:
[ 1119.391480][T21853]  dump_stack+0x1c9/0x220
[ 1119.391480][T21853]  dump_header+0x1e7/0xd00
[ 1119.391480][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1119.391480][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1119.391480][T21853]  ? ___ratelimit+0x542/0x720
[ 1119.391480][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1119.391480][T21853]  oom_kill_process+0x216/0x580
[ 1119.391480][T21853]  out_of_memory+0x181e/0x1cc0
[ 1119.391480][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1119.391480][T21853]  alloc_pages_current+0x67d/0x990
[ 1119.391480][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1119.391480][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1119.391480][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1119.391480][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1119.477277][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1119.477277][T21853]  ? debug_shrink_set+0x220/0x220
[ 1119.477277][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1119.477277][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1119.494447][T21853]  do_syscall_64+0xb8/0x160
[ 1119.494447][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1119.494447][T21853] RIP: 0033:0x45cb29
[ 1119.494447][T21853] Code: Bad RIP value.
[ 1119.494447][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1119.494447][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1119.494447][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1119.494447][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1119.494447][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1119.494447][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1119.565442][T21853] Mem-Info:
[ 1119.568723][T21853] active_anon:177994 inactive_anon:6859 isolated_anon:0
[ 1119.568723][T21853]  active_file:5836 inactive_file:52728 isolated_file:0
[ 1119.568723][T21853]  unevictable:0 dirty:53 writeback:17 unstable:0
[ 1119.568723][T21853]  slab_reclaimable:5659 slab_unreclaimable:24470
[ 1119.568723][T21853]  mapped:59238 shmem:7095 pagetables:6101 bounce:0
[ 1119.568723][T21853]  free:114131 free_pcp:38 free_cma:0
[ 1119.606901][T21853] Node 0 active_anon:666168kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123892kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1119.635619][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1119.676783][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1119.682246][T21853] Node 0 DMA32 free:43188kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:640060kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:720kB pagetables:2712kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1119.713397][T21853] lowmem_reserve[]: 0 0 228 228
[ 1119.718329][T21853] Node 0 Normal free:9200kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26108kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6892kB bounce:0kB free_pcp:152kB local_pcp:96kB free_cma:0kB
[ 1119.750132][T21853] lowmem_reserve[]: 0 0 0 0
[ 1119.754854][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1119.766939][T21853] Node 0 DMA32: 897*4kB (UME) 452*8kB (M) 219*16kB (UM) 141*32kB (M) 113*64kB (UM) 58*128kB (M) 34*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43188kB
[ 1119.783630][T21853] Node 0 Normal: 946*4kB (UM) 379*8kB (M) 77*16kB (UM) 22*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9200kB
[ 1119.798657][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1119.808425][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1119.818003][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1119.827763][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1119.837273][T21853] 27380 total pagecache pages
[ 1119.842130][T21853] 0 pages in swap cache
[ 1119.846329][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1119.852607][T21853] Free swap  = 0kB
[ 1119.856354][T21853] Total swap = 0kB
[ 1119.860111][T21853] 1965979 pages RAM
[ 1119.864122][T21853] 0 pages HighMem/MovableOnly
16:18:11 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$packet(r1, 0x0, &(0x7f0000000140))
ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0x80, {0x40, 0x9, 0x9, 0x2, 0x4, 0x7fff}})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x600800, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, 0x0, &(0x7f0000000140))
pidfd_getfd(r4, r1, 0x0)

16:18:11 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1119.868854][T21853] 1423249 pages reserved
[ 1119.873278][T21853] 0 pages cma reserved
[ 1119.877457][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=17931,uid=0
[ 1119.892525][T21853] Out of memory: Killed process 17931 (syz-executor.1) total-vm:75244kB, anon-rss:196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:18:11 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
getsockname$packet(r4, 0x0, &(0x7f0000000140))
ioctl$BLKBSZGET(r4, 0x80081270, &(0x7f0000000100))
getsockname$packet(r2, 0x0, &(0x7f0000000140))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
getsockname$packet(r8, 0x0, &(0x7f0000000140))
ioctl$VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000080)={0x3, 0x10001})
getsockname$packet(r6, 0x0, &(0x7f0000000140))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8}]}, 0x50}}, 0x0)
r9 = dup(0xffffffffffffffff)
ioctl$EVIOCGNAME(r9, 0x80404506, &(0x7f0000000180)=""/48)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000040)={0xffffffffffffffff, r9}, 0x10)

16:18:11 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:12 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000840)=ANY=[@ANYBLOB="5000000010000507004512c7e7b64a4e3017d90862478a3b21f719fed6371f04cd712086ef786847006edc4881f148be58c1308936a2cde5795522b890c40bf1378991c83e0316951c02392223c4b9cc698d3e18ccd1d33fd6676a94f877a9405c2ea4adae5cb5131bd11abedbf06f5f82b933f4419c36a68cbf0b7d394c6959b50b2d7a448835c4814171e01798f2bfcfb2c58926be9de21ea60d649a1f913b24ccbab8cda39f0f111523f98afe70", @ANYRES32=0x0, @ANYBLOB="65350600050000001c0012800c0001006d6163766c616e000c00028008000100080000000a000500040000000000000008000a00", @ANYRES32=r4, @ANYBLOB], 0x50}}, 0x0)
socketpair(0x10, 0x5, 0xc, &(0x7f0000000300)={<r5=>0xffffffffffffffff})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000940)=ANY=[@ANYBLOB="14028000d81a8931f82185f4af5a2e09ce4c79343b1fbfae0bd375700f6c61cdb00be5dec90607ec53396d692e78d0ec0bea2bd4a89343d72325aabc5d71a052240d569c880ed32b6bd2ee6043f4d4651830de1c25b033297b500dbe82a0d6b1f6043935adece14a6aac613cd2f20d66891214daa78a7a8fea5adf090f6c2aee40527286eae8287096a6068b18d65e0826c4c5d1e8ff1adacfb7a84d2e072b6301721c86815962236310e87b978dbf201a7eec34335b430d66e215f810cb125c86bd71d1c61e1d48120d19de6313eabc3883e075cb323de44ba746850c77dbae3078bafa8cce", @ANYRES16=r7, @ANYBLOB="0100000000000000000014000000"], 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r5, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r7, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$TIPC_NL_NODE_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000200)={&(0x7f0000000a80)=ANY=[@ANYBLOB="d000004117765f5f639cff030004c6221796f86f53738b0df62183f325309a7f2102bcfd5d660bd0aafd78d4f3604eac07a9ab750b2271b4237272f3b98b9e46744d41f480035a52e0c5dba6f4", @ANYRESHEX, @ANYBLOB="00042dbd7000ffdbdf250d0000003c000680040002002b000300a6b32645c1b7bdcc26aef4f284aad4699886dde3663f2145ef0d8bb4a6098fff753a8580e10706000800010000000000800005800700010069620000240002800800040000800000080001000f000000080004007ae7020408000300000000000800010065746800080001007564700014000280080001000800000008000300020000002c0002800800030048ffffff080004000600000008000300f602000008000200080000000800020005000000"], 0xd0}}, 0x1)
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="010000170000000000003f00fcadd6"], 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="180135f3321b2000a3492a9d780d91bbf4966600", @ANYRES16=r3, @ANYBLOB="000427bd7000ffdbdf2502000000a40001803c000280080001001a000000080003003f000000080002000100000008000300faffffff080004000b000000080001001100000008000200050000000d0001007564703a73797a3200000000040002800d0001007564703a73797a32000000000d0001007564703a73797a32000000001700010069623a76657468315f746f5f62617461647600001700010069623a76657468305f746f5f62617461647600004c0002800400040008000100ff7f00003c0003800800020006000000080001000000000008000200001000000800010005000000080001000004000008000100010100000800020082ae000014000380080002003f0000000800030007000000"], 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000180)={0x1c00000, 0x3e45abeb, 0x5, 0x8, 0x9})
setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000040)=@gcm_256={{0x304}, "7b29a1b0e1752e8a", "6118019772ef00169aeea29b594800b803b56c69b01d140cd72f976bff1f8b9b", "b49fa3bf", "fd0f936f2d146d64"}, 0x38)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1120.598900][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1120.611650][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1120.620386][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1120.621493][T21853] Call Trace:
[ 1120.621493][T21853]  dump_stack+0x1c9/0x220
[ 1120.621493][T21853]  dump_header+0x1e7/0xd00
[ 1120.621493][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1120.621493][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1120.621493][T21853]  ? ___ratelimit+0x542/0x720
[ 1120.621493][T21853]  ? task_will_free_mem+0x176/0x830
[ 1120.662995][T21853]  oom_kill_process+0x216/0x580
[ 1120.662995][T21853]  out_of_memory+0x181e/0x1cc0
[ 1120.662995][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1120.662995][T21853]  alloc_pages_current+0x67d/0x990
[ 1120.662995][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1120.662995][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1120.662995][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1120.662995][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1120.662995][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1120.712007][T21853]  ? debug_shrink_set+0x220/0x220
[ 1120.712007][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1120.712007][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1120.712007][T21853]  do_syscall_64+0xb8/0x160
[ 1120.712007][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1120.712007][T21853] RIP: 0033:0x45cb29
[ 1120.712007][T21853] Code: Bad RIP value.
[ 1120.712007][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1120.712007][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1120.712007][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1120.712007][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1120.712007][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1120.712007][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1120.795808][T21853] Mem-Info:
[ 1120.799066][T21853] active_anon:177981 inactive_anon:6859 isolated_anon:0
[ 1120.799066][T21853]  active_file:5835 inactive_file:52768 isolated_file:0
[ 1120.799066][T21853]  unevictable:0 dirty:66 writeback:0 unstable:0
[ 1120.799066][T21853]  slab_reclaimable:5659 slab_unreclaimable:24470
[ 1120.799066][T21853]  mapped:59245 shmem:7095 pagetables:6120 bounce:0
[ 1120.799066][T21853]  free:114123 free_pcp:104 free_cma:0
[ 1120.837326][T21853] Node 0 active_anon:666028kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123892kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1120.866261][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1120.895344][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1120.900614][T21853] Node 0 DMA32 free:43188kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639984kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:720kB pagetables:2712kB bounce:0kB free_pcp:84kB local_pcp:76kB free_cma:0kB
[ 1120.932019][T21853] lowmem_reserve[]: 0 0 228 228
[ 1120.936943][T21853] Node 0 Normal free:9200kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26044kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6788kB bounce:0kB free_pcp:332kB local_pcp:120kB free_cma:0kB
[ 1120.968833][T21853] lowmem_reserve[]: 0 0 0 0
[ 1120.973591][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
16:18:12 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000040)=0xc6)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
getsockopt$inet_dccp_int(r3, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
socket$phonet(0x23, 0x2, 0x1)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1120.985676][T21853] Node 0 DMA32: 897*4kB (UME) 452*8kB (M) 219*16kB (UM) 141*32kB (M) 113*64kB (UM) 58*128kB (M) 34*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43188kB
[ 1121.002410][T21853] Node 0 Normal: 946*4kB (UM) 379*8kB (M) 77*16kB (UM) 22*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9200kB
[ 1121.017388][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1121.027269][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1121.036717][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1121.046396][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1121.055797][T21853] 27464 total pagecache pages
[ 1121.060512][T21853] 0 pages in swap cache
[ 1121.064799][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1121.070935][T21853] Free swap  = 0kB
[ 1121.074777][T21853] Total swap = 0kB
[ 1121.078532][T21853] 1965979 pages RAM
[ 1121.082457][T21853] 0 pages HighMem/MovableOnly
[ 1121.087169][T21853] 1423249 pages reserved
[ 1121.091442][T21853] 0 pages cma reserved
16:18:13 executing program 4:
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1121.095650][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=27175,uid=0
16:18:13 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:13 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000040)={0x1, @pix_mp={0x9, 0x400, 0x47314356, 0x0, 0x4, [{0x0, 0x3}, {0x6, 0x10000}, {0x1, 0xff}, {0x9}, {0x5, 0x1f}, {0x800, 0x4}, {0x101, 0x5fd}, {0x6, 0x200}], 0x9, 0x3f, 0x0, 0x2, 0x6}})
r3 = userfaultfd(0x80000)
ioctl$UFFDIO_WAKE(r3, 0x8010aa02, &(0x7f0000000140)={&(0x7f0000ffd000/0x3000)=nil, 0x3000})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
getsockname$packet(r5, 0x0, &(0x7f0000000140))
ioctl$VIDIOC_G_OUTPUT(r5, 0x8004562e, &(0x7f0000000180))
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:13 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:13 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000040)={0x0, 0x882200})

16:18:14 executing program 4:
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r0, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r2, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x52, "d8d2fb91492ba4e0d8141afc07a419aba431ec0ca1c7c49529095e30021edca0f3837d0696a58da4b74ead170a05516c7ae0f5c26b970cc98686131b5be9847c243acd2ffc00f1aab52836600ebe6158d9eb"}, &(0x7f00000000c0)=0x76)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1122.047532][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1122.060610][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1122.069336][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1122.070104][T21853] Call Trace:
[ 1122.070104][T21853]  dump_stack+0x1c9/0x220
[ 1122.070104][T21853]  dump_header+0x1e7/0xd00
[ 1122.070104][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1122.070104][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1122.070104][T21853]  ? ___ratelimit+0x542/0x720
[ 1122.070104][T21853]  ? task_will_free_mem+0x176/0x830
[ 1122.070104][T21853]  oom_kill_process+0x216/0x580
[ 1122.070104][T21853]  out_of_memory+0x181e/0x1cc0
[ 1122.070104][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1122.070104][T21853]  alloc_pages_current+0x67d/0x990
[ 1122.070104][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1122.070104][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1122.070104][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1122.070104][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1122.070104][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1122.070104][T21853]  ? debug_shrink_set+0x220/0x220
[ 1122.070104][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1122.070104][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1122.070104][T21853]  do_syscall_64+0xb8/0x160
[ 1122.070104][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1122.070104][T21853] RIP: 0033:0x45cb29
[ 1122.070104][T21853] Code: Bad RIP value.
[ 1122.070104][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1122.070104][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1122.207908][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1122.207908][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1122.207908][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1122.231136][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1122.244065][T21853] Mem-Info:
16:18:14 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1122.247325][T21853] active_anon:177975 inactive_anon:6859 isolated_anon:0
[ 1122.247325][T21853]  active_file:5836 inactive_file:52868 isolated_file:0
[ 1122.247325][T21853]  unevictable:0 dirty:61 writeback:15 unstable:0
[ 1122.247325][T21853]  slab_reclaimable:5659 slab_unreclaimable:24468
[ 1122.247325][T21853]  mapped:59245 shmem:7095 pagetables:6135 bounce:0
[ 1122.247325][T21853]  free:113989 free_pcp:113 free_cma:0
[ 1122.285530][T21853] Node 0 active_anon:666028kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123900kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1122.314177][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1122.343208][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1122.348499][T21853] Node 0 DMA32 free:43188kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639984kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:688kB pagetables:2704kB bounce:0kB free_pcp:116kB local_pcp:92kB free_cma:0kB
[ 1122.379864][T21853] lowmem_reserve[]: 0 0 228 228
[ 1122.384866][T21853] Node 0 Normal free:9200kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26044kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6800kB bounce:0kB free_pcp:336kB local_pcp:120kB free_cma:0kB
[ 1122.416556][T21853] lowmem_reserve[]: 0 0 0 0
[ 1122.421128][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1122.433167][T21853] Node 0 DMA32: 897*4kB (UME) 452*8kB (M) 219*16kB (UM) 141*32kB (M) 113*64kB (UM) 58*128kB (M) 34*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43188kB
[ 1122.449776][T21853] Node 0 Normal: 946*4kB (UM) 379*8kB (M) 77*16kB (UM) 22*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9200kB
[ 1122.464731][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1122.474422][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1122.483856][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1122.493555][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1122.503014][T21853] 27532 total pagecache pages
[ 1122.507723][T21853] 0 pages in swap cache
[ 1122.512008][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1122.518105][T21853] Free swap  = 0kB
[ 1122.521947][T21853] Total swap = 0kB
[ 1122.525710][T21853] 1965979 pages RAM
[ 1122.529563][T21853] 0 pages HighMem/MovableOnly
[ 1122.534382][T21853] 1423249 pages reserved
[ 1122.538668][T21853] 0 pages cma reserved
16:18:14 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1122.542860][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=27193,uid=0
16:18:14 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
getsockopt$inet_dccp_int(r1, 0x21, 0x1b, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:15 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:15 executing program 5:
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x123d03, 0x0)
socket(0x2a, 0x3, 0x8)

16:18:15 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, 0x0, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:15 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x1, 0x0)
ioctl$BLKPG(r0, 0x1269, &(0x7f0000000080)={0x5, 0x1, 0x6, &(0x7f0000000040)="d4263fb60ea0"})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:16 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(r1)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:16 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x101001, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0)
ioctl$VHOST_SET_VRING_ENDIAN(r1, 0x4008af13, &(0x7f0000000080)={0x0, 0x8})

16:18:17 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, 0x0, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1125.563392][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1125.576206][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1125.584921][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1125.593854][T21853] Call Trace:
[ 1125.593854][T21853]  dump_stack+0x1c9/0x220
[ 1125.593854][T21853]  dump_header+0x1e7/0xd00
[ 1125.593854][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1125.593854][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1125.593854][T21853]  ? ___ratelimit+0x542/0x720
[ 1125.593854][T21853]  ? task_will_free_mem+0x176/0x830
[ 1125.593854][T21853]  oom_kill_process+0x216/0x580
[ 1125.593854][T21853]  out_of_memory+0x181e/0x1cc0
[ 1125.593854][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1125.593854][T21853]  alloc_pages_current+0x67d/0x990
[ 1125.593854][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1125.593854][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1125.593854][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1125.593854][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1125.593854][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1125.593854][T21853]  ? debug_shrink_set+0x220/0x220
[ 1125.593854][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1125.593854][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1125.593854][T21853]  do_syscall_64+0xb8/0x160
[ 1125.593854][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1125.593854][T21853] RIP: 0033:0x45cb29
[ 1125.593854][T21853] Code: Bad RIP value.
[ 1125.593854][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1125.717440][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1125.717440][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1125.717440][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1125.717440][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1125.717440][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1125.759946][T21853] Mem-Info:
[ 1125.763385][T21853] active_anon:177837 inactive_anon:6859 isolated_anon:0
[ 1125.763385][T21853]  active_file:5837 inactive_file:52747 isolated_file:0
[ 1125.763385][T21853]  unevictable:0 dirty:50 writeback:0 unstable:0
[ 1125.763385][T21853]  slab_reclaimable:5659 slab_unreclaimable:24468
[ 1125.763385][T21853]  mapped:59163 shmem:7095 pagetables:5999 bounce:0
[ 1125.763385][T21853]  free:114921 free_pcp:0 free_cma:0
[ 1125.801431][T21853] Node 0 active_anon:666028kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123900kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no
[ 1125.830201][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1125.859359][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1125.864790][T21853] Node 0 DMA32 free:43256kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639984kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:688kB pagetables:2704kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1125.896011][T21853] lowmem_reserve[]: 0 0 228 228
[ 1125.900937][T21853] Node 0 Normal free:9524kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26044kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6800kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1125.937102][T21853] lowmem_reserve[]: 0 0 0 0
[ 1125.941961][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1125.954073][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1125.970871][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1125.985998][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1125.995763][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1126.005279][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1126.015053][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1126.024539][T21853] 27406 total pagecache pages
[ 1126.029254][T21853] 0 pages in swap cache
[ 1126.033592][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1126.039689][T21853] Free swap  = 0kB
[ 1126.043550][T21853] Total swap = 0kB
[ 1126.047327][T21853] 1965979 pages RAM
[ 1126.051165][T21853] 0 pages HighMem/MovableOnly
[ 1126.055988][T21853] 1423249 pages reserved
[ 1126.060282][T21853] 0 pages cma reserved
16:18:17 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:17 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
memfd_create(&(0x7f0000000100)='%%Y/+\xa5!@\xc8/\x00', 0x2)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = add_key(&(0x7f0000000080)='big_key\x00', &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x2b, 0xfffffffffffffff8)
add_key$user(0x0, &(0x7f0000000440)={'syz'}, &(0x7f00000004c0)="004dde0301b3d8a52150dbf7f3649aa4a133b1b47392870e2defc66e389f1912e8d05566b4faa7040cc60d103d385210cae9cc0804", 0x35, r4)
keyctl$get_keyring_id(0x0, r4, 0x5)
r5 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0xff)
ioctl$SNDRV_TIMER_IOCTL_INFO(r5, 0x80e85411, &(0x7f0000000480)=""/180)
r6 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r6, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
writev(r6, &(0x7f00000003c0)=[{&(0x7f0000000080)="865d164327b178f37f7effa89a71a41788281095fdb17b808800f30f06acbbf38cc44be7a0a537f23777fce1634a75ca435fad5509fd9698f6ffc20f19d4e21f95721e4399bfc5eb0d197ecfa58f1259e13d4e903ccbfcb67f4570a4549921bbf6de26ac18ce5674b1ae2d9199e88d83", 0x70}, {&(0x7f0000000840)="5233fe6c1b1daa46d504905eccc2feadc2556dae998d069997c9f6b421fbc6c06fd74dcae6ada622796e42bff0bbcb65075706e1a5913e7460716482ffeb959b3a2533f4eaaa1bcfd123ab141d3b8fc1739be1ee2cd37adf4c15c5d76d780f49b3afad2bda9934fab0156593c38b99d3c6a98e3898e498e19dcb441a1e76eaa6f7d7a18c8445d4ef20603cc0cea1b267ba625f9edc8e0d69e234579b8207dcfb8f524bd51b2ac1e2c6428ac8b01c5e97cfb5bb55a3e3830face99935c230aa21d4ec97d4593841f34a434cb002f8d8a143f76a43f0a5d9a4cc9b36eb2059c666f86e7e0c0f44b43ccf5107eb7f975b71cc788c08060fe2a864826cfad0139a3ba50a0204c5e0c7f12cb483e026a081a760dec5d8ff98d244be2e881451752faaf9da69ea4ed400430b78a0abb4851c41b0d2282783f0229d3e70c66279e40a15bf0e5acbbe05d155fc619f7d11657c960fa17797de09646e5c170fa3a0bfecd29e9eb291fff72c9c42ff618370165067ba0e09c7f24cfe53f6b323f0af052e2936ed54a7c509ac04483ec53beb90c2bb3805526e36ff71e3a78b80175424528e8a96735dcafaa518c12f48dd12df5ed0cae35462fccca43f88365209060c5485bfc516162a0ed562cefac6c6ce01b61b0f508a8face5e102584caea67b7d3563785757cab54faab9012dd5a7717d6f0a8eaae6718b8d445cd740f61f74a7a8f16e7ef30d910703f1ae103e5f86945e82dc4b41f53b3cdca85477294d23854dd6b15e755dcffe5be15d9311a7a9c4937244b8a054f86852cfe99a8afa8df2d3ac7e7bcfdfa6c861c6f2d7928258580ab72d8d65ce7c6c3363eee5ee22dedfc8ceca0d0e93b4884f3972ed76dc669e6cae270c4c4b1e0691c36538b3837f36d6c03f07d8f075986e77c2397213ac7b6b35813ccef939047e0d76acc0c527812cfde16bfa3c1851cf420652a09d53e3e5c62a6c85a03145d9f12e8706b6552129117f770f2efb31c65554eec91595a0e01a2f4dfeaefbc2ef722d1315e53db9a8aef3b1dc0ed480d40162950d7c472de5efc6d8f53359c3b88cee58c958af4e78ff5cd980029c4d700a9f6109a63cd33e77a72ad397f11416b0db4745019031b5336e731f9b2d7d3027eca1272c46fc2791ce1ba26503a9a2287c947e3101702b8ce1c2c5af99aca52121f0860a92e863a0250b84d5ef8870c5495ed16295f394b0c130912baf445d5f1772c515c35f8628ad8fe60d2b86cd0e68fb01c7519549668990f79b1f1e4a9c3b06e467089c788793682e5ce19836ade8889becf7b6902a44db088cfe0b597b6e162ad22ba3173b9e5802d8467cc02c5915f6405d3fb58464dcfd85975de11cf18f0b76cca689e31f883e017bf984bd0877de791bc3ca160783f5c3b8a8c738b1f34e0076ff74e0b4451f130e46647b8de3ad61a09abc6f863a35c02effdb7abb3636db370d1e42e2b03c7dce418cf840f16a10b39058fe3dbd40fea5c676e5aba20e1402474dc583f903cb800e7f89749a48a3a97c5fa0e826e557b4ae63a455523befae707bb937c734513ddd097c621810fbb13adad21e191915ddf27a1fd687bd58f6f47570fb0325cd688cecb2d740bfe99b1136378723edb50b86682ba179a3ab8ce5088e1e29e5f00372ee3337c6017159dc48f7036247d424425e28847a0bf445026dbeb8a9aa85f9326e48605d3909b1f472e248adebb76195b63319d0f25cdfcaeddd91b1271b8b28214754a5138bada367c8eaf879b49aea7146f67b8a8af486f94b53d67d2ec737b63de572b87581a2fc554cae823865de886ace2d8100448660e6dc0bda660508f10a01c2ed8cfd611e9db9f1df38ae9596e0e60907ffb093ab884c3b6c3cc09539a4f8c0884bcdaaf540766007d84c550fe21e81178fd08e6b2678dd593f1a6c3a51fd1faaeb3d276fd793b7cad19eade7a8dd6bbe4ccef0b281fcf2b00a29f3a355671c884e8aac27e4e41b9f534a98b4d954fe6c06e5c2a204522988f15faeaee5c020aaa51cb872e951e4d97f9da8941024bed0945abd7c6e038738365d9508a88656dca0e7d9b22fee49d459c9569186ba2672fc69381c20722eba173e2fa41e2f1b9843f22830776e884c473ad5c55c4e390c1b27252bfa3118545a4cd09759cf9267824184b03d275c637c3921b224531045e41999de9bae4f87c8b5250ae280c56dde3ffa0ac5c3da9171c4e724e29a0d38ba3386443d26f8f35b3232529f57c58322c37baab30c41ff24e588ceea9746c1fe4b418aa9869674161eb1d19cc6cbe2b82a8dfef260ae9e883ef6e7f68733fae2f85b695288cf3499122aa6289a487c71dd27eef03f3df056d1a0d84ef876308b95d871abdde7e72061ca2128749ca1168245628a2a38803c9fc2520437fc0f59159771a9b18535165da725f62834b982cf348f9b871c9c1529d7b5de3044afd3955c4aae3314173ce6b60969c77a0f0d0d9f70a4435fe4c59ea75b4597d2c62429fab74fa1547950ba2908fc2350ab66f7701d2e5c78ed799dabf91bd4da86ad84af4368e7d1e15caea86a13818d19f7d88c7b26489906e95e6b5924b272224da82dd79b76ebf51c9ae52f7987ad98e65d9a4f2f369fac8d45a379491ae25077a8bcc6fd8a8970c75b9bc5b35d50bc43a14896d65809ced9f4a71ca0ca47cc273e8b74dafe3a15a3912f00e8b875c0f74416f923446807e32ea80a8d32a1482c0588af3b2bab7ab1ec0a44d00f80c2fe358b18e80be4c0337571ac40a98c2c72a5ee6bda6884789ba9da135023e2e74d80856f04617b56d4c4444f0262e780887381b68c8e3827c608cc2c1cfbb9923a80bd412ec9d26761d59a8f5d673480f5d0b0a4c3cdcc5143744c8c1b654277e3dc9be308337ad316f94e392cbaf4e4052474de20b694af4a0fa5537f72b17b6e8637de31b2bb2baab3402e243af489832ff5aded5402b14519028a883f4bb61476d8a44624c33330f15f417db394c9bf0b889480488bf9f95edcfd49dc826591fc59faed59ed06a9e80ebf19c4a234d5dc7fe34526e0d283ffff8a9c6538250b21485037b48facd98ab6129bf6f12ff37e89541f1b37c3391581486252b5c40ba7af3cbb7c2bd05f39baf5dc17d07f0e3fc0349e7e7ffbdee4470e720c8c445600a3e0cc89060db69190d19b841ec5dfa9e9d8f8d4961468fe6a6dea4ade595daf6172f5c97e8ef866e11b25932c442812f2681e16b0f3c82cf7c204fa094a023b323bcefb4e08f106c651c318759b8d7a4e45948d699130bd1e4562617377b33ab310653c52aad821c48483c3218510cbd1e51245c9f81160bca9f59f4a0197229f99f14d39c84fec7448225a066fe00e2d27459a9d13ed5afa5b65ce5efbc13029b7f1f9350496a457f8d123632fea403fc2e1be3b49b451522241a6de990d6258a62cdf2cc930ef58233d0f8885cd38f9e4c722aaab46beb92f99488ed78d8ecdb88bbec8c509dd8fcb6245a22c6dc86eadc745ecf22cfaff6e522cd4132056d6978ca74d59ef8600e7d8bad8b382e2747edf079eaa9ee592798a11441509f6a20d1c60dc79421109f79f8b920b5ee65f9d9da043307b03abb22ba5552a7ab32ada7403d6e4693ad9376c90267ceff1a60da35373e9b2cb191674a6ffc31c13e953a710e43d55750d20a849e1fbea35f03f9e9e6419b3a54ee17f3c565b05ce0cffafe4ac2bcdacf01a11291f3fd248c66367bd9f7d3d9c7990ae64d2e94c7bf2355ac06db40d3c9427165ab3631f360e496d86a87f133cf8d76a839fd1b6211f70749deae5fcf480775c353061c9020f46fb2f9072e3337ae06388c69cfba6dd3f088b55db9da60037e22e124ee316224d0016b8c124e6dad8a7e4aa3428c6c35b07b44b96da3aba1933f561aaf0a0391bbd6d79d059ee109d4d11dfe3d5cb32ab336eb4773554f72d6f7b403893924bc2285424158fc4596c4a544f9eb30d231b19c871a26935f987cafc24636a3ae7c959f4feb5c9b0494c43f8d47d7c93d17396aa602a7b429db59a926bdf6d06ebe1273d244d3bbfe2f76b87a23fab4ca7e6091d2c5c8094c17374ac817e6df8362b165fd87557c56ef5141b74227a0483955eb5c5908304ed3da8240060649ac187c3c3519e712b82f68889d1669dd3467486c03081a1d8c07b9a8c08b09c870731b63e96fb46b99e7616a637c883699c009334f8df5f587c9c3b6af8a6ab28cd23daa69f4336970265054029d37f0ccd1446351a4f667bdeacfc0a1494746889a41a42fe00e82d5cfcc0118f6e0c484665faea37aac0b1114eadd596ad1cceaffacede1afa35ef849176fe52cdc6614ad680f1192ef31e8fbcb1ed81bc6722bbea6006ba9d9d69a44cb49e1045b940d17471a64dee3bca9822061cac575ff111b17a3555ff100dbc27c6dfa875d51013084203b7675f45b78183fe9301250ae945874c4da7602b47ec19cad6fb3198d3ab2eec4441b031fcdb853b976413211127e8d29f785c9d1b62e3a8e71c744eee6897a701a7137f4b2a3f6985bb9c8e12e512ead9e326f0b940b8f1e70d7ea987b616636964a737d3af9f36e609104acc03be33b1357cd9e82a010e5444229e5e28e4485aac7fcabe18c0b9a449098d563a9aefb52e8b5e53492f9cdbcab694d9fd420427faf468a5b932f17258711c8f41948b5c1ade3a9275d673729253fa0eb88624bab8a1352767c0884d36e3e9ae4bec39b33e14cef736a15b21a9832a7dc29eac9d95d85882d741154800e5f35c8ee1ea77a7dc4c67e533e5008122929c45202eac8a53083b2ca207173c0720d23b5c6719462bb9b102d6d29d470f4926030ef8efb7dd59b311e93e2e413518612c9f2da10df1f97d40d35ab814f7e594a8d149fc1abaf952b5f54f875422602f15a6bbf53c67f677b7b2e2a8310744741c023f475a78e8642eed3a6f5505b5d49d16eed9c129162de8ca1459610e93df2bb983c334396916914e026fb8dfe32521ec35e6ccd702c047a29120421c4f02dcfbca7057074cdaeed6384c7852bdc58f3cd8006eb393debc6069b9f6c10d1d22758c6bbc725ad7cedfcf1a1dbb211ee95f2567f050a39b2da8ea5bcc42b1fdf581078819b9f37af440b5f095120ccf98049dac85c2345442e9d18454492b59577818953858ee9a15bac9931c50d28d6b233a29e27ad899b12af5d5de9d52f7532d76950d65ba7562ef578f0469ca338709c9958d2082a667aff983e882078dd2d3ed1bddd7891b835c7fb1180608960fdd26480d28772019959ec45c65356872195e2254821e78fab545e4ce3cf189fb684fe7a885bfd57df8c335a0edd86003895a3089f226f2b32362786d8320bac8fe58fc20d154ccfa39351ee306cd4cbdc9eddcfa4c232c00b0274dbcd02f3514c7d5ae9747c08d93dfbe46cb21d974dcf3a63ca8a687427ef24773c9408e10db5527c2e7955b84d9dd34133cbc19490231b9d1e7ba0fbb5be64c33645a99ec97e4373614780d3caa901c80a629eb0a119d2c97a1ee68ee86335b29f571d86deee3d5337373eb6371892d5ce6175f8a138fddf3ca17a13f5a39782cb9c74c9de38ce0b4aadb5df116be1001132ee78dd233a65e6de5a259e87cf7fa68dcde956fbd4a94f82a3f6f4e695c01d4aaa34eb63e8ab19c1563a3c320addacc7d3771c5d933a54e0d33204ecd528df31762f498f35807c40239d0bebb27056bb94f05ff312b6821827066c60ddc776f5218c98c11fb73b619240ac249c18a414336e3f378be2a43f1c3dadfe359595500444b3754", 0x1000}, {&(0x7f0000000100)}, {&(0x7f0000001840)="7acd4e134b80f6768bcbcc6765bfd36f0d934ca8825d20b9c95f195bfb51acecd3db4cecf31fe13b36381786a9e97b565dec068e50b45c76e762558e3d6052fb13e3dc95d364ef7b46e99d9a4b34cd244ef0ed51eb028efbe27a4e92a5cd4aba4340a34a17073548e939f6ce436eb3cee74495456e6ac5411feb15f96e9d565132ccaea6131ffd7f916fe02c21a23ae542b9004c439435360e875282ede6c4542a18fc7951a6380e71f1676c2c74af15cdb9f58b781e748a9e3b6f400b09829610a65d57f7be4be9fe6188e52746a8a080b73e0f87724721d8ec4d0940ab9df3c346bff47d78e927a6b35a089b2e3a3d9f600e1def77aca9fd519b12ac6269bd9025c72895468a3fb4873bb7b5e75529e83e03ef0124e0fa00e6fb555a8cb186936f0bb92ca218e8b7225b392d4f1da62608fa30f3c16c9e04231412d2cc167c07853ac35f7fe9713dbc11ecd6feeee5dad129a8b7add8cc6eed264640d3764b169664b792791369510a3d3527015224977754df0731513779a30bde89522a0eb53478fa9f08565c26562129717bda00e14f4d54cffe2a0f1cbd07811a8990c1189ee2f6bd1c012319e3bbc6f6d84a36de5774e391b1314b9d4fe43284cdb3094f46e5ae53c4bc58177ef0191b68fa995420a77085de4b1d1da4c0f6cbc9a0901d77b1a7ec6608b6df238045337f1bec5d2047939f20c6a0663165f61dffd1fe5e4c3bda9b27e9718330f7ea20e083b88ae3b2bb40f83a22330c8effb9eeb713e40f436ea9502ae02b2c4e1dd7caf377946fe77b0c446ba4fab29512535259dfefe7933b742aa45f17c34e580395a7f55f60df8fc4a3cb21c54deb386c82ed68b329e47528ae2364973a558c05144384de633ee714b233dcc86b663886d3ed25ffe46448ffe86c876f912ab4c704a887fbbbc2c8affc7e3ebf7be55e8ac477ede4bee420b8bf7971f8ba5853b5e7addfb206f0cef84b18e49e6875609441938d7781a28cebc6f91b84941e28a1379c9b4ee58b54191806db432d785eb672ba2c6603c6ba8f835edd8dfdd1e29805aee3491ec4f53b219d163e32a66e2bf8d44504599a993ad72e3891cd9d916bcc159eb754d8b3f910b287adf27102f3a377935ee73aa97a8be23884bcf2b546628e38cb231fcae1f07202cd78358ec975beb6bd536464f3f56c125855bb31408e8ff940fd0583b320d3a1b1b3d6fbbb6c53381a278974d54ee380a80104a01fc1abd5a6b619e69909a8244a9290af18b79ad6f3ea1c6b892c9bebff23a49387a479142efa1558096c8771ab84a3fc81dd80af0d357e2248996dbcfbd067bb5d78aa52be0d669bcd918be85e1f0099262c33c47517bd83480bb46aeedb9d9d61e7652b05cc60a9bd3cfe73be8f72a77acb4652cfc6df2b5c70752d326556eada91739b7bb35896b9ba927b9b947eec6c29c7c7822c1481123d45b6faf9f89c46752fb29c793d2b4a6b22cc887600215f1fd565e59c022b78b568c9069d0c8d6aed3cccb30658bf88c6a8ffdd44b2bd7fe6f2abb07dca0b30e9a651264ebe690ee4611bd705e70385ba95d243bd4cd831118cee467bd8a1aa9c9256d2a89df6db3e25de1bcde3c96d1071168c3701be8ed7d48fe5e925c237c3ead45199b0687a0b2f2e46db6529aff5d1969e9435f8e5e18369fcc2368982adcc9f34f9dda69229d3e010ecc542c513ba3309e709d43d4ae15d7ba3828f49f1f52222b3ab06ad69b11228b4fed1367be87dd5541324714f0c65106a1460922ac46e04e9443aac2352420d928e8e27daae34a817c4e1af517e57595fd41055332b8b36f4e734d41a0979ce72fb0dcd2b21e31f705a8dddda03a6343f0528f24386a761a69fa159fbba234a71f01c437f91acf77ffcc2ff2419a2cf7ac1e743e6a336fdaf274bc32eca3cca7472062ccd00e484ccbce961e3296675729e21dab4f327a0e14eb7a446b043421e2ed1b15d243f4943aa909953d284c655775d544f49f5d27fed47201d10a0b204b407b2a9c6b74c872879dd38c2ed81aa3f591e1c0829ec59c6768675dbc3670245e9aa564f7d520af49913e661ed0799619b91a89463350d872995e81f871495891c98f21640b5b362c4bd4740a4fd451f87fed267e7a17ae89bc8eb643b5f25c21dcc199b6ff3a8e6c6172cd360778cb4d7289596a90510d3215a59a33c64c0fba2a2e11b89aa368d0d6108df7e908bf54318829510bfbc0dbb744305087294e8c364f1b64537d44e1a6c9f4d89ea299c4d8cb8acc4114e6ad65372c0955627107aa1d5623eca7c9b93748af64c69def685437284fade7d68035f9196c6e0b29de88cfd807b9ea103add67aab95df4549a7871a272bdd55d1157ed61f868a1e14ff23fd4f273a843c6c2e13c9c01d7d10e4f058fbec060af0365d3f549af269adc413b4ef4ce73831f7871263213f40a3f0863cad2126ef01d0d839c47cbbea63cfab02bf209b36cc16016a7804713a57c0df82c667d9651bddcfed768680626ecf7dd068057cd773ce7d4c5560fe95ae45cb98b8d068d04f79efea0de34d3dcf79ebe2c99f910fe4116b3bb71fdfe64f459497043d3c563d3b77121b07338e5d2cbf01ff6b64d3e07e0b81a8157386f47aed285fbb2e7b0efa3dbfe15b1c79b8c4273bed55dcd52f1927d2c91af52b3866aecd609832b2b06fad7d03c4bf64ebc3b06455a36a380a46dd6237ca05e6db902c13a4e2223e425ca9919ef506d0618d2619c61eabd918d03a9778ee004c0658e6c6334cd661cfff9bf950933490833db2f13d80b9c2f4521987a6ca0c908a887807dc8f2d36f0d63e3756a63f6e12544eaa7cf665d1809a23aabd8ad13348b81ef4f891a0887eed34110a2a092541096aa63a13ef01dff91692daf830bfbc8dec85fa555f424df9435810bc62447e599c1a150bdb5d69635f50d8147dafd861227f46fead18387af98bc2ccb46902e837aad7b9f09f1afb83b7b7184c53165bfe26e9a0e54d6ea96a6fbd073a35a4c1948998526415422627102059e8d050e059bee5f265aff78a72cb0e2edaf1cdda47c9560bcfc0c012778cfc934fb5a804454674146078f37f89e26baa5eeda93f81e358dcb77058affcf71a891fa31dee46d3ded86c15af6c43fb2dcf1611c6a82d4905fec871f4448a9145ba722a15c6af37ec1bfd22c553e3b04d867daa791785f9827b3031e3c751eacd36eb8915996f75d6594b36e7fe70423047a8e6336bb56e1b3216ddf5ac00fdd227a7190932626693401de0383c386a2ccc61de84d041dbd2e18d903ad40ca7794ffc06340495493c3cfadc2d429c23cc94ffe07e8364e1a0e1357a2f3ae4719034060b2ae26bfd12b11f0c7ce9e8f93d377bbb23932c672c6578581becf5bfd0bb9ce97b6f594c590123b38e311134f46d97b84a3bc3235e76014ac063c52aebee142a3661724c0792610cfb372592943022ace1670545b1d9e841f7ff0131f7de3153689768e19f8758c56b956fde533602d76745293328baad9c2ed73e0d1622fa4f7775758ee138b079e1a2c28d56041e5deec62b04da56540868a3b61b7a526c583aa62a2adca5b9738e8d58f0e0d4064d173cb33593813364072296e9313193ae3e1932e9bbf294e6dd90a5519106b72a56bc23a0e64c03123252c3df35385deb66fdd71d6b00177e67780c624db9bd0f5b83af1240a10d7b7751ec59ad9ec748989d785c73406ab367644cee9c9a5947159489a51002b2fe05927bc2f16ef737480f1926bc8ba8c5525f44057b32ff1b4217896f57355f8d16ed81ea49711d6f196dba09220c8f3ac4baee88f6a05717126e0c4a05f8317b077eefdcabe1843808df8defe6972656ea616ebf393214d514fc200133039c9aec92a68f383c0752b8c1030e268e6aa526a1a34d3bf113c829bf3ecb99b0f8708c592fbf21a5b9c762340ca0193acf4887f28522c5d9401698bc898206931611238a857279ff77243b5d0f910d0097e3d04a1dc3b948425a566c6238e88363892a6722eb0b0331cdf105f30fbce46ec96616021165b2e2d702ecf759989c31fb45b962da983942d2a8caf8856c8cd8f47ae8931da15685fab44e0b948f8a1d606067621e1544b3637977fb1ce62ee2ea3b3efda78f524c7b078aebeb084a1ce39a5e06be5478383420d861c6ab52118ccfb2104e7e49529bf37d4f5beb5786bf75a82c7fbcfcab81f97d6b1ffb2504ae64f0782c14269ca7cc3446b9545ef04143df203e7ad61c8f446e497a0257b72acbfdc69afdcff4518e7be4628527d82b08ebcc8e3b4f1b4a2a9c0b455efabdf4a8b1ebc4ef44529b2e677abe79017cc64789247d01f62da8ad019d290a5f5981a69269d8a97cd7df696491374cbb9cc5ba0e5733e6b497b9cfcbfa447098fd442bedf478f02a6120931c0ace6610ecd76c1c317c63d20a1d7d2d16d3ff5110bf899da942ae9e86590e5cff8c079ff0df1610d2c54e3504c314e638c6862370faf105b9f325cc6f0a1f9d18e269e941143cfe1d32e0ed3eb379dea857ec20c8835ba6c15477118794b7cfeba167b9ce89debc0cbeed4691ea386cdac29b550aed23c196c81a1544c11682237c21ae230941e0b3699b0b5ee5b7e65b0245fd2442a188e59c717af15ea7cedda0af61e4cd174de7100c1a3e0ebf4985066e14629de5f774c22e93672db837e7113d9075c573978e97a5747c5b7abc566055a0586627b6485db015cb42a5ce02d02ca6f945144d21a114b1ce8fa06d73b7c5b661c2675e5b9224fa7cc1780e9793f569098a9e5bac161eaaf1c354a0bd2309355874caf13ff755a4e8a2d907af1d671563334a0e10234226c2c1b71eee0d8c9e82c02a34d48b0d918f5b2f771f204aeaad9b6113f1c4f7579a600f13add4c6d8b2a72b3e1083e5c3c4409f703841f41d1c0d3dbe81598ebae4305eb055572e40ad487171d9ad147240453944006a4cb9b56a5585dfac0dcd79be39119f09ab04985f473e8842bce787656fa2d2644c61e0bea1a7463a15aaae1137089488f3c1eeb380289c66595eb5328c0ea4705df4d3d746117631bfda1560ab2456e236413edab5ebc4a2bd421b4990c176abbf46e29b4648f5c334cca510b0ee480528e3d1c442dbe71e7009025c0b84cff8df9ee269ae33ed97e24044a65d8453f58db25eb13b891f9c5a71451f2bce5f362585fc9ffdee6f40ee824d95a47630ba7cc0970ac5b4e7ba9f19052c2648563ac929643dcf8168bb40a44b5f272abb90b9482fd888568ce1ee58772d7d1ae113e4b2b01ec45dbb7355f0e0426eb544379304dda5aae60130f81414f38d5e3c5cf61e1fc458443728e21936552b710b878ebdb3a7700e7904797cd8985b51f308f3ec19d55d6571682ffa9a004417fabe8414e43c6562fcbe4b9d3e66e122aafc41c14acc6f8ce689acea49ee9e66d13fc668e1f798dcda9046039c2ce3cea078915a4b7fba68555fae1b27d230ebc3bba9e38883232be4663d252b4cde8d8ff8670cb1e8122aebf339af17c2a5908a3d0c413cc76023f61c2a496dfcdd459591850278d148c921c510d7ccbfdc822fb4d77deb2355464c1f55b9c4f264a6475d607506ac57e755fc6b6ea9a69999ff1bf12aeccb9b2a148cb5bc66c36dbebdb1fac2d2cd34346dab8be01cccce3a3dea493c267a10035510183d92b94a1dd3ac4df63828b4ba0a4356bbd6cb117b6cc9fa79df4af92dd044b9727466cc4b9256723b5815ba62d2705c13dde7ab0925bae1a59344146ee8572bf43b3a717c58eedca12221fbe6bc8b7830", 0x1000}, {&(0x7f0000000140)="3679d83cef0abc3e4939fbfcec2f82339fd11df87cd3", 0x16}, {&(0x7f0000000180)="89e75ec0c1d53e83d74c7d2ab993be43ab114635819775024f101c8aa12a2b6a65f911eb376254731683ba55c03111ae904452efe1a3d04901e831e01982d9d754b5f740aa19203428cbd3c3dd2dbd0c6cde072c215c80522eeffbb919316b4a0981ecfaca75e1adab6f40313a48873e05c6066ecbb52a68", 0x78}, {&(0x7f0000002840)="d3949aff89c2f7cdfa62c448c1b34a6358730e5753d1c81cd000479b2d71636f45dc24698043439365d336307ad84f6ce500fddc9c74aa5d5ce7fc1467b635f35eb6aecc61e810e904d29b9088db4b9ea114e06c4743c1c9d3415b018d1d0a6c91c458a2cfe13d470c36a9efb6b4ebf3b946cc08fc16b49f8c245bfb539370f65cb4630075721b1432425bf43f275fdbac234445f67d026436581d27318cca3896ff17f830acda0be136c5ae70c1d42501c7078c2728b19650521985fe6f5845042230bdf7383c2f9bde800aa189c75113d7b25eb3679bb8936c8ee7c1adb9261e439796126b1bfa2ffe5148440dd7d2833c3d5d50b146a71747a90270a5137cf11a4c7372323f751d307146b5a59e20f69bf4bef6a5ed403bf64009dd52384ddb2abbd87818e29fe890dccacae248e15b69326ab69f99fc585837dd78d738c5729157e43199df18070281951383a760df2a52d9e0ee9ecc50c83f5a4d3ad50d706f4815d9f2cea2e59f0f953f776647930bd55bf7dffa7adac680c7c36201e12be1fb8713406d6f765835d6671d8de9d5a6ad90d1ba2c8e89980fa68795999a33c1dea61867d915411e04264ceb6d70ccda1385e088d8cf471ba742075e9d754722c2ed49b3a0e264ed6950ffd6ab484fc16179f7f334295e1e111fdbbf8244244a552ae89bc65b7a69aa11bf0e2ae3dfb202db4124b2507bc674549755296274ae67a7c249c332de7a9b1c19f45f693c232bfb03b7852e57c100bb479ed77f3a7874cb12ab9c2deb54177531a926fb2a09e7c74457200ec145112ef8badd01fa8dd57d74378c94c7cd39e489e8186a00bb1896eaf79f4ee3bd2de927f23e7bf47a2adb9bd8bb982f1411010d989d2e807ec69be6a20e9fa22d3a3c07a3e7ac23b774559f3a735f4e11f6fb9f12cee7e128bd98fbbd9eca57726c9d8c9d10eca084720e79e1a4306025299882d2333aaf132e25e9d930ad569c2092435658fe35257ce2671dcfe406f00b5df6f25257bc142bbf04fd522d06bfe8bce36fcd08fdb2c2d7eb1308666bba1350463b9a2e67698f4ba8eafffdb49790dc9e8946c0e2f6aa32871c3094874175e4166c7b2a297c3b8fd074e01485f8ff9a8c7239648b6ce023333fe6210cd7cca1440fefea57ecd72833ad64309a793bd922eacf453fc2a0fa335f514f0c138d563bd08c613e38ea252fbbdea3db70d0aa8a9c640a854d2e8bc9296dbc7e5403e38fc6133516e93820808818f68f6f1eee5445e579583b563fb4c942f72f7ff7051f4f84421656222af53937cbb785ee6ed3d8d84178390def31dbd6a5cdd808802134fdef16f25d53fd18adf4f9a07f76d257dfa4a9f7290818b87c164d66326009aa9deb0a0a8074c26198a9aa87b8cec0f8d47d38b89b3fff716dc9853c9650da7158a3aeaa42939217a191ff7b619ae6dfd6cdf0460fa7b28200411cb8bedcc80bfa139bf67c8aba5fec77b02f837c43b4e1c34dec69844270564501ee48fe7138bb8826ede6d8176769453f1ef7a861c6531434ac17bfc4fa09df99458bfae74dceaef7419de21fe5b0cd16816825ac6532010fa5dfad6ff2edbd1d778de99ee905a02db14831434e58c57e7e0f4a8167454ead8bb44acb1db5044aa7e44f977a41108340039b96d4d7033d41adefbffc517ecfecd3976181cefe98f06a7856eb42d8fd91cff8e7d029ba62fac2307260b0f26a40cdf82bb8b0dd090aa18d0f70856023709310aa26581f4388a33903f157c1a37f5f20ae35c1e6baa18257e18edfb5a6f65097fd9d3bc43bf2d922edea5df82820b9bc74364801b72813e36d191a85e11e6bf981e32f57de3c4a0233210a2f3818d8e3a88a44f268bb8c796e950b9ed779ab6d81959e5c04eaaa2b6d3f40b83ae8c4d2eb1fced5ff536f3de3fbf5bb7dc3f7c0aac4f7bd77292129842e0eb1a5a17425ff4f7a370f8b657e91278f5c7d4a34af21500673b51d12195cd74e910d0ed47c71296f659d4a20545a71519d3a85b4e8f8304d507d8680073a66bf80d2243b36fbe824e416ca97e9bf4c5d8fb6ba1202524024a96e689bf414bbf5c8252b1d9821558ca70e66de52f68695c7dca2604e8144ae404d27f9f5d2f4e9de9c7aaf47d9ec1e889e3a8dc28987336e17c6a95459e500786ca90f562fbad058eeb3e58172d343089d4472fb57ebda74eb8573b7d4222b42a1369fe53b4cbec47d0a2783b1fdf97cbd109d54acd10d1439b98c9b444034ee79208a4d724213445673b8abdfef5e24989a3a849dc6e3ee637d7b56ea8cb0ce5060ee551dbac9e5028c6baa42ab0513763506ea357f42a9a7212c2f85ebc72a669208a93273eadd48e7cf772078950861fd1c84511760747ef3e6ebe3da6faf8494f2811bae858649524578e2010fe695098068540815b6c270065a1cabb63a657eef434ff14e6d35966782f540fd4221fc5239de1a5b23796e5d60e77a1a0b261eb05fb93cd4435391ed2c6c3648f9e73277917014046d1e9f15451cb0f05bc94c2a4dbeda06035aeb5d0bd527e39869d62166427292cde9beabcd519c8da6036074e55b08de44b4b97e9e6f85ff354d43c3ae55c1ade134101ad1aa0a1c3c04604aa1450392b09498da3ad00527ef8ffc786cdb51f8b93aa60ab6491bb4991672bd286ffabf0b0e1d39f08d338e67f663435b6f373faa046d86ec8e7102e450c037390b3fae7bc28004d4b9c9dd30e5f30c763e3d11c256f355510cbfd49af20c298ac392cf9a5d43c6d10bb2af6e02f3d1d57d106a034a4112f03ddabf8610b732059663b9ba58369505aa96e3c5c6cbfd806bdf4eccb86a4689d2fcb3b2603415ae112cab69314eeacf8a56dfb75547730bd10ad90fc90779e55cb987c67f6739b1f82f95d79159d6112e409406266136e99a1c6abdbd6ceeaf4bfad1520104ca3621373ab8f90757cd22de449c0ce1b26b6bf1cfbae61508ffe21ec54d5c473996a33f9f495be458f3bec992ba779222d3287971aa773eed3420d17e93989f52a826aca9e76d20277d898c2451de886e15134a6eab9082d40e13b975309e96487ea72efcbcb42bf138e987edc0f4ee15e40b1854e8344e1b4915edb8575170407eb9528167350f9e35406ae36d352d91c651a6803217d99ab05ebb80ffcef049ef8f46f56c90b5ec549b43ee35bb17a16884d80c61db84651af172c04a57ce7430f456bc96b387e16701680414b07cb867c571a12a5c173acdaaf906634c47c98eb9579123620e805ce76ba01ccf00d08eba0de6574798b4f2bce47bfa8515a585dbe88a9f5424eee4ef483df34e533ea8507d5bb32657683e483ce96abbbd416ba74034224bd44174362b17ad7fd3d8a9aaa7acbee9712974a4ae255b07a1dfe1ae2f7ccc96d449c25c0369e76aba06941ab97a93a619ed7919173328b2526dca1df18e23640f20439313eec37362459e40550f31cdcffd9c4206c4f1203f8f5be79dc9e9810f89ec4f3ddc4854c9dc1cd0b20cbc0e3fc6e850f404fae0f35500c110b28f5051c928e3ed237763124bb927cff1fada16a17ac59d273ff6f350ada83353cfe1e0591fe3cfa2a63d6445b36e0518138a09d8ed27d602f720da077cf9950cfe6d22e94580596809571d1d469f235adb6474ffbd36a6f1b1d3020566f174c83e8edc9e5f89a0a942c58396106529b442099aadc1e0a2fb9d27640150d5fce68c021126f29527f43fb22ec81376814ffe2ac4b99e2ebdf19615b885d0d9407e3e17bf8257b538b54bbd3d8b79fe18ec3a38848495bd2e566bec34f028cc5571739afde70f575eb4400a64bdd9bbedab75386c0e036159604b0aacf9e8dddf9e6b1525c2bb66d4c13b834312b8d4594840276e43a9bdcdd075e7a77103c9799a79dc36bd4f747446e2834e08694a2fbb4311245fdde1591dc20dac91f3e7238ca525cb4e8b01b35d1c2d0bd75cc6fd1b881dfc296e0c9b26f3167ee3ff05f06d4e23283e19580a433725b1a0582379c824d708d34700005936f9a10dad8d958fea9150c99a0024dbadc8756a8a3ffed5a3c3f4f68fd14aea011039b38a6621bf68caea02af29e5b7ab1ae0cbc7c1762643a33cded0ec9b8b40867bbd816a07a4b10daa20a109cfdac196e5473fdebf97c6d6ccb23f3c31323b6162c3666288b8405f276974defa21a5be2bdd41a5270998ca023b2f4c41c86ffd4bcf6519f00ff7497ae0452e7807df1fe355a3908a9d87dd3f9a66698b30c8dd6325c1e75126de1571309fad27b53a2fee3c8cbc430d4093caafd667a89df835f018255ad95320523268f3f0d01c9024534ad149f754597522689091c5a57e5bbd67befa8fe69c98a6e878abe9e37bbdf39ab3b211ac7b8de9108f0d5c05232a7bb26268d5091875a130b6352477bd49455a347d7e8f690133ca8e382763d2a0192312be93cdb6841c13da5e74f0276555ed21907f354972a3d829852bddd785215dc55cce7594668d815f2a55a4e35ea4c15ca5c4e309260c675748fb80aec39c4b39b3a6fe26a2752b3cdfe573f8bef872289017cbc2db0de84917da98490abf7bb33d8cb40ba9f1f5d05740807a9ec65f45e669ee39bb03190f03200f1c98a4b42fe40fc9b5476097509f1ed7ed0568dc24dad48c5f639906eecd0392a26f201609e22db6a73e7bd906341be9a75cf2cad313064e8c8c6135c94d501c273d1d3b28b0e762697f37dece65530129c26d753c1842d00d0bdb50a5467c5ecb222ff6642d4c8b89b14a398504543f887133e4fc9224181a3cd57e120f52e68569da3941570924b43550becc42954391dd7775e90fda1cebb2ad8b2076856807a64955f212fdcd5972b1bc3034c96302892679803f24f24d9c39d5825f848c9e846b524ef134af745aefa6677b24a849232e278b37884ac21a9904fc86c9e684327283d949507f95adddbc122fce85b329d6873d2a63cf584788c1e26ce38107f65c48c94d8b1afbe3dca522dedde2a601dfe392ee7cd5a081fa9fd381d25a384fc9ce3eac9215eb86cd0ee5e8efa950cd4d61bc30ebc681aa79ab2547fd8be7f32c57e3c422fd98076da6644254303b0a93c1ccb24e6f40a8199e4759951bde8ce72e5d8d3f21e57e3b7bfdccfbb78eba5ebcb2a73a8d1f536121a12ea14c74798a593fd6e5446b4ca5c96fe32ce30bd8b3ab8238ab6399d79de15092e7149e4e45366f78f677b4929b2637095a0025fb41fc0704be795b438340ca8d39ed8e7d3b88e256483d68eeccef0aa6d641d5e4de9fd0cc819db1a7257ede8edff648634641e51e053ecede2d73627176f14cd91f9413587f9af2388507423e0ca60bd5869be30b9ff735e5c9e7eb3710c6dfabb7b9ed8d309541074a33ed1d5f8ba5424d189739eda27815ad367fb8f5ca1831c2f15f557854f0f86f1725bf8138b31048009e48e5f76f729f4a0366c87829ad52723e4cb25cb99b207caa855271c8dfbfc2a6dc7c03b7a03f693e6630822147690b0931199e857f852949015f9e26aed0679ee05ee2cb9a2c6856bc1748a966435d6c452471d1cc826f17c0ff53202914dc5c6a9b14e2d1b56b46a39410d60cc3814fb248038290e2406cb368262255f1a5295390482ba67c09441eccc25fc261381a076f627a3e6ddeff5c8d5cabaf1d20f6d9f035d30166f1c074d170d4bfd83051c03af1f17c6a4deae7d97e98952f12a61125d80da3f5b63b0ba20e2f314f07da08feec946eba4b4670c3ae4a4bfe06aa213da4ef30aeb2af12c6a8afd46ad8501f84afbc1119aabc499f79fd8ab49b3bafd50d02", 0x1000}, {&(0x7f0000000200)="46f44534628997862a02183d3ff73482b6e6e8cf6e86f51bbfca67ae409640425b8767f872a8c351b022b11c85b13f13eb10c069d2ea16a8b89b460525528d6a1239aaaf6b740f8d988aa6df8c454652b05348fe3bd5be27218f43bc793e73e7b26cf03a5eb3ebe08eaadadbbdfc70fdc5dcbf729dbe3b210e8ed32e81be0ce00d", 0x81}, {&(0x7f00000002c0)="e08111a44c64e1af9b8cc71e38e66a403ce91ba00e004bdaaf1f08dcc12b3f98345e5ba059a23d8a0d70e2b784a88970bf19f648a84737ef838ca2a15744e7ff79d9923617658b811b90e4bf4375f9308c6bba315d224667db605ec4f21db1989329eaced32bbfee4c14af8d408f080e0cf61550f6565e528eea847c1b333beb531d1ec8f4ba49c84687d5f7c0529b5009e9257b91c9fa4e2208df20b9c7adc87a263fe3a9ef60a9b68bc92e60ba130d3bc0c05a8b9ec42a3132e7bfcbe0dbd99a95db75fe30f037fd9469b32993715ec0b474aed67d8115522c9049b978cc71ac8e48fd74d4ebfc5899ba1d6d04ddb91a1d7591bd0a", 0xf6}], 0x9)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0x2, 0x8002})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:18 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00')
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000180))
sendmsg$TIPC_NL_PEER_REMOVE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r6, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r4, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r6, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$L2TP_CMD_SESSION_DELETE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$L2TP_CMD_SESSION_MODIFY(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r3, 0x2, 0x70bd25, 0x25dfdbff, {}, [@L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_MTU={0x6}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x74a8}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x41}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:18 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, 0x0, 0x0)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1126.064538][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=27238,uid=0
[ 1126.079441][T21853] Out of memory: Killed process 27239 (syz-executor.5) total-vm:74980kB, anon-rss:172kB, file-rss:35780kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[ 1126.098241][ T1822] oom_reaper: reaped process 27239 (syz-executor.5), now anon-rss:0kB, file-rss:34760kB, shmem-rss:0kB
16:18:18 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r1 = msgget(0x1, 0x0)
msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000040)=""/4)

[ 1126.751735][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1126.764977][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1126.773700][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1126.774357][T21853] Call Trace:
[ 1126.774357][T21853]  dump_stack+0x1c9/0x220
[ 1126.774357][T21853]  dump_header+0x1e7/0xd00
[ 1126.774357][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1126.774357][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1126.774357][T21853]  ? ___ratelimit+0x542/0x720
[ 1126.774357][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1126.774357][T21853]  oom_kill_process+0x216/0x580
[ 1126.774357][T21853]  out_of_memory+0x181e/0x1cc0
[ 1126.774357][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1126.774357][T21853]  alloc_pages_current+0x67d/0x990
[ 1126.774357][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1126.774357][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1126.774357][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1126.774357][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1126.774357][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1126.774357][T21853]  ? debug_shrink_set+0x220/0x220
[ 1126.774357][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1126.774357][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1126.774357][T21853]  do_syscall_64+0xb8/0x160
[ 1126.774357][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1126.774357][T21853] RIP: 0033:0x45cb29
[ 1126.774357][T21853] Code: Bad RIP value.
[ 1126.774357][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1126.774357][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1126.774357][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1126.774357][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1126.774357][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1126.774357][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1126.953786][T21853] Mem-Info:
[ 1126.957047][T21853] active_anon:178507 inactive_anon:6859 isolated_anon:0
[ 1126.957047][T21853]  active_file:5836 inactive_file:52771 isolated_file:0
[ 1126.957047][T21853]  unevictable:0 dirty:72 writeback:0 unstable:0
[ 1126.957047][T21853]  slab_reclaimable:5659 slab_unreclaimable:24468
[ 1126.957047][T21853]  mapped:59191 shmem:7095 pagetables:6046 bounce:0
[ 1126.957047][T21853]  free:114014 free_pcp:0 free_cma:0
[ 1126.995003][T21853] Node 0 active_anon:666028kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123916kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1127.023790][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1127.052896][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1127.058169][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639984kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:688kB pagetables:2704kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1127.089327][T21853] lowmem_reserve[]: 0 0 228 228
[ 1127.094372][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:26044kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6800kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1127.125773][T21853] lowmem_reserve[]: 0 0 0 0
[ 1127.130343][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1127.142412][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1127.159552][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1127.174628][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1127.184594][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1127.194056][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1127.203833][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1127.213304][T21853] 27538 total pagecache pages
[ 1127.218013][T21853] 0 pages in swap cache
[ 1127.222431][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1127.228530][T21853] Free swap  = 0kB
[ 1127.232402][T21853] Total swap = 0kB
[ 1127.236154][T21853] 1965979 pages RAM
[ 1127.241476][T21853] 0 pages HighMem/MovableOnly
[ 1127.246370][T21853] 1423249 pages reserved
[ 1127.250676][T21853] 0 pages cma reserved
[ 1127.254991][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=20046,uid=0
[ 1127.270032][T21853] Out of memory: Killed process 20046 (syz-executor.1) total-vm:75244kB, anon-rss:192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:18:19 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:19 executing program 4:
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:19 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:19 executing program 4:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
write$P9_RATTACH(r2, &(0x7f0000000080)={0x14, 0x69, 0x1, {0x2, 0x0, 0x4}}, 0x14)
ptrace$setsig(0x4203, 0x0, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1128.252402][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1128.265127][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1128.273959][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1128.274969][T21853] Call Trace:
[ 1128.274969][T21853]  dump_stack+0x1c9/0x220
[ 1128.274969][T21853]  dump_header+0x1e7/0xd00
[ 1128.274969][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1128.274969][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1128.274969][T21853]  ? ___ratelimit+0x542/0x720
[ 1128.312138][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1128.312138][T21853]  oom_kill_process+0x216/0x580
[ 1128.312138][T21853]  out_of_memory+0x181e/0x1cc0
[ 1128.312138][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1128.312138][T21853]  alloc_pages_current+0x67d/0x990
[ 1128.312138][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1128.312138][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1128.312138][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1128.312138][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1128.312138][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1128.312138][T21853]  ? debug_shrink_set+0x220/0x220
[ 1128.312138][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1128.312138][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1128.312138][T21853]  do_syscall_64+0xb8/0x160
[ 1128.382101][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1128.382101][T21853] RIP: 0033:0x45cb29
[ 1128.382101][T21853] Code: Bad RIP value.
[ 1128.382101][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1128.382101][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1128.382101][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1128.382101][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1128.382101][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1128.382101][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1128.448570][T21853] Mem-Info:
[ 1128.451835][T21853] active_anon:178548 inactive_anon:6859 isolated_anon:0
[ 1128.451835][T21853]  active_file:5835 inactive_file:52807 isolated_file:0
[ 1128.451835][T21853]  unevictable:0 dirty:66 writeback:0 unstable:0
[ 1128.451835][T21853]  slab_reclaimable:5659 slab_unreclaimable:24467
[ 1128.451835][T21853]  mapped:59260 shmem:7095 pagetables:6042 bounce:0
[ 1128.451835][T21853]  free:113683 free_pcp:66 free_cma:0
[ 1128.490015][T21853] Node 0 active_anon:665892kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123916kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1128.518804][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1128.547874][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1128.553291][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639976kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:688kB pagetables:2604kB bounce:0kB free_pcp:136kB local_pcp:136kB free_cma:0kB
[ 1128.584838][T21853] lowmem_reserve[]: 0 0 228 228
[ 1128.589765][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25916kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4444kB pagetables:6800kB bounce:0kB free_pcp:128kB local_pcp:128kB free_cma:0kB
[ 1128.622115][T21853] lowmem_reserve[]: 0 0 0 0
[ 1128.626698][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1128.638767][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1128.655442][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1128.670552][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.680308][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.689824][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1128.699647][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1128.709145][T21853] 27461 total pagecache pages
[ 1128.714126][T21853] 0 pages in swap cache
[ 1128.718834][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1128.725086][T21853] Free swap  = 0kB
[ 1128.728851][T21853] Total swap = 0kB
[ 1128.732808][T21853] 1965979 pages RAM
[ 1128.736653][T21853] 0 pages HighMem/MovableOnly
[ 1128.741369][T21853] 1423249 pages reserved
[ 1128.745781][T21853] 0 pages cma reserved
16:18:20 executing program 5:
ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f0000000040))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:20 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1128.749898][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=20018,uid=0
[ 1128.764880][T21853] Out of memory: Killed process 20018 (syz-executor.1) total-vm:75244kB, anon-rss:192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:18:20 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:21 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x1cd200, 0x0)
r2 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r2, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r5, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r3, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f0000000480)={0x178, r5, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xcc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x25}}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x40, @remote, 0x1000}}}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="440429bd7000fedbdf25020000000c00030005000000000000003c00078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="0c00080002000000000000000cabfe000300090000000000"], 0x74}, 0x1, 0x0, 0x0, 0x4000000}, 0x8004)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:21 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140))
ioctl$KDSETLED(0xffffffffffffffff, 0x4b32, 0x2)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r3, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r3, &(0x7f0000000280)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x63565, 0x5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x50}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00')
sendmsg$DEVLINK_CMD_TRAP_GET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x50, r6, 0x605, 0x0, 0x0, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c, 0x82, 'source_mac_is_multicast\x00'}}]}, 0x50}}, 0x0)
sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x100, r6, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x100}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000895)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000240))

16:18:21 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x0, &(0x7f00000000c0)=""/170, 0xaa)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1129.603008][T27293] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[ 1129.964398][T27293] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[ 1130.092046][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1130.104848][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1130.113593][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1130.114629][T21853] Call Trace:
[ 1130.114629][T21853]  dump_stack+0x1c9/0x220
[ 1130.114629][T21853]  dump_header+0x1e7/0xd00
[ 1130.132703][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1130.132703][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1130.132703][T21853]  ? ___ratelimit+0x542/0x720
[ 1130.132703][T21853]  ? task_will_free_mem+0x176/0x830
[ 1130.132703][T21853]  oom_kill_process+0x216/0x580
[ 1130.132703][T21853]  out_of_memory+0x181e/0x1cc0
[ 1130.132703][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1130.132703][T21853]  alloc_pages_current+0x67d/0x990
[ 1130.132703][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1130.132703][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1130.132703][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1130.132703][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1130.197168][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1130.197168][T21853]  ? debug_shrink_set+0x220/0x220
[ 1130.197168][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1130.214277][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1130.214277][T21853]  do_syscall_64+0xb8/0x160
[ 1130.214277][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1130.214277][T21853] RIP: 0033:0x45cb29
[ 1130.214277][T21853] Code: Bad RIP value.
[ 1130.214277][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1130.214277][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1130.214277][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1130.214277][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1130.214277][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1130.214277][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1130.288521][T21853] Mem-Info:
[ 1130.291825][T21853] active_anon:178601 inactive_anon:6859 isolated_anon:0
[ 1130.291825][T21853]  active_file:5836 inactive_file:52777 isolated_file:0
[ 1130.291825][T21853]  unevictable:0 dirty:76 writeback:0 unstable:0
[ 1130.291825][T21853]  slab_reclaimable:5659 slab_unreclaimable:24467
[ 1130.291825][T21853]  mapped:59269 shmem:7095 pagetables:6086 bounce:0
[ 1130.291825][T21853]  free:113620 free_pcp:134 free_cma:0
[ 1130.330180][T21853] Node 0 active_anon:665772kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123920kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1130.359034][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1130.388122][T21853] lowmem_reserve[]: 0 996 1224 1224
16:18:22 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80006)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1130.393554][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639976kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:688kB pagetables:2604kB bounce:0kB free_pcp:140kB local_pcp:136kB free_cma:0kB
[ 1130.425091][T21853] lowmem_reserve[]: 0 0 228 228
[ 1130.430697][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25796kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4428kB pagetables:6700kB bounce:0kB free_pcp:396kB local_pcp:128kB free_cma:0kB
[ 1130.462625][T21853] lowmem_reserve[]: 0 0 0 0
[ 1130.467200][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1130.479341][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1130.496089][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1130.511259][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1130.521034][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1130.530550][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1130.540352][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1130.549821][T21853] 27433 total pagecache pages
[ 1130.554710][T21853] 0 pages in swap cache
[ 1130.558907][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1130.565139][T21853] Free swap  = 0kB
[ 1130.568911][T21853] Total swap = 0kB
[ 1130.572822][T21853] 1965979 pages RAM
[ 1130.576660][T21853] 0 pages HighMem/MovableOnly
[ 1130.581429][T21853] 1423249 pages reserved
[ 1130.585851][T21853] 0 pages cma reserved
[ 1130.589962][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=27290,uid=0
[ 1130.863406][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1130.876072][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1130.884801][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1130.885962][T21853] Call Trace:
[ 1130.885962][T21853]  dump_stack+0x1c9/0x220
[ 1130.885962][T21853]  dump_header+0x1e7/0xd00
[ 1130.885962][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1130.885962][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1130.885962][T21853]  ? ___ratelimit+0x542/0x720
[ 1130.885962][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1130.885962][T21853]  oom_kill_process+0x216/0x580
[ 1130.885962][T21853]  out_of_memory+0x181e/0x1cc0
[ 1130.885962][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1130.885962][T21853]  alloc_pages_current+0x67d/0x990
[ 1130.885962][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1130.885962][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1130.885962][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1130.885962][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1130.885962][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1130.885962][T21853]  ? debug_shrink_set+0x220/0x220
[ 1130.885962][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1130.885962][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1130.885962][T21853]  do_syscall_64+0xb8/0x160
[ 1130.885962][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1130.885962][T21853] RIP: 0033:0x45cb29
[ 1130.885962][T21853] Code: Bad RIP value.
[ 1130.885962][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1130.885962][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1130.885962][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1130.885962][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1130.885962][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1130.885962][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1131.059284][T21853] Mem-Info:
[ 1131.062640][T21853] active_anon:178409 inactive_anon:6859 isolated_anon:0
[ 1131.062640][T21853]  active_file:5836 inactive_file:52787 isolated_file:0
[ 1131.062640][T21853]  unevictable:0 dirty:82 writeback:0 unstable:0
[ 1131.062640][T21853]  slab_reclaimable:5659 slab_unreclaimable:24467
[ 1131.062640][T21853]  mapped:59174 shmem:7095 pagetables:5952 bounce:0
[ 1131.062640][T21853]  free:113817 free_pcp:147 free_cma:0
[ 1131.100847][T21853] Node 0 active_anon:665772kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123920kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1131.129693][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1131.158818][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1131.164263][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639976kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:656kB pagetables:2604kB bounce:0kB free_pcp:172kB local_pcp:136kB free_cma:0kB
[ 1131.195804][T21853] lowmem_reserve[]: 0 0 228 228
[ 1131.200732][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25796kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4412kB pagetables:6700kB bounce:0kB free_pcp:416kB local_pcp:132kB free_cma:0kB
[ 1131.232576][T21853] lowmem_reserve[]: 0 0 0 0
[ 1131.237159][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1131.249250][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1131.265975][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1131.281126][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1131.290909][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1131.300437][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1131.310222][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1131.319707][T21853] 27605 total pagecache pages
[ 1131.324591][T21853] 0 pages in swap cache
[ 1131.328786][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1131.335096][T21853] Free swap  = 0kB
[ 1131.338850][T21853] Total swap = 0kB
[ 1131.342865][T21853] 1965979 pages RAM
[ 1131.346700][T21853] 0 pages HighMem/MovableOnly
[ 1131.351394][T21853] 1423249 pages reserved
[ 1131.355750][T21853] 0 pages cma reserved
16:18:23 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x48803, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xa0, 0x1, 0x8, 0x603, 0x0, 0x0, {0x3, 0x0, 0x4}, [@CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_SYN_SENT2={0x8, 0x9, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_TCP_RETRANS={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88f8}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}]}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xfffff001}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8}]}, @CTA_TIMEOUT_DATA={0x34, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_UDP_REPLIED={0x8, 0x2, 0x1, 0x0, 0x1e}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x40}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7}]}]}, 0xa0}}, 0x20004815)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1131.359880][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19954,uid=0
[ 1131.374851][T21853] Out of memory: Killed process 19954 (syz-executor.1) total-vm:75244kB, anon-rss:192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
16:18:23 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:23 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="98010000", @ANYRES16=r3, @ANYBLOB="000427bd7000ffdbdf2502000000a40001803c000280080001001a000000080003003f000000080002000100000008000300faffffff080004000b000000080001001100000008000200050000000d0001007564703a73797a3200000000040002800d0001007564703a73797a32000000000d0001007564703a73797a32000000001700010069623a76657468315f746f5f62617461647600001700010069623a76657468305f746f5f62617461647600004c0002800400040008000100ff7f00003c0003800800020006000000080001000000000008000200001000000800010005000000080001000004000008000100010100000800020082ae000014000380080002003f0000000800030007000000"], 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x40, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r5, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000180)={0x0, 'veth1_macvtap\x00', {0x1}, 0xfffc})
connect$pppl2tp(r4, &(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x7ff, 0x3, 0x1, 0x2, {0xa, 0x4e21, 0x0, @private0={0xfc, 0x0, [], 0x1}, 0x6}}}, 0x32)

16:18:23 executing program 5:
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r0=>0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
r2 = perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffff7, 0x400007f}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x5)
write$binfmt_misc(r3, &(0x7f0000001d00)=ANY=[@ANYBLOB="5300000044a6aeabc81e1520000000000000001000fff64017db9820000000000000d403ffff633b27e59aa146175dd106736d173f0fc7ec6e26710000000049d2e181baf9459c5c953148c6801d2c090000010000000000a742200765020000000000000080812d274014ae40b8ae4f2a88d2fbea75e16a61fd063f026bd7360627ec60cb274e00da971f7ee096d74c92fad7e34bd5522d45cc36c2442eac2d224609aba9e6000000000000000000000000000000f390d71cc6092c0100b049f3fc65d61c2b3c65f2f80a61ea8577718cf3df1186f5fe54475288cef527baac33bd96963936c5d32d35522b908d7a5c81891961c183f588e6e5860c13c9879a17aa"], 0x14f)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000040)=0x375)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000cc0)=[{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000500)=[{&(0x7f0000000340)}, {&(0x7f0000000480)="ced53c9b8ad0bb64a33bb3adbda777ed83e0151b4ecc42e89c0cd0b4d741b7216c0f966f7af23c88487558ca2aa426ac75b51273ba88f3a4b3df27df268ef5f6f02feafcba66cb4c8a0867b85819d76e66a263152839b9e2871e722dc20c447cc0cf89442a", 0x65}, {&(0x7f00000009c0)="26cdf6ff663c3befaf52919976435ce8e6a45e623693ccd034332cb1d68764a0eac1b2033da9da6f11aa9a1fa8b7b3c4f9a7a2715633267c32e9c78d3bf8ff22515282b46e171fd661c931e75bf2d6217ce4c7578dfa13bcadf8b4d522f4aaed49ff417cec761e47024acaa28bd2f8d2c4765a6ebb42892e7fe41b3c87d55748663e767c6c6d21da61d14e28ddfacd098864fee222c267dad38400ea94c72984e9cfe3982c5dfa0f1dc29a4a98293afeb7f5805e500e52652215c1605c9a9ed2bfeb73f523b6f2e14a8762a4b4ca3d687b9c5d", 0xd3}, {&(0x7f0000000d40)="6c270dfd07a94039b3e581a1216cca893a0a27504a95ace465b4bcb99bb070d526d86053c9a0578c4e190890b6f07105f487ea007a66760f5fb5aefc582bc5411a3e5c9de1943dcebd744f5a499fe9198614be111ca3b9ab147344e51da69b80097229c675b22b3d25a65c70cfac4b9d196193343a50781f7869811bb97afa4d8bc25b77a96ac11ab15b545560255f05027e6b89276a5782de2ac10a97db318f9d487fcb428da97cc202460f58a1b012fb43f1f9a874cca636bf451c22feec3bc05aed1a6217161c97f34e02d6555c48e537c6f80e34", 0xd6}, {&(0x7f0000000e40)="2dc958b35f00741be0976d76d9b26aef0dc8451aa63531a987bc6f57fb2c4c19833074b66add750770968f5be72464253d3761af15a53a1662a2834460c8c12891b035a0f6a121ee08e064ecd566684808ef70675957e8c3a9b9756e186c9a74ea26d8458d3128266097816ff559b398a82a07c783d0ebed90f36f119b1d30727153773a6f2ddf107644a90dd60985f89e7cab9e76c072ef70148ddc9debe51facc5ce9e92b89019da301c7964b2f0f29f37771a1fb7363c3b15ec1120ad1e039700b3b896b92cd537b1973afdf1bb23c8ec730dd4850cfeaef21a", 0xdb}], 0x5, 0x0, 0x0, 0x8005}, {&(0x7f0000000580)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000b80)=[{&(0x7f0000000600)="31a8a74c68e0576d9cd0c4741a0f6839f84fc6baa465a3f1153fbe538f25a929d282536660351a3581028e66de385e10e131124fe3f5ba72073e2d3c3f96cfb6d13ca9b9c6d5a0fee2b32c81839ef87b1843cf32bb270e925b79761d84da87242cd3d95cf159acc29f558ec395850eaaaa9061726fb30646066dd00503f0eec9f7c956570dddedbf0e6692cbf6427e52855de62360ab42e3", 0x98}, {&(0x7f0000000800)="d0a5fa7f0cb087dc535dfdf450ae158bbc5c6c79303c3eebd9d824d333f53078f9f6cb8e76f89d4fb5a1a0caf8a384addf7c760763a1dd76a620ecc2c609911aa557764397da1f5473a207332c65c5e2db9127ed52dc54b0b16703fecf2098a18341a916b13e1c3432acf88389398be97f38883ea36e1ddb21b0c3", 0x7b}, {&(0x7f0000000900)="525ff4c0d7782b41717deb7f1afff48415cd28092b64355e883331de6f58ce5273b3e1cbffb5419e1dafbd06fbfba3cc1b091df7424a9f5f4d0889a1936f8c8df12585d15a2acb32e1694bfaa185709d39e8fc7e37f393305d8fe04e2c5a8fb5f787a2b21a23a4ae7409ecbb499c02937c5fb32383c1a40c454e63d53179ad14101cada44359d2bc922784f11ffbdcb9ace625deb13433cf9a4a6309fef2f8c57420c2181cbecc403ad93fad", 0xac}, {&(0x7f0000000a00)}, {&(0x7f0000000740)="efd0bf25fe40ac2ee963d5580eecffb337e212f47cf2602fae610ae0821cf88788dc6ca033", 0x25}, {&(0x7f0000000ac0)="399d0210dcdacdcfc962b6b1e6a648c706b138082fe892fc7182d998a8ebe7434ed827118dfae41d466b687c54ee7de1a1a7d161c69189c18fa3e6725fb232affdeeeb5f00512d184d7742481fe79bc233f329b9d0d4208db657723a2c2808f0d046a1e794ee44e6fa84bb4588f7797bb32979da462f5021d24ebe82b2a26e871ee8916b24b21ad7ed57a55b9f9157f37f335379b3acef4f56e9b3b95fb732e294f61e226657dd1c9ffe29f78b589084a55a8b66", 0xb4}], 0x6, &(0x7f0000001f00)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES16=r1, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="24000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0xb0, 0x20028041}], 0x2, 0x50)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='fuse\x00', 0x820404, &(0x7f0000000240)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, r0}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@default_permissions='default_permissions'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}], [{@smackfstransmute={'smackfstransmute'}}, {@seclabel='seclabel'}, {@obj_type={'obj_type', 0x3d, '%*-'}}, {@fsname={'fsname', 0x3d, 'cpuset\x00'}}]}})
r5 = getegid()
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x2}, [{0x2, 0x2}, {0x2, 0x1}, {0x2, 0x3}, {0x2, 0x1, r0}], {0x4, 0x5}, [{0x8, 0x0, r5}], {0x10, 0x3}}, 0x4c, 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = dup(r6)
getsockname$packet(r7, 0x0, &(0x7f0000000140))
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="0000000019170563aae474d14326edfd8f8ac9aeb2d4a95c134a8c3db74e109b15df5e5ecf3481cd381ed6f47f83a3f8090500006fdff38f272de19e3b4e614124a00c8bdffd060dd14e79fdfb62e878bf22a14c78dcd63ab2391a46877f3e8c4b", @ANYRES16=r9, @ANYBLOB="0100000000000000000014000000"], 0x14}}, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205647, &(0x7f0000000080)={0x980000, 0x8f, 0x2c4a, <r10=>r8, 0x0, &(0x7f0000000040)={0x9909d5, 0x2, [], @value64=0x5}})
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, &(0x7f00000000c0)={@ipv4={[], [], @local}, 0x80000000, 0x1, 0x2, 0x1, 0x9ed5, 0x80}, 0x20)
r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1131.761466][    C1] sd 0:0:1:0: [sg0] tag#1361 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1131.772205][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB: Test Unit Ready
[ 1131.778826][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.788724][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.798668][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.808552][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.818477][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.828397][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.838328][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.848213][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.858036][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.867960][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.877837][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.887766][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1131.897664][    C1] sd 0:0:1:0: [sg0] tag#1361 CDB[c0]: 00 00 00 00 00 00 00 00
16:18:24 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1132.476280][    C1] sd 0:0:1:0: [sg0] tag#1362 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s
[ 1132.487032][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB: Test Unit Ready
[ 1132.493876][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.503818][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.513725][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.523622][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.533491][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.543682][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.553550][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.563446][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
16:18:24 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:24 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x1a5802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
dup(0xffffffffffffffff)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1132.573369][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.583274][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.593212][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.603186][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1132.613079][    C1] sd 0:0:1:0: [sg0] tag#1362 CDB[c0]: 00 00 00 00 00 00 00 00
16:18:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_sys\x00', 0x0, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000040)="0bba9f91754aa1f117d8ff015bd1c8354ec395988b2e138da2946bdd7ff00b190ec9186210cd2ca5598746a7ffd4ad8a37b6d66124df13427e880d16", &(0x7f00000000c0)=@udp6=r1, 0x2}, 0x20)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:25 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, 0x0, &(0x7f0000000140))
openat$cgroup_int(r2, &(0x7f0000000040)='io.max\x00', 0x2, 0x0)

[ 1133.539328][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1133.552596][T21853] CPU: 1 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1133.561323][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1133.562377][T21853] Call Trace:
[ 1133.562377][T21853]  dump_stack+0x1c9/0x220
[ 1133.562377][T21853]  dump_header+0x1e7/0xd00
[ 1133.562377][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1133.562377][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1133.562377][T21853]  ? ___ratelimit+0x542/0x720
[ 1133.562377][T21853]  ? task_will_free_mem+0x176/0x830
[ 1133.562377][T21853]  oom_kill_process+0x216/0x580
[ 1133.562377][T21853]  out_of_memory+0x181e/0x1cc0
[ 1133.562377][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1133.562377][T21853]  alloc_pages_current+0x67d/0x990
[ 1133.562377][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1133.562377][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1133.562377][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1133.562377][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1133.562377][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1133.562377][T21853]  ? debug_shrink_set+0x220/0x220
[ 1133.562377][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1133.562377][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1133.562377][T21853]  do_syscall_64+0xb8/0x160
[ 1133.562377][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1133.562377][T21853] RIP: 0033:0x45cb29
[ 1133.562377][T21853] Code: Bad RIP value.
[ 1133.562377][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1133.562377][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1133.562377][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1133.562377][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1133.562377][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1133.562377][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1133.736225][T21853] Mem-Info:
[ 1133.739524][T21853] active_anon:178449 inactive_anon:6859 isolated_anon:0
[ 1133.739524][T21853]  active_file:5836 inactive_file:52940 isolated_file:0
[ 1133.739524][T21853]  unevictable:0 dirty:109 writeback:1 unstable:0
[ 1133.739524][T21853]  slab_reclaimable:5659 slab_unreclaimable:24466
[ 1133.739524][T21853]  mapped:59225 shmem:7095 pagetables:5974 bounce:0
[ 1133.739524][T21853]  free:113691 free_pcp:157 free_cma:0
[ 1133.777821][T21853] Node 0 active_anon:665748kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123920kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1133.806595][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1133.835694][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1133.840968][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639956kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:640kB pagetables:2604kB bounce:0kB free_pcp:208kB local_pcp:156kB free_cma:0kB
[ 1133.872710][T21853] lowmem_reserve[]: 0 0 228 228
[ 1133.877653][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25792kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4412kB pagetables:6700kB bounce:0kB free_pcp:420kB local_pcp:136kB free_cma:0kB
[ 1133.909657][T21853] lowmem_reserve[]: 0 0 0 0
[ 1133.914472][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1133.926543][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1133.943232][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1133.958352][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1133.968138][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1133.977676][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1133.987543][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1134.003357][T21853] 27435 total pagecache pages
[ 1134.008087][T21853] 0 pages in swap cache
[ 1134.012435][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1134.018554][T21853] Free swap  = 0kB
[ 1134.022411][T21853] Total swap = 0kB
[ 1134.026174][T21853] 1965979 pages RAM
[ 1134.030016][T21853] 0 pages HighMem/MovableOnly
[ 1134.034829][T21853] 1423249 pages reserved
16:18:26 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

[ 1134.039111][T21853] 0 pages cma reserved
[ 1134.043331][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=27317,uid=0
16:18:26 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:26 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(0xffffffffffffffff)
r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x400, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000240)={0x1, 0x1, &(0x7f0000000080)=""/196, &(0x7f0000000180)=""/189, &(0x7f00000002c0)=""/158, 0x100000})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x2400, 0x3)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:26 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r2, 0xc0845657, &(0x7f0000000040)={0x0, @reserved})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:27 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:27 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x2)

16:18:27 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r2 = dup(r1)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r1, r2, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r3, 0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:27 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:28 executing program 0:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x581802, 0x0)
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f13000)={0xa, 0xe22}, 0x1c)
socketpair(0x1a, 0x7d21cefce91a88ea, 0xb6d, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r3, 0x1}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)={0x118, r3, 0x400, 0x70bd27, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0xa4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x4}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x4, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth1_to_batadv\x00'}}, @TIPC_NLA_BEARER_NAME={0x17, 0x1, @l2={'ib', 0x3a, 'veth0_to_batadv\x00'}}]}, @TIPC_NLA_SOCK={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fff}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x101}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xae82}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}]}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x40004)
sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x3, {{0x43, 0x2}, 0x2}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000080)="86893eeef9b80335b8", 0x9}, {&(0x7f0000000100)="47a66376e4f773302918496100c36d698b226472ddc5e5a27ff85a4e4b86955fbd2a8c6cc1420ec9671bbe63ad4b50905b702681eb1b91453e6e524da88aade8c81f5b", 0x43}, {&(0x7f0000000180)="048ffd67b19fe6ee02547f34921c49ffb469aa5f4387934ba5e24609df9ae61481685ee4e82112635b22d6f93875aa8c87a8c671c13631d07898d05e066bfc94e264a16d9d8d217b32c00a38ba90ace09ed5870efdf1c388ecaea897e1d460231d3a510f3a7a63eebe46dd8435a5f5984e792af31732a05766f746346d07f6ab1f33aed19b2035318a52e9b8fb982e48a27edab26857f8f3091beb13d62e1a54d9b2e61d6472ec060e4be91af8", 0xad}, {&(0x7f00000002c0)="b5226f95909526e546e8dabeef225ca5f317e271d3b37d28af4dfd4d020f6325bbf0773f244ef4591d751403905d03eeb1d9ae807472111efdc7fbf8c9d12c2594e114d24ec9f4c3f7ae6a1b149cc7461de2478c7cfd68c4963712a7b1e4c6ef3110a79145be0c3e3352c51d2a0734b50022544fa9e9f95fc7398866cffe92cd8f7674a52efba9fd5c24226e16b3f8593f01360e1cf7de3bcac77cb433824f1e5a2e638ecb3d9ac70de94dcab003216ee5462d6f46f0760af381711f95", 0xbd}], 0x4, &(0x7f0000000480)="bb518a819c29ca6a8df8e0c9d5174e8d625980b9e2cda47132a95e1fcf93cc77b6ecf43501cdcc87d0e2ab2034ddb4207f2db3c012efe4c2126e3507bbfd35e74facb742cf6dac15d09763ea64522791f43ef9aa80cfe4e402a36871c62035dbb119d998a7f90e1d9d5b64d33e31e913699e27187e7cc499212bbb5d9e2a8fe73299f9d841c8324c5b73815f7620470506fc8063466e3eee8aa41a259b260534", 0xa0, 0x1}, 0x24000005)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r5, 0x1}, 0x14}}, 0x0)
socket$bt_cmtp(0x1f, 0x3, 0x5)
r6 = dup(r0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:28 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:28 executing program 5:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'ip6erspan0\x00', {0x2, 0x4e22, @empty}})
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x882200})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='trusted.overlay.opaque\x00', &(0x7f0000000200)='y\x00', 0x2, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
read$snddsp(r4, &(0x7f0000000100)=""/174, 0xae)

16:18:28 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0x2, 0x0, &(0x7f0000000280))
r1 = dup(r0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, 0x0, &(0x7f00000001c0))
sendfile(r0, r1, 0x0, 0x80006)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x228002, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
syslog(0x4, &(0x7f00000000c0)=""/170, 0xaa)
sendfile(r2, 0xffffffffffffffff, 0x0, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:28 executing program 1:
bpf$MAP_CREATE(0x0, 0x0, 0xfffffffffffffea7)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x1, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x10)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8983, &(0x7f0000000740)={0x7, 'bridge_slave_1\x00', {0x4}, 0x7fff})
getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00')
sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {}, {0x8}}}, 0x24}}, 0x0)
sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r2, 0x3, 0x70bd2c, 0x25dfdbfd, {{}, {}, {0x8, 0x11, 0x8}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40004)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f0000000000)={0x0, 0x882200})

16:18:28 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

[ 1136.816268][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1136.829057][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1136.837801][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1136.838874][T21853] Call Trace:
[ 1136.838874][T21853]  dump_stack+0x1c9/0x220
[ 1136.838874][T21853]  dump_header+0x1e7/0xd00
[ 1136.838874][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1136.838874][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1136.838874][T21853]  ? ___ratelimit+0x542/0x720
[ 1136.838874][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1136.838874][T21853]  oom_kill_process+0x216/0x580
[ 1136.838874][T21853]  out_of_memory+0x181e/0x1cc0
[ 1136.838874][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1136.838874][T21853]  alloc_pages_current+0x67d/0x990
[ 1136.838874][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1136.838874][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1136.838874][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1136.919024][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1136.919024][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1136.919024][T21853]  ? debug_shrink_set+0x220/0x220
[ 1136.919024][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1136.919024][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1136.919024][T21853]  do_syscall_64+0xb8/0x160
[ 1136.919024][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1136.919024][T21853] RIP: 0033:0x45cb29
[ 1136.919024][T21853] Code: Bad RIP value.
[ 1136.919024][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1136.919024][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1136.919024][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1136.919024][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1136.919024][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1136.919024][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1137.012968][T21853] Mem-Info:
[ 1137.016258][T21853] active_anon:178414 inactive_anon:6859 isolated_anon:0
[ 1137.016258][T21853]  active_file:5835 inactive_file:52913 isolated_file:0
[ 1137.016258][T21853]  unevictable:0 dirty:100 writeback:17 unstable:0
[ 1137.016258][T21853]  slab_reclaimable:5659 slab_unreclaimable:24466
[ 1137.016258][T21853]  mapped:59196 shmem:7095 pagetables:5952 bounce:0
[ 1137.016258][T21853]  free:113742 free_pcp:157 free_cma:0
[ 1137.054585][T21853] Node 0 active_anon:665748kB inactive_anon:19164kB active_file:0kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123928kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1137.083324][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1137.112472][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1137.117743][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639956kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:640kB pagetables:2604kB bounce:0kB free_pcp:208kB local_pcp:52kB free_cma:0kB
[ 1137.149781][T21853] lowmem_reserve[]: 0 0 228 228
[ 1137.154855][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25792kB inactive_anon:19160kB active_file:0kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4412kB pagetables:6700kB bounce:0kB free_pcp:420kB local_pcp:284kB free_cma:0kB
[ 1137.186727][T21853] lowmem_reserve[]: 0 0 0 0
[ 1137.191307][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
16:18:29 executing program 3:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000800)='/dev/nullb0\x00', 0x802, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000)='/dev/nullb0\x00', 0x101802, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8983, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
syslog(0x4, 0x0, 0x0)
dup(0xffffffffffffffff)
ioctl$BLKZEROOUT(r0, 0x127f, 0x0)

[ 1137.203464][T21853] Node 0 DMA32: 908*4kB (UME) 453*8kB (M) 219*16kB (UM) 141*32kB (M) 112*64kB (UM) 57*128kB (M) 35*256kB (UM) 7*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 43304kB
[ 1137.221156][T21853] Node 0 Normal: 984*4kB (UM) 392*8kB (UM) 78*16kB (UM) 24*32kB (UM) 5*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB
[ 1137.236269][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1137.246046][T21853] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1137.255576][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1137.265546][T21853] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[ 1137.275028][T21853] 27585 total pagecache pages
[ 1137.279750][T21853] 0 pages in swap cache
[ 1137.284157][T21853] Swap cache stats: add 0, delete 0, find 0/0
[ 1137.286346][T27390] =====================================================
[ 1137.290262][T21853] Free swap  = 0kB
[ 1137.291819][T27390] BUG: KMSAN: uninit-value in __tipc_nl_compat_dumpit+0x583/0x1290
[ 1137.291819][T27390] CPU: 1 PID: 27390 Comm: syz-executor.1 Not tainted 5.7.0-rc4-syzkaller #0
[ 1137.291819][T27390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.294035][T27390] Call Trace:
[ 1137.294035][T27390]  dump_stack+0x1c9/0x220
[ 1137.294035][T27390]  kmsan_report+0xf7/0x1e0
[ 1137.294035][T27390]  __msan_warning+0x58/0xa0
[ 1137.294035][T27390]  __tipc_nl_compat_dumpit+0x583/0x1290
[ 1137.301089][T21853] Total swap = 0kB
[ 1137.294035][T27390]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.294035][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.294035][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.294035][T27390]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.294035][T27390]  ? __alloc_skb+0x762/0xac0
[ 1137.294035][T27390]  tipc_nl_compat_dumpit+0x761/0x910
[ 1137.294035][T27390]  tipc_nl_compat_recv+0x1382/0x2940
[ 1137.317931][T21853] 1965979 pages RAM
[ 1137.294035][T27390]  ? kmsan_get_metadata+0x4f/0x180
[ 1137.294035][T27390]  ? tipc_nl_node_reset_link_stats+0x600/0x600
[ 1137.294035][T27390]  ? tipc_nl_compat_link_stat_dump+0x2860/0x2860
[ 1137.294035][T27390]  ? tipc_netlink_compat_stop+0x40/0x40
[ 1137.294035][T27390]  genl_rcv_msg+0x20dc/0x2480
[ 1137.294035][T27390]  netlink_rcv_skb+0x451/0x650
[ 1137.331336][T21853] 0 pages HighMem/MovableOnly
[ 1137.294035][T27390]  ? genl_unbind+0x380/0x380
[ 1137.294035][T27390]  genl_rcv+0x63/0x80
[ 1137.294035][T27390]  netlink_unicast+0xf9e/0x1100
[ 1137.294035][T27390]  ? genl_pernet_exit+0x90/0x90
[ 1137.294035][T27390]  netlink_sendmsg+0x1246/0x14d0
[ 1137.340520][T21853] 1423249 pages reserved
[ 1137.294035][T27390]  ? netlink_getsockopt+0x1440/0x1440
[ 1137.294035][T27390]  ____sys_sendmsg+0x12b6/0x1350
[ 1137.294035][T27390]  __sys_sendmsg+0x623/0x750
[ 1137.294035][T27390]  ? kmsan_copy_to_user+0x81/0x90
[ 1137.350682][T21853] 0 pages cma reserved
[ 1137.294035][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.294035][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.294035][T27390]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1137.294035][T27390]  ? prepare_exit_to_usermode+0x1ca/0x520
[ 1137.294035][T27390]  __se_sys_sendmsg+0x97/0xb0
[ 1137.294035][T27390]  __x64_sys_sendmsg+0x4a/0x70
[ 1137.360357][T21853] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19888,uid=0
[ 1137.294035][T27390]  do_syscall_64+0xb8/0x160
[ 1137.294035][T27390]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1137.294035][T27390] RIP: 0033:0x45cb29
[ 1137.294035][T27390] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1137.294035][T27390] RSP: 002b:00007f98f015bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1137.294035][T27390] RAX: ffffffffffffffda RBX: 0000000000501960 RCX: 000000000045cb29
[ 1137.294035][T27390] RDX: 0000000000040004 RSI: 0000000020000100 RDI: 0000000000000003
[ 1137.370976][T21853] Out of memory: Killed process 19888 (syz-executor.1) total-vm:75244kB, anon-rss:192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[ 1137.294035][T27390] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000
[ 1137.294035][T27390] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1137.294035][T27390] R13: 0000000000000a0b R14: 00000000004cceb9 R15: 00007f98f015c6d4
[ 1137.294035][T27390] 
[ 1137.294035][T27390] Uninit was created at:
[ 1137.294035][T27390]  kmsan_internal_poison_shadow+0x66/0xd0
[ 1137.294035][T27390]  kmsan_slab_alloc+0x8a/0xe0
[ 1137.294035][T27390]  __kmalloc_node_track_caller+0xb40/0x1200
[ 1137.465974][T21853] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000
[ 1137.402591][T27390]  __alloc_skb+0x2fd/0xac0
[ 1137.475270][T21853] CPU: 0 PID: 21853 Comm: syz-executor.2 Not tainted 5.7.0-rc4-syzkaller #0
[ 1137.402591][T27390]  tipc_nl_compat_dumpit+0x6e4/0x910
[ 1137.484218][T21853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.402591][T27390]  tipc_nl_compat_recv+0x1382/0x2940
[ 1137.485160][T21853] Call Trace:
[ 1137.402591][T27390]  genl_rcv_msg+0x20dc/0x2480
[ 1137.485160][T21853]  dump_stack+0x1c9/0x220
[ 1137.402591][T27390]  netlink_rcv_skb+0x451/0x650
[ 1137.485160][T21853]  dump_header+0x1e7/0xd00
[ 1137.402591][T27390]  genl_rcv+0x63/0x80
[ 1137.485160][T21853]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.402591][T27390]  netlink_unicast+0xf9e/0x1100
[ 1137.485160][T21853]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[ 1137.402591][T27390]  netlink_sendmsg+0x1246/0x14d0
[ 1137.485160][T21853]  ? ___ratelimit+0x542/0x720
[ 1137.402591][T27390]  ____sys_sendmsg+0x12b6/0x1350
[ 1137.485160][T21853]  ? task_will_free_mem+0x2c9/0x830
[ 1137.402591][T27390]  __sys_sendmsg+0x623/0x750
[ 1137.485160][T21853]  oom_kill_process+0x216/0x580
[ 1137.402591][T27390]  __se_sys_sendmsg+0x97/0xb0
[ 1137.485160][T21853]  out_of_memory+0x181e/0x1cc0
[ 1137.402591][T27390]  __x64_sys_sendmsg+0x4a/0x70
[ 1137.485160][T21853]  __alloc_pages_nodemask+0x4a18/0x5dc0
[ 1137.402591][T27390]  do_syscall_64+0xb8/0x160
[ 1137.485160][T21853]  alloc_pages_current+0x67d/0x990
[ 1137.402591][T27390]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1137.485160][T21853]  ion_page_pool_alloc+0x6db/0x830
[ 1137.402591][T27390] =====================================================
[ 1137.485160][T21853]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.402591][T27390] Disabling lock debugging due to kernel taint
[ 1137.485160][T21853]  ion_system_heap_allocate+0x3bd/0x13f0
[ 1137.402591][T27390] Kernel panic - not syncing: panic_on_warn set ...
[ 1137.485160][T21853]  ? ion_system_contig_heap_create+0x210/0x210
[ 1137.485160][T21853]  ion_ioctl+0x79d/0x1fc0
[ 1137.485160][T21853]  ? debug_shrink_set+0x220/0x220
[ 1137.485160][T21853]  __se_sys_ioctl+0x2e9/0x410
[ 1137.485160][T21853]  __x64_sys_ioctl+0x4a/0x70
[ 1137.485160][T21853]  do_syscall_64+0xb8/0x160
[ 1137.485160][T21853]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1137.485160][T21853] RIP: 0033:0x45cb29
[ 1137.485160][T21853] Code: Bad RIP value.
[ 1137.485160][T21853] RSP: 002b:00007fe7a4717c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1137.485160][T21853] RAX: ffffffffffffffda RBX: 00000000004e74a0 RCX: 000000000045cb29
[ 1137.485160][T21853] RDX: 0000000020000000 RSI: 00000000c0184900 RDI: 0000000000000005
[ 1137.485160][T21853] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1137.485160][T21853] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1137.485160][T21853] R13: 0000000000000378 R14: 00000000004c61aa R15: 00007fe7a47186d4
[ 1137.402591][T27390] CPU: 1 PID: 27390 Comm: syz-executor.1 Tainted: G    B             5.7.0-rc4-syzkaller #0
[ 1137.933475][T21853] Mem-Info:
[ 1137.933331][T27390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1137.933331][T27390] Call Trace:
[ 1137.933331][T27390]  dump_stack+0x1c9/0x220
[ 1137.933331][T27390]  panic+0x3d5/0xc3e
[ 1137.933331][T27390]  kmsan_report+0x1df/0x1e0
[ 1137.945952][T21853] active_anon:178352 inactive_anon:6859 isolated_anon:0
[ 1137.945952][T21853]  active_file:5836 inactive_file:52926 isolated_file:0
[ 1137.945952][T21853]  unevictable:0 dirty:103 writeback:0 unstable:0
[ 1137.945952][T21853]  slab_reclaimable:5659 slab_unreclaimable:24466
[ 1137.945952][T21853]  mapped:59188 shmem:7095 pagetables:5902 bounce:0
[ 1137.945952][T21853]  free:113683 free_pcp:227 free_cma:0
[ 1137.933331][T27390]  __msan_warning+0x58/0xa0
[ 1137.933331][T27390]  __tipc_nl_compat_dumpit+0x583/0x1290
[ 1137.933331][T27390]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.933331][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.933331][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1137.933331][T27390]  ? kmsan_get_shadow_origin_ptr+0x81/0xb0
[ 1137.933331][T27390]  ? __alloc_skb+0x762/0xac0
[ 1137.960321][T21853] Node 0 active_anon:665608kB inactive_anon:19164kB active_file:4kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:123932kB dirty:4kB writeback:0kB shmem:20060kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 493568kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes
[ 1137.933331][T27390]  tipc_nl_compat_dumpit+0x761/0x910
[ 1137.933331][T27390]  tipc_nl_compat_recv+0x1382/0x2940
[ 1137.933331][T27390]  ? kmsan_get_metadata+0x4f/0x180
[ 1137.933331][T27390]  ? tipc_nl_node_reset_link_stats+0x600/0x600
[ 1137.968551][T21853] Node 0 DMA free:4096kB min:168kB low:208kB high:248kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1137.933331][T27390]  ? tipc_nl_compat_link_stat_dump+0x2860/0x2860
[ 1137.933331][T27390]  ? tipc_netlink_compat_stop+0x40/0x40
[ 1137.933331][T27390]  genl_rcv_msg+0x20dc/0x2480
[ 1137.933331][T27390]  netlink_rcv_skb+0x451/0x650
[ 1138.011353][T21853] lowmem_reserve[]: 0 996 1224 1224
[ 1137.933331][T27390]  ? genl_unbind+0x380/0x380
[ 1137.933331][T27390]  genl_rcv+0x63/0x80
[ 1137.933331][T27390]  netlink_unicast+0xf9e/0x1100
[ 1137.933331][T27390]  ? genl_pernet_exit+0x90/0x90
[ 1137.933331][T27390]  netlink_sendmsg+0x1246/0x14d0
[ 1138.021279][T21853] Node 0 DMA32 free:43304kB min:42412kB low:53012kB high:63612kB reserved_highatomic:0KB active_anon:639828kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:1019904kB mlocked:0kB kernel_stack:624kB pagetables:2504kB bounce:0kB free_pcp:476kB local_pcp:320kB free_cma:0kB
[ 1137.933331][T27390]  ? netlink_getsockopt+0x1440/0x1440
[ 1137.933331][T27390]  ____sys_sendmsg+0x12b6/0x1350
[ 1137.933331][T27390]  __sys_sendmsg+0x623/0x750
[ 1137.933331][T27390]  ? kmsan_copy_to_user+0x81/0x90
[ 1138.032550][T21853] lowmem_reserve[]: 0 0 228 228
[ 1137.933331][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1138.043637][T21853] Node 0 Normal free:9536kB min:9708kB low:12132kB high:14556kB reserved_highatomic:0KB active_anon:25780kB inactive_anon:19160kB active_file:4kB inactive_file:108kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:4412kB pagetables:6700kB bounce:0kB free_pcp:432kB local_pcp:296kB free_cma:0kB
[ 1137.933331][T27390]  ? kmsan_get_metadata+0x11d/0x180
[ 1138.076782][T21853] lowmem_reserve[]: 0 0 0 0
[ 1137.933331][T27390]  ? __msan_metadata_ptr_for_load_4+0x10/0x20
[ 1137.933331][T27390]  ? prepare_exit_to_usermode+0x1ca/0x520
[ 1137.933331][T27390]  __se_sys_sendmsg+0x97/0xb0
[ 1137.933331][T27390]  __x64_sys_sendmsg+0x4a/0x70
[ 1137.933331][T27390]  do_syscall_64+0xb8/0x160
[ 1138.087268][T21853] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB
[ 1137.933331][T27390]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1137.933331][T27390] RIP: 0033:0x45cb29
[ 1137.933331][T27390] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1137.933331][T27390] RSP: 002b:00007f98f015bc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1137.933331][T27390] RAX: ffffffffffffffda RBX: 0000000000501960 RCX: 000000000045cb29
[ 1137.933331][T27390] RDX: 0000000000040004 RSI: 0000000020000100 RDI: 0000000000000003
[ 1137.933331][T27390] RBP: 000000000078c0e0 R08: 0000000000000000 R09: 0000000000000000
[ 1137.933331][T27390] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
[ 1137.933331][T27390] R13: 0000000000000a0b R14: 00000000004cceb9 R15: 00007f98f015c6d4
[ 1137.933331][T27390] Kernel Offset: 0x15e00000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
[ 1137.933331][T27390] Rebooting in 86400 seconds..