6] ? trace_hardirqs_on_caller+0x6a/0x220 [ 558.238349] ? page_fault+0x8/0x30 [ 558.238368] do_page_fault+0x71/0x57d [ 558.242518] loop5: p139 start 1 is beyond EOD, truncated [ 558.247302] ? page_fault+0x8/0x30 [ 558.247317] page_fault+0x1e/0x30 [ 558.247328] RIP: 0033:0x40f7d0 [ 558.247342] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 558.247355] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 558.251815] loop5: p140 start 1 is beyond EOD, truncated [ 558.257212] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 558.257221] RDX: fffffffffffffff7 RSI: 0000000000001dab RDI: 0000000000000003 [ 558.257228] RBP: 0000000000000000 R08: 0000000049ed3daa R09: 0000000049ed3dae [ 558.257235] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 558.257243] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 558.295368] Task in /syz1 killed as a result of limit of /syz1 [ 558.317040] loop5: p141 start 1 is beyond EOD, truncated [ 558.318975] memory: usage 301356kB, limit 307200kB, failcnt 1375 [ 558.322701] loop5: p142 start 1 is beyond EOD, truncated [ 558.327920] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 558.336353] loop5: p143 start 1 is beyond EOD, truncated [ 558.337422] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 558.344044] loop5: p144 start 1 is beyond EOD, truncated [ 558.346824] Memory cgroup stats for /syz1: cache:28KB rss:291692KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:75304KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:196888KB [ 558.353270] loop5: p145 start 1 is beyond EOD, truncated [ 558.355143] Memory cgroup out of memory: Kill process 24429 (syz-executor.1) score 1226 or sacrifice child [ 558.360712] loop5: p146 start 1 is beyond EOD, truncated [ 558.366297] Killed process 24429 (syz-executor.1) total-vm:72720kB, anon-rss:18260kB, file-rss:54376kB, shmem-rss:0kB [ 558.375055] loop5: p147 start 1 is beyond EOD, truncated [ 558.598757] loop5: p148 start 1 is beyond EOD, truncated [ 558.604295] loop5: p149 start 1 is beyond EOD, truncated [ 558.609927] loop5: p150 start 1 is beyond EOD, truncated [ 558.615385] loop5: p151 start 1 is beyond EOD, truncated [ 558.620946] loop5: p152 start 1 is beyond EOD, truncated [ 558.626467] loop5: p153 start 1 is beyond EOD, truncated [ 558.631920] loop5: p154 start 1 is beyond EOD, truncated [ 558.637552] loop5: p155 start 1 is beyond EOD, truncated [ 558.643017] loop5: p156 start 1 is beyond EOD, truncated [ 558.648536] loop5: p157 start 1 is beyond EOD, truncated [ 558.654120] loop5: p158 start 1 is beyond EOD, truncated [ 558.659695] loop5: p159 start 1 is beyond EOD, truncated [ 558.665155] loop5: p160 start 1 is beyond EOD, truncated [ 558.670773] loop5: p161 start 1 is beyond EOD, truncated [ 558.676323] loop5: p162 start 1 is beyond EOD, truncated [ 558.681805] loop5: p163 start 1 is beyond EOD, truncated [ 558.687343] loop5: p164 start 1 is beyond EOD, truncated [ 558.692799] loop5: p165 start 1 is beyond EOD, truncated [ 558.698345] loop5: p166 start 1 is beyond EOD, truncated [ 558.703799] loop5: p167 start 1 is beyond EOD, truncated [ 558.709329] loop5: p168 start 1 is beyond EOD, truncated [ 558.714783] loop5: p169 start 1 is beyond EOD, truncated [ 558.720311] loop5: p170 start 1 is beyond EOD, truncated [ 558.726862] loop5: p171 start 1 is beyond EOD, truncated [ 558.732326] loop5: p172 start 1 is beyond EOD, truncated [ 558.737880] loop5: p173 start 1 is beyond EOD, truncated [ 558.743341] loop5: p174 start 1 is beyond EOD, truncated [ 558.748951] loop5: p175 start 1 is beyond EOD, truncated [ 558.754475] loop5: p176 start 1 is beyond EOD, truncated [ 558.760277] loop5: p177 start 1 is beyond EOD, truncated [ 558.765927] loop5: p178 start 1 is beyond EOD, truncated [ 558.771511] loop5: p179 start 1 is beyond EOD, truncated [ 558.777069] loop5: p180 start 1 is beyond EOD, truncated [ 558.782542] loop5: p181 start 1 is beyond EOD, truncated [ 558.788080] loop5: p182 start 1 is beyond EOD, truncated [ 558.793546] loop5: p183 start 1 is beyond EOD, truncated [ 558.799183] loop5: p184 start 1 is beyond EOD, truncated [ 558.804643] loop5: p185 start 1 is beyond EOD, truncated [ 558.810239] loop5: p186 start 1 is beyond EOD, truncated [ 558.815837] loop5: p187 start 1 is beyond EOD, truncated [ 558.821359] loop5: p188 start 1 is beyond EOD, truncated [ 558.826864] loop5: p189 start 1 is beyond EOD, truncated [ 558.832425] loop5: p190 start 1 is beyond EOD, truncated [ 558.837966] loop5: p191 start 1 is beyond EOD, truncated [ 558.843421] loop5: p192 start 1 is beyond EOD, truncated [ 558.848947] loop5: p193 start 1 is beyond EOD, truncated [ 558.854413] loop5: p194 start 1 is beyond EOD, truncated [ 558.860000] loop5: p195 start 1 is beyond EOD, truncated [ 558.865459] loop5: p196 start 1 is beyond EOD, truncated [ 558.870996] loop5: p197 start 1 is beyond EOD, truncated [ 558.876531] loop5: p198 start 1 is beyond EOD, truncated [ 558.881993] loop5: p199 start 1 is beyond EOD, truncated [ 558.887538] loop5: p200 start 1 is beyond EOD, truncated [ 558.893090] loop5: p201 start 1 is beyond EOD, truncated [ 558.898722] loop5: p202 start 1 is beyond EOD, truncated [ 558.904215] loop5: p203 start 1 is beyond EOD, truncated [ 558.909740] loop5: p204 start 1 is beyond EOD, truncated [ 558.915240] loop5: p205 start 1 is beyond EOD, truncated [ 558.921401] loop5: p206 start 1 is beyond EOD, truncated [ 558.926941] loop5: p207 start 1 is beyond EOD, truncated [ 558.932396] loop5: p208 start 1 is beyond EOD, truncated [ 558.937943] loop5: p209 start 1 is beyond EOD, truncated [ 558.943400] loop5: p210 start 1 is beyond EOD, truncated [ 558.948934] loop5: p211 start 1 is beyond EOD, truncated [ 558.954404] loop5: p212 start 1 is beyond EOD, truncated [ 558.959953] loop5: p213 start 1 is beyond EOD, truncated [ 558.965426] loop5: p214 start 1 is beyond EOD, truncated [ 558.970954] loop5: p215 start 1 is beyond EOD, truncated [ 558.976501] loop5: p216 start 1 is beyond EOD, truncated [ 558.981959] loop5: p217 start 1 is beyond EOD, truncated [ 558.987475] loop5: p218 start 1 is beyond EOD, truncated [ 558.992942] loop5: p219 start 1 is beyond EOD, truncated [ 558.998662] loop5: p220 start 1 is beyond EOD, truncated [ 559.004116] loop5: p221 start 1 is beyond EOD, truncated [ 559.009663] loop5: p222 start 1 is beyond EOD, truncated [ 559.015145] loop5: p223 start 1 is beyond EOD, truncated [ 559.020696] loop5: p224 start 1 is beyond EOD, truncated [ 559.026522] loop5: p225 start 1 is beyond EOD, truncated [ 559.031983] loop5: p226 start 1 is beyond EOD, truncated [ 559.037582] loop5: p227 start 1 is beyond EOD, truncated [ 559.043144] loop5: p228 start 1 is beyond EOD, truncated [ 559.048806] loop5: p229 start 1 is beyond EOD, truncated [ 559.054298] loop5: p230 start 1 is beyond EOD, truncated [ 559.059848] loop5: p231 start 1 is beyond EOD, truncated [ 559.065367] loop5: p232 start 1 is beyond EOD, truncated [ 559.070926] loop5: p233 start 1 is beyond EOD, truncated [ 559.076488] loop5: p234 start 1 is beyond EOD, truncated [ 559.081949] loop5: p235 start 1 is beyond EOD, truncated [ 559.087486] loop5: p236 start 1 is beyond EOD, truncated [ 559.092946] loop5: p237 start 1 is beyond EOD, truncated [ 559.098511] loop5: p238 start 1 is beyond EOD, truncated [ 559.104051] loop5: p239 start 1 is beyond EOD, truncated [ 559.109581] loop5: p240 start 1 is beyond EOD, truncated [ 559.115043] loop5: p241 start 1 is beyond EOD, truncated [ 559.120618] loop5: p242 start 1 is beyond EOD, truncated [ 559.126376] loop5: p243 start 1 is beyond EOD, truncated [ 559.131844] loop5: p244 start 1 is beyond EOD, truncated [ 559.137434] loop5: p245 start 1 is beyond EOD, truncated [ 559.142900] loop5: p246 start 1 is beyond EOD, truncated [ 559.148435] loop5: p247 start 1 is beyond EOD, truncated [ 559.153897] loop5: p248 start 1 is beyond EOD, truncated [ 559.159520] loop5: p249 start 1 is beyond EOD, truncated [ 559.165067] loop5: p250 start 1 is beyond EOD, truncated [ 559.170606] loop5: p251 start 1 is beyond EOD, truncated [ 559.176059] loop5: p252 start 1 is beyond EOD, truncated [ 559.181613] loop5: p253 start 1 is beyond EOD, truncated [ 559.187250] loop5: p254 start 1 is beyond EOD, truncated [ 559.192707] loop5: p255 start 1 is beyond EOD, truncated 14:29:20 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendto$inet(0xffffffffffffffff, 0x0, 0xffffffffffffffba, 0x0, 0x0, 0xb2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x10, 0x2, 0x0) bind$netlink(r2, &(0x7f00000000c0)={0x10, 0x0, 0x1}, 0xc) connect$netlink(0xffffffffffffffff, 0x0, 0x0) 14:29:20 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xfffff000}, 0x0) 14:29:20 executing program 0: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:20 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:20 executing program 4: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) ftruncate(r1, 0x2081ff) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000180)=0x0) io_submit(r3, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r2, &(0x7f0000000000), 0x10000}]) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000200)) 14:29:20 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) [ 559.318262] encrypted_key: key description must be 16 hexadecimal characters long 14:29:21 executing program 0: mkdir(0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xffffff7f}, 0x0) 14:29:21 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:21 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_xfrm(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000880)=@flushpolicy={0x1c, 0x1d, 0x1, 0x0, 0x0, "", [@policy_type={0xc, 0x10, {0x1}}]}, 0x1c}}, 0x0) 14:29:21 executing program 0: mkdir(0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 559.685742] encrypted_key: key description must be 16 hexadecimal characters long 14:29:21 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:21 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)="2beb5c4cea", 0x5}], 0x1}, 0x8800) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xfdef}], 0x1) 14:29:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xffffff9e}, 0x0) 14:29:21 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:21 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:21 executing program 0: mkdir(0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:22 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:22 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:22 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:22 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xfffffff0}, 0x0) [ 560.515485] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 560.555944] 9pnet: Insufficient options for proto=fd [ 560.561461] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 560.573439] CPU: 1 PID: 24522 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 560.581369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 560.590738] Call Trace: [ 560.593377] dump_stack+0x197/0x210 [ 560.597121] dump_header+0x15e/0xa55 [ 560.600861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 560.606120] ? ___ratelimit+0x60/0x595 [ 560.610025] ? do_raw_spin_unlock+0x181/0x270 [ 560.614658] oom_kill_process.cold+0x10/0x6ef [ 560.619185] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 560.624742] ? task_will_free_mem+0x139/0x6e0 [ 560.629258] ? find_held_lock+0x35/0x130 [ 560.633337] out_of_memory+0x362/0x1330 [ 560.637340] ? lock_downgrade+0x880/0x880 [ 560.641516] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 560.646649] ? oom_killer_disable+0x280/0x280 [ 560.651165] ? find_held_lock+0x35/0x130 [ 560.655270] mem_cgroup_out_of_memory+0x1d2/0x240 [ 560.660137] ? memcg_event_wake+0x230/0x230 [ 560.664584] ? do_raw_spin_unlock+0x181/0x270 [ 560.669107] ? _raw_spin_unlock+0x2d/0x50 [ 560.673276] try_charge+0xec5/0x1490 [ 560.677038] ? lock_downgrade+0x880/0x880 [ 560.681241] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 560.686110] ? rcu_read_unlock+0x33/0x60 [ 560.690371] ? get_mem_cgroup_from_mm+0x185/0x510 [ 560.695232] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 560.701309] ? mark_held_locks+0x100/0x100 [ 560.705567] mem_cgroup_try_charge+0x259/0x6b0 [ 560.710177] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 560.715129] __handle_mm_fault+0x1e50/0x3f80 [ 560.719565] ? copy_page_range+0x2030/0x2030 [ 560.724005] ? count_memcg_event_mm+0x2b1/0x4d0 [ 560.728700] handle_mm_fault+0x1b5/0x690 [ 560.732780] __get_user_pages+0x609/0x1860 [ 560.737046] ? follow_page_mask+0x1ac0/0x1ac0 [ 560.741574] ? lock_acquire+0x16f/0x3f0 [ 560.745566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 560.751150] populate_vma_page_range+0x20d/0x2a0 [ 560.755927] __mm_populate+0x204/0x380 [ 560.759845] ? populate_vma_page_range+0x2a0/0x2a0 [ 560.764806] __x64_sys_mlockall+0x35c/0x520 [ 560.769156] do_syscall_64+0xfd/0x620 [ 560.773023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 560.778226] RIP: 0033:0x45b349 [ 560.781439] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:29:22 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:22 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:22 executing program 5: madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='clear_refs\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000040)='stat\x00') sendfile(r2, r3, 0x0, 0x1) 14:29:22 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:22 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x40030000000000}, 0x0) [ 560.800355] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 560.808088] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 560.815372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 560.822666] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 560.829950] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 560.837244] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c 14:29:22 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:22 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt(r0, 0x0, 0x81, &(0x7f0000000000)=""/173, &(0x7f0000001140)=0xad) [ 560.881163] encrypted_key: insufficient parameters specified [ 560.905633] 9pnet: Insufficient options for proto=fd [ 560.980765] Task in /syz1 killed as a result of limit of /syz1 [ 560.993239] memory: usage 307164kB, limit 307200kB, failcnt 1397 [ 561.030790] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 561.040608] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 561.048472] encrypted_key: insufficient parameters specified [ 561.061682] Memory cgroup stats for /syz1: cache:28KB rss:297348KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:89536KB active_anon:17452KB inactive_file:0KB active_file:0KB unevictable:190444KB [ 561.088764] Memory cgroup out of memory: Kill process 22109 (syz-executor.1) score 1163 or sacrifice child [ 561.100694] Killed process 22109 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 561.363421] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 561.374979] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 561.380490] CPU: 1 PID: 24522 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 561.388775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.398242] Call Trace: [ 561.400854] dump_stack+0x197/0x210 [ 561.404480] dump_header+0x15e/0xa55 [ 561.408190] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 561.413364] ? ___ratelimit+0x60/0x595 [ 561.417261] ? do_raw_spin_unlock+0x181/0x270 [ 561.421765] oom_kill_process.cold+0x10/0x6ef [ 561.426262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 561.431794] ? task_will_free_mem+0x139/0x6e0 [ 561.436291] ? find_held_lock+0x35/0x130 [ 561.440345] out_of_memory+0x362/0x1330 [ 561.444359] ? lock_downgrade+0x880/0x880 [ 561.448499] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 561.453763] ? oom_killer_disable+0x280/0x280 [ 561.458312] ? find_held_lock+0x35/0x130 [ 561.462374] mem_cgroup_out_of_memory+0x1d2/0x240 [ 561.467215] ? memcg_event_wake+0x230/0x230 [ 561.471532] ? do_raw_spin_unlock+0x181/0x270 [ 561.476021] ? _raw_spin_unlock+0x2d/0x50 [ 561.480160] try_charge+0xec5/0x1490 [ 561.483879] ? lock_downgrade+0x880/0x880 [ 561.488046] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 561.492914] ? rcu_read_unlock+0x33/0x60 [ 561.496989] ? get_mem_cgroup_from_mm+0x185/0x510 [ 561.501839] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 561.507907] mem_cgroup_try_charge+0x259/0x6b0 [ 561.512481] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 561.517400] wp_page_copy+0x430/0x16a0 [ 561.521284] ? follow_pfn+0x2a0/0x2a0 [ 561.525087] ? do_raw_spin_unlock+0x181/0x270 [ 561.529578] do_wp_page+0x57d/0x10b0 [ 561.533293] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 561.537951] ? kasan_check_write+0x14/0x20 [ 561.542184] ? do_raw_spin_lock+0xd7/0x250 [ 561.546414] __handle_mm_fault+0x2305/0x3f80 [ 561.550814] ? copy_page_range+0x2030/0x2030 [ 561.555225] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 561.559999] handle_mm_fault+0x1b5/0x690 [ 561.564055] __get_user_pages+0x609/0x1860 [ 561.568295] ? follow_page_mask+0x1ac0/0x1ac0 [ 561.572780] ? retint_kernel+0x2d/0x2d [ 561.576664] populate_vma_page_range+0x20d/0x2a0 [ 561.581421] __mm_populate+0x204/0x380 [ 561.585318] ? populate_vma_page_range+0x2a0/0x2a0 [ 561.590243] __x64_sys_mlockall+0x35c/0x520 [ 561.594559] do_syscall_64+0xfd/0x620 [ 561.598366] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 561.603599] RIP: 0033:0x45b349 [ 561.606796] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 561.625698] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 561.633396] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 561.640691] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 561.648133] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 561.655413] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 561.662692] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 561.670612] Task in /syz1 killed as a result of limit of /syz1 [ 561.676698] memory: usage 307200kB, limit 307200kB, failcnt 1470 [ 561.682852] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 561.689718] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 561.695878] Memory cgroup stats for /syz1: cache:28KB rss:297176KB rss_huge:260096KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188736KB [ 561.717927] Memory cgroup out of memory: Kill process 24514 (syz-executor.1) score 1226 or sacrifice child [ 561.727865] Killed process 24596 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 561.742561] oom_reaper: reaped process 24596 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 561.743083] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 561.770140] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 561.775754] CPU: 0 PID: 24514 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 561.783814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.793209] Call Trace: [ 561.795809] dump_stack+0x197/0x210 [ 561.799462] dump_header+0x15e/0xa55 [ 561.803196] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 561.808304] ? ___ratelimit+0x60/0x595 [ 561.812196] ? do_raw_spin_unlock+0x181/0x270 [ 561.816699] oom_kill_process.cold+0x10/0x6ef [ 561.821197] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 561.826753] ? task_will_free_mem+0x139/0x6e0 [ 561.831343] out_of_memory+0x362/0x1330 [ 561.835303] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 561.840412] ? oom_killer_disable+0x280/0x280 [ 561.844909] ? find_held_lock+0x35/0x130 [ 561.848977] mem_cgroup_out_of_memory+0x1d2/0x240 [ 561.853966] ? memcg_event_wake+0x230/0x230 [ 561.858283] ? do_raw_spin_unlock+0x181/0x270 [ 561.862772] ? _raw_spin_unlock+0x2d/0x50 [ 561.866910] try_charge+0xc6e/0x1490 [ 561.870628] ? lock_downgrade+0x880/0x880 [ 561.874772] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 561.879618] ? rcu_read_unlock+0x33/0x60 [ 561.883665] ? get_mem_cgroup_from_mm+0x185/0x510 [ 561.888495] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 561.894557] mem_cgroup_try_charge+0x259/0x6b0 [ 561.899139] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 561.904117] wp_page_copy+0x430/0x16a0 [ 561.907997] ? follow_pfn+0x2a0/0x2a0 [ 561.911788] ? do_raw_spin_unlock+0x181/0x270 [ 561.916280] do_wp_page+0x57d/0x10b0 [ 561.920030] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 561.924695] ? kasan_check_write+0x14/0x20 [ 561.928943] ? do_raw_spin_lock+0xd7/0x250 [ 561.933167] __handle_mm_fault+0x2305/0x3f80 [ 561.937564] ? copy_page_range+0x2030/0x2030 [ 561.941982] ? count_memcg_event_mm+0x2b1/0x4d0 [ 561.946662] handle_mm_fault+0x1b5/0x690 [ 561.950712] __do_page_fault+0x62a/0xe90 [ 561.954760] ? __lock_is_held+0xb6/0x140 [ 561.958815] ? vmalloc_fault+0x740/0x740 [ 561.962871] ? trace_hardirqs_off_caller+0x65/0x220 [ 561.967873] ? trace_hardirqs_on_caller+0x6a/0x220 [ 561.972799] ? page_fault+0x8/0x30 [ 561.976327] do_page_fault+0x71/0x57d [ 561.980116] ? page_fault+0x8/0x30 [ 561.983643] page_fault+0x1e/0x30 [ 561.987083] RIP: 0033:0x40f7d0 [ 561.990261] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 562.009155] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 562.014685] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 562.021938] RDX: fffffffffffffff7 RSI: 000000000000163b RDI: 0000000000000003 [ 562.029192] RBP: 0000000000000000 R08: 00000000acdf963b R09: 00000000acdf963f [ 562.036450] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 562.043703] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 562.052764] Task in /syz1 killed as a result of limit of /syz1 [ 562.059008] memory: usage 301356kB, limit 307200kB, failcnt 1470 [ 562.065194] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 562.072044] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 562.078294] Memory cgroup stats for /syz1: cache:28KB rss:291628KB rss_huge:256000KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184644KB [ 562.100445] Memory cgroup out of memory: Kill process 24514 (syz-executor.1) score 1226 or sacrifice child [ 562.111593] Killed process 24514 (syz-executor.1) total-vm:72720kB, anon-rss:18260kB, file-rss:54376kB, shmem-rss:0kB [ 562.122756] oom_reaper: reaped process 24514 (syz-executor.1), now anon-rss:18260kB, file-rss:54368kB, shmem-rss:0kB 14:29:23 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:23 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(0x0, 0x0) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:23 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:23 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xf0ffffffffffff}, 0x0) 14:29:23 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:23 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xf000, &(0x7f00000000c0)={&(0x7f0000001f00)=ANY=[@ANYBLOB="3c00000010000b0400008076af43ef4a9a2bcc00", @ANYRES32=r3, @ANYBLOB="00000002000000001c0012000c00010062726964676500000c0002000800190008000000"], 0x3c}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x4000000000002bc, 0x0) [ 562.236515] encrypted_key: insufficient parameters specified [ 562.244827] 9pnet: Insufficient options for proto=fd [ 562.248386] netlink: 'syz-executor.5': attribute type 25 has an invalid length. 14:29:23 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r1 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:23 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x100000000000000}, 0x0) [ 562.324035] netlink: 'syz-executor.5': attribute type 25 has an invalid length. 14:29:24 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) 14:29:24 executing program 3: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 562.392060] netlink: 'syz-executor.5': attribute type 25 has an invalid length. [ 562.436096] netlink: 'syz-executor.5': attribute type 25 has an invalid length. [ 562.437625] 9pnet: Insufficient options for proto=fd 14:29:24 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x200000000000000}, 0x0) [ 562.477707] encrypted_key: key description must be 16 hexadecimal characters long 14:29:24 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r1 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) [ 562.653051] 9pnet: Insufficient options for proto=fd [ 562.915382] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 562.927383] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 562.932999] CPU: 1 PID: 24615 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 562.940886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.950273] Call Trace: [ 562.952900] dump_stack+0x197/0x210 [ 562.956540] dump_header+0x15e/0xa55 [ 562.960264] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 562.965427] ? ___ratelimit+0x60/0x595 [ 562.969316] ? do_raw_spin_unlock+0x181/0x270 [ 562.973824] oom_kill_process.cold+0x10/0x6ef [ 562.978449] ? out_of_memory+0x14a/0x1330 [ 562.982666] out_of_memory+0x362/0x1330 [ 562.986762] ? lock_downgrade+0x880/0x880 [ 562.991050] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 562.996154] ? oom_killer_disable+0x280/0x280 [ 563.000650] ? find_held_lock+0x35/0x130 [ 563.004751] mem_cgroup_out_of_memory+0x1d2/0x240 [ 563.009660] ? memcg_event_wake+0x230/0x230 [ 563.013987] ? do_raw_spin_unlock+0x181/0x270 [ 563.018481] ? _raw_spin_unlock+0x2d/0x50 [ 563.022759] try_charge+0xec5/0x1490 [ 563.026545] ? lock_downgrade+0x880/0x880 [ 563.030690] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 563.035540] ? rcu_read_unlock+0x33/0x60 [ 563.039617] ? get_mem_cgroup_from_mm+0x185/0x510 [ 563.044468] ? trace_hardirqs_on_caller+0x6a/0x220 [ 563.049523] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 563.055686] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 563.060449] mem_cgroup_try_charge+0x259/0x6b0 [ 563.065038] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 563.069996] wp_page_copy+0x430/0x16a0 [ 563.079048] ? follow_pfn+0x2a0/0x2a0 [ 563.082962] ? do_raw_spin_unlock+0x181/0x270 [ 563.087486] do_wp_page+0x57d/0x10b0 [ 563.091209] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 563.095883] ? kasan_check_write+0x14/0x20 [ 563.100118] ? do_raw_spin_lock+0xd7/0x250 [ 563.104370] __handle_mm_fault+0x2305/0x3f80 [ 563.108792] ? copy_page_range+0x2030/0x2030 [ 563.113217] ? count_memcg_event_mm+0x2b1/0x4d0 [ 563.117886] handle_mm_fault+0x1b5/0x690 [ 563.122078] __get_user_pages+0x609/0x1860 [ 563.126334] ? follow_page_mask+0x1ac0/0x1ac0 [ 563.130862] ? retint_kernel+0x2d/0x2d [ 563.134762] populate_vma_page_range+0x20d/0x2a0 [ 563.139673] __mm_populate+0x204/0x380 [ 563.143582] ? populate_vma_page_range+0x2a0/0x2a0 [ 563.148541] __x64_sys_mlockall+0x35c/0x520 [ 563.152890] do_syscall_64+0xfd/0x620 [ 563.156703] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 563.161900] RIP: 0033:0x45b349 [ 563.165098] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 563.184009] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 563.191736] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 563.199124] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 563.206406] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 563.213691] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 563.220972] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 563.230652] Task in /syz1 killed as a result of limit of /syz1 [ 563.236895] memory: usage 307136kB, limit 307200kB, failcnt 1501 [ 563.243078] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 563.249986] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 563.256139] Memory cgroup stats for /syz1: cache:28KB rss:297372KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188716KB [ 563.278372] Memory cgroup out of memory: Kill process 24613 (syz-executor.1) score 1226 or sacrifice child [ 563.288533] Killed process 24645 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 563.303226] oom_reaper: reaped process 24645 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:29:25 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:25 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) 14:29:25 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff}, 0x0) r1 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:25 executing program 3: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:25 executing program 5: perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x8000000000000200) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/locks\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000540)='\x97&\x89\\\xd0\xe7\xca\x16ZO\x94:\xe1\x01\xe5`iq@Nse;\xa8Fpj\x0e\x04!\xd5\xc5YBz\x94\xaf\x13\xe9\xd2\x0f\xc2G\x86Xe\xf1/V\x8cvS\xa6K&u\x9dX\xcc\r\x12\x11\x99\xe7\xce\xaeA\xb8-E\xa1\xf8\xe4~IS\xc1\x04\xf78\xf1\'\xdfv\x90\xbc\xd1\xda\x88j>\x8c\xa1\x03\xf3\xaf\xfd\xf4&a?\xcaG\n\xe5j\x9b}\xc6G\x86\xb2\xdeY\x17yX $\xfcU\x9d\x80dX\xcc\xab\x84\xd1\x01_\x7f\xf4tW.\x81\n\xf3\v\x8d\x12pa\x91\x9b\x8cxd\x06\xa7k\n\x86\xc3\xb6\x910\xf2L\xf0\xaf\xe1jd\xda\x1f\x8bVrd\xa4\xb34\xfcUj\x1ad:#\x96\xf9\xd3\x1c]ImZlU\".\x18)\xcf\x1am\xd5\xe0\xdb\xdc\xd7\x8e\xe0\xa3\x82\xec\x9b\xfb\xc9\x81\x9c\xdc\xb7\x0f\xdd\xd3\xd7\xbe\x89\x7f3\x1d\x1c@\x8eu\x85\xces\x89\x95&3FX\xb1\xaf\xa6\x96\xa2\x13\x1f-\b\xcf\x00\x00', 0x0) fcntl$setlease(r0, 0x400, 0x0) 14:29:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x300000000000000}, 0x0) [ 563.405457] 9pnet: Insufficient options for proto=fd [ 563.421566] encrypted_key: key description must be 16 hexadecimal characters long 14:29:25 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) 14:29:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x400000000000000}, 0x0) 14:29:25 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:25 executing program 3: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:25 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x9) 14:29:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xa00000000000000}, 0x0) [ 563.669137] encrypted_key: key description must be 16 hexadecimal characters long 14:29:25 executing program 5: [ 564.077267] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 564.095224] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 564.101398] CPU: 1 PID: 24668 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 564.109306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.118680] Call Trace: [ 564.121266] dump_stack+0x197/0x210 [ 564.124912] dump_header+0x15e/0xa55 [ 564.128627] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 564.133739] ? ___ratelimit+0x60/0x595 [ 564.137730] ? do_raw_spin_unlock+0x181/0x270 [ 564.142395] oom_kill_process.cold+0x10/0x6ef [ 564.146921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 564.152474] ? task_will_free_mem+0x139/0x6e0 [ 564.156991] ? find_held_lock+0x35/0x130 [ 564.161069] out_of_memory+0x362/0x1330 [ 564.165060] ? lock_downgrade+0x880/0x880 [ 564.169219] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 564.174533] ? oom_killer_disable+0x280/0x280 [ 564.179094] ? find_held_lock+0x35/0x130 [ 564.184528] mem_cgroup_out_of_memory+0x1d2/0x240 [ 564.189482] ? memcg_event_wake+0x230/0x230 [ 564.193810] ? do_raw_spin_unlock+0x181/0x270 [ 564.198309] ? _raw_spin_unlock+0x2d/0x50 [ 564.202460] try_charge+0xec5/0x1490 [ 564.206288] ? lock_downgrade+0x880/0x880 [ 564.210436] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 564.215274] ? rcu_read_unlock+0x33/0x60 [ 564.219514] ? get_mem_cgroup_from_mm+0x185/0x510 [ 564.224352] ? trace_hardirqs_on_caller+0x6a/0x220 [ 564.229373] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 564.235980] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 564.240856] mem_cgroup_try_charge+0x259/0x6b0 [ 564.245664] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 564.250616] wp_page_copy+0x430/0x16a0 [ 564.254521] ? follow_pfn+0x2a0/0x2a0 [ 564.258348] ? do_raw_spin_unlock+0x181/0x270 [ 564.262957] do_wp_page+0x57d/0x10b0 [ 564.266682] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 564.271360] ? kasan_check_write+0x14/0x20 [ 564.275598] ? do_raw_spin_lock+0xd7/0x250 [ 564.279851] __handle_mm_fault+0x2305/0x3f80 [ 564.284282] ? copy_page_range+0x2030/0x2030 [ 564.288708] ? count_memcg_event_mm+0x2b1/0x4d0 [ 564.293394] handle_mm_fault+0x1b5/0x690 [ 564.297483] __get_user_pages+0x609/0x1860 [ 564.302435] ? follow_page_mask+0x1ac0/0x1ac0 [ 564.306956] ? retint_kernel+0x2d/0x2d [ 564.310875] populate_vma_page_range+0x20d/0x2a0 [ 564.315653] __mm_populate+0x204/0x380 [ 564.319689] ? populate_vma_page_range+0x2a0/0x2a0 [ 564.324643] __x64_sys_mlockall+0x35c/0x520 [ 564.328985] do_syscall_64+0xfd/0x620 [ 564.332792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 564.337988] RIP: 0033:0x45b349 [ 564.341380] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 564.360304] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 564.368011] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 564.375314] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 564.382591] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 564.389983] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 564.397266] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 564.414281] Task in /syz1 killed as a result of limit of /syz1 [ 564.422161] memory: usage 307200kB, limit 307200kB, failcnt 1543 [ 564.428895] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 564.435735] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 564.442078] Memory cgroup stats for /syz1: cache:28KB rss:297300KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:4KB unevictable:188688KB [ 564.464198] Memory cgroup out of memory: Kill process 24664 (syz-executor.1) score 1226 or sacrifice child [ 564.474319] Killed process 24705 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 564.488444] oom_reaper: reaped process 24705 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 564.500026] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 564.522687] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 564.528324] CPU: 0 PID: 24664 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 564.536331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 564.545698] Call Trace: [ 564.548410] dump_stack+0x197/0x210 [ 564.552045] dump_header+0x15e/0xa55 [ 564.555775] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 564.561027] ? ___ratelimit+0x60/0x595 [ 564.564915] ? do_raw_spin_unlock+0x181/0x270 [ 564.569422] oom_kill_process.cold+0x10/0x6ef [ 564.573950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 564.579528] ? task_will_free_mem+0x139/0x6e0 [ 564.584032] out_of_memory+0x362/0x1330 [ 564.588124] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 564.593247] ? oom_killer_disable+0x280/0x280 [ 564.597752] ? find_held_lock+0x35/0x130 [ 564.601881] mem_cgroup_out_of_memory+0x1d2/0x240 [ 564.606770] ? memcg_event_wake+0x230/0x230 [ 564.611265] ? do_raw_spin_unlock+0x181/0x270 [ 564.615783] ? _raw_spin_unlock+0x2d/0x50 [ 564.619939] try_charge+0xc6e/0x1490 [ 564.623848] ? lock_downgrade+0x880/0x880 [ 564.628008] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 564.632866] ? rcu_read_unlock+0x33/0x60 [ 564.636934] ? get_mem_cgroup_from_mm+0x185/0x510 [ 564.641885] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 564.647971] mem_cgroup_try_charge+0x259/0x6b0 [ 564.652696] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 564.657650] wp_page_copy+0x430/0x16a0 [ 564.661604] ? follow_pfn+0x2a0/0x2a0 [ 564.665432] ? do_raw_spin_unlock+0x181/0x270 [ 564.670028] do_wp_page+0x57d/0x10b0 [ 564.673750] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 564.678418] ? kasan_check_write+0x14/0x20 [ 564.682695] ? do_raw_spin_lock+0xd7/0x250 [ 564.686943] __handle_mm_fault+0x2305/0x3f80 [ 564.691494] ? copy_page_range+0x2030/0x2030 [ 564.695916] ? count_memcg_event_mm+0x2b1/0x4d0 [ 564.700643] handle_mm_fault+0x1b5/0x690 [ 564.704782] __do_page_fault+0x62a/0xe90 [ 564.708853] ? __lock_is_held+0xb6/0x140 [ 564.712924] ? vmalloc_fault+0x740/0x740 [ 564.716993] ? trace_hardirqs_off_caller+0x65/0x220 [ 564.722012] ? trace_hardirqs_on_caller+0x6a/0x220 [ 564.726955] ? page_fault+0x8/0x30 [ 564.730509] do_page_fault+0x71/0x57d [ 564.734367] ? page_fault+0x8/0x30 [ 564.738038] page_fault+0x1e/0x30 [ 564.741507] RIP: 0033:0x40f7d0 [ 564.744705] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 564.764044] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 564.769410] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 564.776697] RDX: fffffffffffffff7 RSI: 0000000000000b45 RDI: 0000000000000003 [ 564.784591] RBP: 0000000000000000 R08: 000000008d3b2b45 R09: 000000008d3b2b49 [ 564.791918] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 564.799188] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 564.808129] Task in /syz1 killed as a result of limit of /syz1 [ 564.814260] memory: usage 301476kB, limit 307200kB, failcnt 1544 [ 564.820586] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 564.827412] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 564.833717] Memory cgroup stats for /syz1: cache:28KB rss:291688KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:4KB active_file:0KB unevictable:184696KB [ 564.856343] Memory cgroup out of memory: Kill process 24664 (syz-executor.1) score 1226 or sacrifice child [ 564.866283] Killed process 24664 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 564.877518] oom_reaper: reaped process 24664 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:26 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:26 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xe00000000000000}, 0x0) 14:29:26 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:26 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x9) 14:29:26 executing program 5: 14:29:26 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, 0x0, &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:26 executing program 5: [ 565.016121] encrypted_key: key description must be 16 hexadecimal characters long 14:29:26 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) tkill(r0, 0x9) 14:29:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xf00000000000000}, 0x0) 14:29:26 executing program 5: 14:29:26 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 565.350439] encrypted_key: key description must be 16 hexadecimal characters long [ 565.635150] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 565.647773] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 565.653489] CPU: 1 PID: 24730 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 565.661369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.670731] Call Trace: [ 565.673345] dump_stack+0x197/0x210 [ 565.677018] dump_header+0x15e/0xa55 [ 565.680744] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 565.686003] ? ___ratelimit+0x60/0x595 [ 565.689900] ? do_raw_spin_unlock+0x181/0x270 [ 565.694528] oom_kill_process.cold+0x10/0x6ef [ 565.699148] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 565.704689] ? task_will_free_mem+0x139/0x6e0 [ 565.709215] ? find_held_lock+0x35/0x130 [ 565.713285] out_of_memory+0x362/0x1330 [ 565.717312] ? lock_downgrade+0x880/0x880 [ 565.721463] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 565.726592] ? oom_killer_disable+0x280/0x280 [ 565.731107] ? find_held_lock+0x35/0x130 [ 565.735184] mem_cgroup_out_of_memory+0x1d2/0x240 [ 565.740036] ? memcg_event_wake+0x230/0x230 [ 565.744388] ? do_raw_spin_unlock+0x181/0x270 [ 565.748923] ? _raw_spin_unlock+0x2d/0x50 [ 565.753244] try_charge+0xec5/0x1490 [ 565.757002] ? lock_downgrade+0x880/0x880 [ 565.761170] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 565.766022] ? rcu_read_unlock+0x33/0x60 [ 565.770102] ? get_mem_cgroup_from_mm+0x185/0x510 [ 565.774979] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 565.781077] mem_cgroup_try_charge+0x259/0x6b0 [ 565.785670] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 565.790627] wp_page_copy+0x430/0x16a0 [ 565.794535] ? follow_pfn+0x2a0/0x2a0 [ 565.798511] ? do_raw_spin_unlock+0x181/0x270 [ 565.803077] do_wp_page+0x57d/0x10b0 [ 565.806925] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 565.811623] ? kasan_check_write+0x14/0x20 [ 565.815878] ? do_raw_spin_lock+0xd7/0x250 [ 565.820176] __handle_mm_fault+0x2305/0x3f80 [ 565.824612] ? copy_page_range+0x2030/0x2030 [ 565.829057] ? count_memcg_event_mm+0x2b1/0x4d0 [ 565.833797] handle_mm_fault+0x1b5/0x690 [ 565.837936] __get_user_pages+0x609/0x1860 [ 565.842194] ? follow_page_mask+0x1ac0/0x1ac0 [ 565.846698] ? retint_kernel+0x2d/0x2d [ 565.850630] populate_vma_page_range+0x20d/0x2a0 [ 565.855417] __mm_populate+0x204/0x380 [ 565.859317] ? populate_vma_page_range+0x2a0/0x2a0 [ 565.864489] __x64_sys_mlockall+0x35c/0x520 [ 565.868820] do_syscall_64+0xfd/0x620 [ 565.872643] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 565.877957] RIP: 0033:0x45b349 [ 565.881153] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 565.900051] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 565.907860] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 565.915135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 565.922505] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 565.929779] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 565.937041] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 565.944706] Task in /syz1 killed as a result of limit of /syz1 [ 565.950793] memory: usage 307200kB, limit 307200kB, failcnt 1614 [ 565.957049] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 565.963911] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 565.970450] Memory cgroup stats for /syz1: cache:28KB rss:297300KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188704KB [ 565.992660] Memory cgroup out of memory: Kill process 24729 (syz-executor.1) score 1226 or sacrifice child [ 566.002938] Killed process 24759 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 566.017523] oom_reaper: reaped process 24759 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 566.022521] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 566.063950] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 566.070364] CPU: 0 PID: 24729 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 566.078259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 566.088148] Call Trace: [ 566.090730] dump_stack+0x197/0x210 [ 566.094390] dump_header+0x15e/0xa55 [ 566.098139] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 566.103231] ? ___ratelimit+0x60/0x595 [ 566.107106] ? do_raw_spin_unlock+0x181/0x270 [ 566.111593] oom_kill_process.cold+0x10/0x6ef [ 566.116087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 566.121671] ? task_will_free_mem+0x139/0x6e0 [ 566.126231] out_of_memory+0x362/0x1330 [ 566.130386] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 566.135496] ? oom_killer_disable+0x280/0x280 [ 566.140060] ? find_held_lock+0x35/0x130 [ 566.144137] mem_cgroup_out_of_memory+0x1d2/0x240 [ 566.148980] ? memcg_event_wake+0x230/0x230 [ 566.153313] ? do_raw_spin_unlock+0x181/0x270 [ 566.157804] ? _raw_spin_unlock+0x2d/0x50 [ 566.161949] try_charge+0xc6e/0x1490 [ 566.165770] ? lock_downgrade+0x880/0x880 [ 566.169930] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 566.174770] ? rcu_read_unlock+0x33/0x60 [ 566.178845] ? get_mem_cgroup_from_mm+0x185/0x510 [ 566.183707] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 566.189769] mem_cgroup_try_charge+0x259/0x6b0 [ 566.194359] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 566.199377] wp_page_copy+0x430/0x16a0 [ 566.203259] ? follow_pfn+0x2a0/0x2a0 [ 566.207051] ? do_raw_spin_unlock+0x181/0x270 [ 566.211554] do_wp_page+0x57d/0x10b0 [ 566.215276] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 566.219951] ? kasan_check_write+0x14/0x20 [ 566.224176] ? do_raw_spin_lock+0xd7/0x250 [ 566.228404] __handle_mm_fault+0x2305/0x3f80 [ 566.232819] ? copy_page_range+0x2030/0x2030 [ 566.237244] ? count_memcg_event_mm+0x2b1/0x4d0 [ 566.242029] handle_mm_fault+0x1b5/0x690 [ 566.246233] __do_page_fault+0x62a/0xe90 [ 566.250299] ? __lock_is_held+0xb6/0x140 [ 566.254499] ? vmalloc_fault+0x740/0x740 [ 566.258669] ? trace_hardirqs_off_caller+0x65/0x220 [ 566.263685] ? trace_hardirqs_on_caller+0x6a/0x220 [ 566.268617] ? page_fault+0x8/0x30 [ 566.272178] do_page_fault+0x71/0x57d [ 566.275976] ? page_fault+0x8/0x30 [ 566.279506] page_fault+0x1e/0x30 [ 566.283067] RIP: 0033:0x40f7d0 [ 566.286264] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 566.305179] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 566.310621] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 566.317898] RDX: fffffffffffffff7 RSI: 00000000000000ec RDI: 0000000000000003 [ 566.325208] RBP: 0000000000000000 R08: 00000000a90500ec R09: 00000000a90500f0 [ 566.332567] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 566.339854] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 566.349125] Task in /syz1 killed as a result of limit of /syz1 [ 566.355275] memory: usage 301356kB, limit 307200kB, failcnt 1622 [ 566.361699] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 566.368739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 566.374896] Memory cgroup stats for /syz1: cache:28KB rss:291656KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184612KB [ 566.396911] Memory cgroup out of memory: Kill process 24729 (syz-executor.1) score 1226 or sacrifice child [ 566.408314] Killed process 24729 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 566.419393] oom_reaper: reaped process 24729 (syz-executor.1), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB 14:29:28 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:28 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:28 executing program 5: 14:29:28 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x3f00000000000000}, 0x0) 14:29:28 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:28 executing program 5: 14:29:28 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x6000000000000000}, 0x0) 14:29:28 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 566.582283] encrypted_key: key description must be 16 hexadecimal characters long 14:29:28 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:28 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) [ 566.813644] encrypted_key: insufficient parameters specified [ 567.100896] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 567.112997] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 567.118906] CPU: 1 PID: 24773 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 567.126902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.136249] Call Trace: [ 567.138840] dump_stack+0x197/0x210 [ 567.142476] dump_header+0x15e/0xa55 [ 567.146271] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 567.151395] ? ___ratelimit+0x60/0x595 [ 567.155342] ? do_raw_spin_unlock+0x181/0x270 [ 567.159946] oom_kill_process.cold+0x10/0x6ef [ 567.164629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.170163] ? task_will_free_mem+0x139/0x6e0 [ 567.174651] ? find_held_lock+0x35/0x130 [ 567.178707] out_of_memory+0x362/0x1330 [ 567.182688] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 567.187457] ? oom_killer_disable+0x280/0x280 [ 567.191947] ? find_held_lock+0x35/0x130 [ 567.196013] mem_cgroup_out_of_memory+0x1d2/0x240 [ 567.201008] ? memcg_event_wake+0x230/0x230 [ 567.205458] try_charge+0xec5/0x1490 [ 567.209186] ? lock_downgrade+0x880/0x880 [ 567.213513] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 567.218440] ? rcu_read_unlock+0x33/0x60 [ 567.222655] ? get_mem_cgroup_from_mm+0x185/0x510 [ 567.227656] ? retint_kernel+0x2d/0x2d [ 567.231570] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 567.237740] ? mark_held_locks+0xb1/0x100 [ 567.241892] mem_cgroup_try_charge+0x259/0x6b0 [ 567.246473] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 567.251392] wp_page_copy+0x430/0x16a0 [ 567.255283] ? follow_pfn+0x2a0/0x2a0 [ 567.259087] ? do_raw_spin_unlock+0x181/0x270 [ 567.263596] do_wp_page+0x57d/0x10b0 [ 567.267300] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 567.271967] ? kasan_check_write+0x14/0x20 [ 567.276192] ? do_raw_spin_lock+0xd7/0x250 [ 567.280443] __handle_mm_fault+0x2305/0x3f80 [ 567.284842] ? copy_page_range+0x2030/0x2030 [ 567.289251] ? count_memcg_event_mm+0x2b1/0x4d0 [ 567.293919] handle_mm_fault+0x1b5/0x690 [ 567.297972] __get_user_pages+0x609/0x1860 [ 567.302201] ? follow_page_mask+0x1ac0/0x1ac0 [ 567.306703] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 567.311512] ? retint_kernel+0x2d/0x2d [ 567.315401] populate_vma_page_range+0x20d/0x2a0 [ 567.320262] __mm_populate+0x204/0x380 [ 567.324330] ? populate_vma_page_range+0x2a0/0x2a0 [ 567.329317] __x64_sys_mlockall+0x35c/0x520 [ 567.333803] do_syscall_64+0xfd/0x620 [ 567.337615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 567.342809] RIP: 0033:0x45b349 [ 567.345994] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 567.364988] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 567.373223] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 567.380623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 567.387891] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 567.395273] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 567.402656] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 567.414426] Task in /syz1 killed as a result of limit of /syz1 [ 567.422680] memory: usage 307200kB, limit 307200kB, failcnt 1681 [ 567.429018] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 567.435926] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 567.442143] Memory cgroup stats for /syz1: cache:28KB rss:297184KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91208KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188664KB [ 567.464273] Memory cgroup out of memory: Kill process 24769 (syz-executor.1) score 1226 or sacrifice child [ 567.474220] Killed process 24808 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 567.486728] oom_reaper: reaped process 24808 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 567.498224] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 567.515214] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 567.520861] CPU: 0 PID: 24769 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 567.528867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 567.539189] Call Trace: [ 567.541814] dump_stack+0x197/0x210 [ 567.545476] dump_header+0x15e/0xa55 [ 567.549207] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 567.554335] ? ___ratelimit+0x60/0x595 [ 567.558218] ? do_raw_spin_unlock+0x181/0x270 [ 567.562720] oom_kill_process.cold+0x10/0x6ef [ 567.567232] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 567.572785] ? task_will_free_mem+0x139/0x6e0 [ 567.577292] out_of_memory+0x362/0x1330 [ 567.581313] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 567.586423] ? oom_killer_disable+0x280/0x280 [ 567.590968] ? find_held_lock+0x35/0x130 [ 567.595036] mem_cgroup_out_of_memory+0x1d2/0x240 [ 567.599978] ? memcg_event_wake+0x230/0x230 [ 567.604301] ? do_raw_spin_unlock+0x181/0x270 [ 567.608794] ? _raw_spin_unlock+0x2d/0x50 [ 567.612944] try_charge+0xc6e/0x1490 [ 567.616656] ? lock_downgrade+0x880/0x880 [ 567.620809] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 567.625660] ? rcu_read_unlock+0x33/0x60 [ 567.629773] ? get_mem_cgroup_from_mm+0x185/0x510 [ 567.634644] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 567.640716] mem_cgroup_try_charge+0x259/0x6b0 [ 567.645334] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 567.650293] wp_page_copy+0x430/0x16a0 [ 567.654183] ? follow_pfn+0x2a0/0x2a0 [ 567.658033] ? do_raw_spin_unlock+0x181/0x270 [ 567.662719] do_wp_page+0x57d/0x10b0 [ 567.666508] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 567.671281] ? kasan_check_write+0x14/0x20 [ 567.675518] ? do_raw_spin_lock+0xd7/0x250 [ 567.679806] __handle_mm_fault+0x2305/0x3f80 [ 567.684222] ? copy_page_range+0x2030/0x2030 [ 567.688639] ? count_memcg_event_mm+0x2b1/0x4d0 [ 567.693315] handle_mm_fault+0x1b5/0x690 [ 567.697383] __do_page_fault+0x62a/0xe90 [ 567.702418] ? __lock_is_held+0xb6/0x140 [ 567.706488] ? vmalloc_fault+0x740/0x740 [ 567.710572] ? trace_hardirqs_off_caller+0x65/0x220 [ 567.715599] ? trace_hardirqs_on_caller+0x6a/0x220 [ 567.720530] ? page_fault+0x8/0x30 [ 567.724071] do_page_fault+0x71/0x57d [ 567.727881] ? page_fault+0x8/0x30 [ 567.731448] page_fault+0x1e/0x30 [ 567.735065] RIP: 0033:0x40f7d0 [ 567.738259] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 567.757464] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 567.762840] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 567.770205] RDX: fffffffffffffff7 RSI: 0000000000001080 RDI: 0000000000000003 [ 567.777475] RBP: 0000000000000000 R08: 0000000028e41080 R09: 0000000028e41084 [ 567.784753] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 567.792268] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 567.804055] Task in /syz1 killed as a result of limit of /syz1 [ 567.810227] memory: usage 301356kB, limit 307200kB, failcnt 1681 [ 567.816460] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 567.823309] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 567.829648] Memory cgroup stats for /syz1: cache:28KB rss:291668KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184576KB [ 567.852009] Memory cgroup out of memory: Kill process 24769 (syz-executor.1) score 1226 or sacrifice child [ 567.862390] Killed process 24769 (syz-executor.1) total-vm:72720kB, anon-rss:18260kB, file-rss:54376kB, shmem-rss:0kB [ 567.873882] oom_reaper: reaped process 24769 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:29 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:29 executing program 5: 14:29:29 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x9effffff00000000}, 0x0) 14:29:29 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:29 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:29 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 567.982836] encrypted_key: insufficient parameters specified 14:29:29 executing program 5: 14:29:29 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0) 14:29:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xc00e000000000000}, 0x0) 14:29:29 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 568.162524] encrypted_key: insufficient parameters specified 14:29:29 executing program 5: [ 568.627665] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 568.639320] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 568.644826] CPU: 1 PID: 24825 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 568.652707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 568.662060] Call Trace: [ 568.664657] dump_stack+0x197/0x210 [ 568.668289] dump_header+0x15e/0xa55 [ 568.672084] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 568.678106] ? ___ratelimit+0x60/0x595 [ 568.681995] ? do_raw_spin_unlock+0x181/0x270 [ 568.686510] oom_kill_process.cold+0x10/0x6ef [ 568.691029] ? mem_cgroup_get_max+0xa8/0x240 [ 568.695573] out_of_memory+0x362/0x1330 [ 568.699547] ? lock_downgrade+0x880/0x880 [ 568.705016] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 568.710141] ? oom_killer_disable+0x280/0x280 [ 568.714651] ? find_held_lock+0x35/0x130 [ 568.718739] mem_cgroup_out_of_memory+0x1d2/0x240 [ 568.723648] ? memcg_event_wake+0x230/0x230 [ 568.728066] ? do_raw_spin_unlock+0x181/0x270 [ 568.732772] ? _raw_spin_unlock+0x2d/0x50 [ 568.736937] try_charge+0xec5/0x1490 [ 568.740699] ? lock_downgrade+0x880/0x880 [ 568.744863] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 568.749709] ? rcu_read_unlock+0x33/0x60 [ 568.753775] ? get_mem_cgroup_from_mm+0x185/0x510 [ 568.758802] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 568.764870] ? retint_kernel+0x2d/0x2d [ 568.768787] mem_cgroup_try_charge+0x259/0x6b0 [ 568.773376] ? alloc_pages_vma+0xea/0x590 [ 568.777602] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 568.782551] wp_page_copy+0x430/0x16a0 [ 568.786483] ? follow_pfn+0x2a0/0x2a0 [ 568.790335] ? retint_kernel+0x2d/0x2d [ 568.794227] ? do_raw_spin_unlock+0x181/0x270 [ 568.798830] do_wp_page+0x57d/0x10b0 [ 568.802553] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 568.807220] ? kasan_check_write+0x14/0x20 [ 568.811458] ? do_raw_spin_lock+0xd7/0x250 [ 568.815701] __handle_mm_fault+0x2305/0x3f80 [ 568.820297] ? copy_page_range+0x2030/0x2030 [ 568.824710] ? count_memcg_event_mm+0x2b1/0x4d0 [ 568.829387] handle_mm_fault+0x1b5/0x690 [ 568.833454] __get_user_pages+0x609/0x1860 [ 568.837728] ? follow_page_mask+0x1ac0/0x1ac0 [ 568.842229] ? retint_kernel+0x2d/0x2d [ 568.846162] populate_vma_page_range+0x20d/0x2a0 [ 568.850946] __mm_populate+0x204/0x380 [ 568.854865] ? populate_vma_page_range+0x2a0/0x2a0 [ 568.859906] __x64_sys_mlockall+0x35c/0x520 [ 568.864231] do_syscall_64+0xfd/0x620 [ 568.868040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 568.873352] RIP: 0033:0x45b349 [ 568.876548] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 568.895570] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 568.903294] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 568.910587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 568.917865] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 568.925145] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 568.932424] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 568.940345] Task in /syz1 killed as a result of limit of /syz1 [ 568.946438] memory: usage 307200kB, limit 307200kB, failcnt 1723 [ 568.952593] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 568.959578] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 568.965753] Memory cgroup stats for /syz1: cache:28KB rss:297176KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188628KB [ 568.987944] Memory cgroup out of memory: Kill process 24824 (syz-executor.1) score 1226 or sacrifice child [ 568.998445] Killed process 24858 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 569.011516] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 569.011668] oom_reaper: reaped process 24858 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 569.047028] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 569.052471] CPU: 1 PID: 24824 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 569.060367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.069748] Call Trace: [ 569.072362] dump_stack+0x197/0x210 [ 569.076126] dump_header+0x15e/0xa55 [ 569.079858] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 569.085054] ? ___ratelimit+0x60/0x595 [ 569.088959] ? do_raw_spin_unlock+0x181/0x270 [ 569.093467] oom_kill_process.cold+0x10/0x6ef [ 569.098121] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 569.103794] ? task_will_free_mem+0x139/0x6e0 [ 569.108295] out_of_memory+0x362/0x1330 [ 569.112320] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 569.117533] ? oom_killer_disable+0x280/0x280 [ 569.122029] ? find_held_lock+0x35/0x130 [ 569.126228] mem_cgroup_out_of_memory+0x1d2/0x240 [ 569.131083] ? memcg_event_wake+0x230/0x230 [ 569.135416] ? do_raw_spin_unlock+0x181/0x270 [ 569.139911] ? _raw_spin_unlock+0x2d/0x50 [ 569.144062] try_charge+0xc6e/0x1490 [ 569.147894] ? lock_downgrade+0x880/0x880 [ 569.152239] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 569.157089] ? rcu_read_unlock+0x33/0x60 [ 569.161148] ? get_mem_cgroup_from_mm+0x185/0x510 [ 569.166140] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 569.172202] mem_cgroup_try_charge+0x259/0x6b0 [ 569.176805] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 569.181733] wp_page_copy+0x430/0x16a0 [ 569.185625] ? follow_pfn+0x2a0/0x2a0 [ 569.189427] ? do_raw_spin_unlock+0x181/0x270 [ 569.193925] do_wp_page+0x57d/0x10b0 [ 569.197740] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 569.202485] ? kasan_check_write+0x14/0x20 [ 569.206724] ? do_raw_spin_lock+0xd7/0x250 [ 569.210965] __handle_mm_fault+0x2305/0x3f80 [ 569.215444] ? copy_page_range+0x2030/0x2030 [ 569.219884] ? count_memcg_event_mm+0x2b1/0x4d0 [ 569.224561] handle_mm_fault+0x1b5/0x690 [ 569.228671] __do_page_fault+0x62a/0xe90 [ 569.232742] ? __lock_is_held+0xb6/0x140 [ 569.236808] ? vmalloc_fault+0x740/0x740 [ 569.240894] ? trace_hardirqs_off_caller+0x65/0x220 [ 569.246048] ? trace_hardirqs_on_caller+0x6a/0x220 [ 569.251000] ? page_fault+0x8/0x30 [ 569.254651] do_page_fault+0x71/0x57d [ 569.259070] ? page_fault+0x8/0x30 [ 569.262754] page_fault+0x1e/0x30 [ 569.266206] RIP: 0033:0x40f7d0 [ 569.269402] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 569.288408] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 569.293792] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 569.301099] RDX: fffffffffffffff7 RSI: 0000000000000167 RDI: 0000000000000003 [ 569.308432] RBP: 0000000000000000 R08: 0000000098568167 R09: 000000009856816b [ 569.315696] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 569.323068] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 569.330682] Task in /syz1 killed as a result of limit of /syz1 [ 569.336784] memory: usage 301356kB, limit 307200kB, failcnt 1723 [ 569.342944] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 569.349885] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 569.356359] Memory cgroup stats for /syz1: cache:28KB rss:291632KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184540KB [ 569.378371] Memory cgroup out of memory: Kill process 24824 (syz-executor.1) score 1226 or sacrifice child [ 569.388336] Killed process 24824 (syz-executor.1) total-vm:72720kB, anon-rss:18260kB, file-rss:54376kB, shmem-rss:0kB [ 569.399422] oom_reaper: reaped process 24824 (syz-executor.1), now anon-rss:18260kB, file-rss:54368kB, shmem-rss:0kB 14:29:31 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:31 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xe200000000000000}, 0x0) 14:29:31 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0) 14:29:31 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:'}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:31 executing program 5: 14:29:31 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:31 executing program 5: 14:29:31 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:31 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, 0x0) 14:29:31 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xf0ffffff00000000}, 0x0) 14:29:31 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:'}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:31 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=']) [ 570.144238] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 570.157172] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 570.162824] CPU: 0 PID: 24874 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 570.170752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 570.180110] Call Trace: [ 570.182729] dump_stack+0x197/0x210 [ 570.186371] dump_header+0x15e/0xa55 [ 570.190086] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 570.195195] ? ___ratelimit+0x60/0x595 [ 570.199094] ? do_raw_spin_unlock+0x181/0x270 [ 570.203600] oom_kill_process.cold+0x10/0x6ef [ 570.208106] ? mem_cgroup_get_max+0xa8/0x240 [ 570.212566] out_of_memory+0x362/0x1330 [ 570.216556] ? lock_downgrade+0x880/0x880 [ 570.220729] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 570.225896] ? oom_killer_disable+0x280/0x280 [ 570.230407] ? find_held_lock+0x35/0x130 [ 570.234721] mem_cgroup_out_of_memory+0x1d2/0x240 [ 570.239584] ? memcg_event_wake+0x230/0x230 [ 570.244043] ? do_raw_spin_unlock+0x181/0x270 [ 570.248540] ? _raw_spin_unlock+0x2d/0x50 [ 570.252882] try_charge+0xec5/0x1490 [ 570.256732] ? lock_downgrade+0x880/0x880 [ 570.260908] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 570.265785] ? rcu_read_unlock+0x33/0x60 [ 570.269860] ? get_mem_cgroup_from_mm+0x185/0x510 [ 570.274850] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 570.281959] ? retint_kernel+0x2d/0x2d [ 570.285873] mem_cgroup_try_charge+0x259/0x6b0 [ 570.290461] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 570.295412] wp_page_copy+0x430/0x16a0 [ 570.299331] ? follow_pfn+0x2a0/0x2a0 [ 570.303155] ? do_raw_spin_unlock+0x181/0x270 [ 570.307664] do_wp_page+0x57d/0x10b0 [ 570.311373] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 570.316044] ? kasan_check_write+0x14/0x20 [ 570.320295] ? do_raw_spin_lock+0xd7/0x250 [ 570.324557] __handle_mm_fault+0x2305/0x3f80 [ 570.329062] ? copy_page_range+0x2030/0x2030 [ 570.333504] ? count_memcg_event_mm+0x2b1/0x4d0 [ 570.338194] handle_mm_fault+0x1b5/0x690 [ 570.342267] __get_user_pages+0x609/0x1860 [ 570.346523] ? follow_page_mask+0x1ac0/0x1ac0 [ 570.351025] ? retint_kernel+0x2d/0x2d [ 570.355037] ? populate_vma_page_range+0x1d1/0x2a0 [ 570.359987] populate_vma_page_range+0x20d/0x2a0 [ 570.364745] __mm_populate+0x204/0x380 [ 570.368735] ? populate_vma_page_range+0x2a0/0x2a0 [ 570.373693] __x64_sys_mlockall+0x35c/0x520 [ 570.378039] do_syscall_64+0xfd/0x620 [ 570.381842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 570.387035] RIP: 0033:0x45b349 [ 570.390225] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 570.409130] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 570.416857] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 570.424141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 570.431436] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 570.438714] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 570.445986] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 570.455123] Task in /syz1 killed as a result of limit of /syz1 [ 570.461478] memory: usage 307200kB, limit 307200kB, failcnt 1749 [ 570.468419] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 570.475415] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 570.481858] Memory cgroup stats for /syz1: cache:28KB rss:297152KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91208KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188604KB [ 570.504052] Memory cgroup out of memory: Kill process 24873 (syz-executor.1) score 1226 or sacrifice child [ 570.514014] Killed process 24904 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 570.526706] oom_reaper: reaped process 24904 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 570.532329] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 570.553947] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 570.559535] CPU: 0 PID: 24873 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 570.567426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 570.576803] Call Trace: [ 570.579410] dump_stack+0x197/0x210 [ 570.583061] dump_header+0x15e/0xa55 [ 570.586828] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 570.592106] ? ___ratelimit+0x60/0x595 [ 570.595984] ? do_raw_spin_unlock+0x181/0x270 [ 570.600523] oom_kill_process.cold+0x10/0x6ef [ 570.605026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 570.610689] ? task_will_free_mem+0x139/0x6e0 [ 570.615237] out_of_memory+0x362/0x1330 [ 570.619270] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 570.624516] ? oom_killer_disable+0x280/0x280 [ 570.629055] ? find_held_lock+0x35/0x130 [ 570.633143] mem_cgroup_out_of_memory+0x1d2/0x240 [ 570.638037] ? memcg_event_wake+0x230/0x230 [ 570.642374] ? do_raw_spin_unlock+0x181/0x270 [ 570.646868] ? _raw_spin_unlock+0x2d/0x50 [ 570.651013] try_charge+0xc6e/0x1490 [ 570.654734] ? lock_downgrade+0x880/0x880 [ 570.658912] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 570.663747] ? rcu_read_unlock+0x33/0x60 [ 570.667818] ? get_mem_cgroup_from_mm+0x185/0x510 [ 570.672802] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 570.678869] mem_cgroup_try_charge+0x259/0x6b0 [ 570.683456] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 570.688572] wp_page_copy+0x430/0x16a0 [ 570.692612] ? follow_pfn+0x2a0/0x2a0 [ 570.696528] ? do_raw_spin_unlock+0x181/0x270 [ 570.701024] do_wp_page+0x57d/0x10b0 [ 570.704843] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 570.709517] ? kasan_check_write+0x14/0x20 [ 570.713754] ? do_raw_spin_lock+0xd7/0x250 [ 570.718050] __handle_mm_fault+0x2305/0x3f80 [ 570.722541] ? copy_page_range+0x2030/0x2030 [ 570.726964] ? count_memcg_event_mm+0x2b1/0x4d0 [ 570.731630] handle_mm_fault+0x1b5/0x690 [ 570.735688] __do_page_fault+0x62a/0xe90 [ 570.739742] ? __lock_is_held+0xb6/0x140 [ 570.743810] ? vmalloc_fault+0x740/0x740 [ 570.747863] ? trace_hardirqs_off_caller+0x65/0x220 [ 570.752880] ? trace_hardirqs_on_caller+0x6a/0x220 [ 570.757887] ? page_fault+0x8/0x30 [ 570.761445] do_page_fault+0x71/0x57d [ 570.765242] ? page_fault+0x8/0x30 [ 570.768782] page_fault+0x1e/0x30 [ 570.772231] RIP: 0033:0x40f7d0 [ 570.775425] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 570.794332] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 570.799682] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 570.807012] RDX: fffffffffffffff7 RSI: 0000000000000120 RDI: 0000000000000003 [ 570.814311] RBP: 0000000000000000 R08: 000000002afdc120 R09: 000000002afdc124 [ 570.821586] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 570.829026] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 570.838374] Task in /syz1 killed as a result of limit of /syz1 [ 570.844441] memory: usage 301356kB, limit 307200kB, failcnt 1757 [ 570.850829] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 570.857661] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 570.863807] Memory cgroup stats for /syz1: cache:28KB rss:291608KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184516KB [ 570.885815] Memory cgroup out of memory: Kill process 24873 (syz-executor.1) score 1226 or sacrifice child [ 570.895768] Killed process 24873 (syz-executor.1) total-vm:72720kB, anon-rss:18260kB, file-rss:54376kB, shmem-rss:0kB [ 570.906850] oom_reaper: reaped process 24873 (syz-executor.1), now anon-rss:18260kB, file-rss:54368kB, shmem-rss:0kB 14:29:32 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:32 executing program 5: 14:29:32 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:32 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:'}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xffffff7f00000000}, 0x0) 14:29:32 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=']) 14:29:32 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(0x0, &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:32 executing program 5: 14:29:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xffffffff00000000}, 0x0) 14:29:32 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:32 executing program 5: 14:29:32 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(0x0, &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 571.623963] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 571.636468] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 571.642081] CPU: 1 PID: 24923 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 571.649971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.659442] Call Trace: [ 571.662042] dump_stack+0x197/0x210 [ 571.665815] dump_header+0x15e/0xa55 [ 571.669526] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 571.674750] ? ___ratelimit+0x60/0x595 [ 571.678632] ? do_raw_spin_unlock+0x181/0x270 [ 571.683184] oom_kill_process.cold+0x10/0x6ef [ 571.687763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 571.693369] ? task_will_free_mem+0x139/0x6e0 [ 571.697945] ? find_held_lock+0x35/0x130 [ 571.702162] out_of_memory+0x362/0x1330 [ 571.706164] ? lock_downgrade+0x880/0x880 [ 571.710339] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 571.715452] ? oom_killer_disable+0x280/0x280 [ 571.720078] ? find_held_lock+0x35/0x130 [ 571.724208] mem_cgroup_out_of_memory+0x1d2/0x240 [ 571.729074] ? memcg_event_wake+0x230/0x230 [ 571.733427] ? do_raw_spin_unlock+0x181/0x270 [ 571.738284] ? _raw_spin_unlock+0x2d/0x50 [ 571.742443] try_charge+0xec5/0x1490 [ 571.746513] ? lock_downgrade+0x880/0x880 [ 571.750684] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 571.755542] ? rcu_read_unlock+0x33/0x60 [ 571.759612] ? get_mem_cgroup_from_mm+0x185/0x510 [ 571.764468] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 571.770575] mem_cgroup_try_charge+0x259/0x6b0 [ 571.775179] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 571.780130] wp_page_copy+0x430/0x16a0 [ 571.784035] ? follow_pfn+0x2a0/0x2a0 [ 571.787842] ? do_raw_spin_unlock+0x181/0x270 [ 571.792380] do_wp_page+0x57d/0x10b0 [ 571.796098] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 571.800966] ? kasan_check_write+0x14/0x20 [ 571.805237] ? do_raw_spin_lock+0xd7/0x250 [ 571.809535] __handle_mm_fault+0x2305/0x3f80 [ 571.813976] ? copy_page_range+0x2030/0x2030 [ 571.818399] ? count_memcg_event_mm+0x2b1/0x4d0 [ 571.823080] handle_mm_fault+0x1b5/0x690 [ 571.827149] __get_user_pages+0x609/0x1860 [ 571.831393] ? follow_page_mask+0x1ac0/0x1ac0 [ 571.835959] ? retint_kernel+0x2d/0x2d [ 571.839869] populate_vma_page_range+0x20d/0x2a0 [ 571.844654] __mm_populate+0x204/0x380 [ 571.848565] ? populate_vma_page_range+0x2a0/0x2a0 [ 571.853614] __x64_sys_mlockall+0x35c/0x520 [ 571.857963] do_syscall_64+0xfd/0x620 [ 571.861786] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 571.866987] RIP: 0033:0x45b349 [ 571.870178] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 571.889130] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 571.896851] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 571.904148] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 571.911597] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 571.918934] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 571.926227] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 571.935868] Task in /syz1 killed as a result of limit of /syz1 [ 571.942013] memory: usage 307200kB, limit 307200kB, failcnt 1813 [ 571.948289] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 571.955204] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 571.961639] Memory cgroup stats for /syz1: cache:28KB rss:297036KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188608KB [ 571.984049] Memory cgroup out of memory: Kill process 24921 (syz-executor.1) score 1226 or sacrifice child [ 571.994080] Killed process 24955 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 572.007294] oom_reaper: reaped process 24955 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 572.012305] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 572.034572] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 572.040489] CPU: 0 PID: 24921 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 572.048390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 572.057778] Call Trace: [ 572.060385] dump_stack+0x197/0x210 [ 572.064042] dump_header+0x15e/0xa55 [ 572.067767] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 572.072872] ? ___ratelimit+0x60/0x595 [ 572.076891] ? do_raw_spin_unlock+0x181/0x270 [ 572.081518] oom_kill_process.cold+0x10/0x6ef [ 572.086009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 572.091562] ? task_will_free_mem+0x139/0x6e0 [ 572.096057] out_of_memory+0x362/0x1330 [ 572.100040] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 572.105233] ? oom_killer_disable+0x280/0x280 [ 572.109844] ? find_held_lock+0x35/0x130 [ 572.113916] mem_cgroup_out_of_memory+0x1d2/0x240 [ 572.118763] ? memcg_event_wake+0x230/0x230 [ 572.123088] ? do_raw_spin_unlock+0x181/0x270 [ 572.127582] ? _raw_spin_unlock+0x2d/0x50 [ 572.131728] try_charge+0xc6e/0x1490 [ 572.135555] ? lock_downgrade+0x880/0x880 [ 572.139701] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 572.144554] ? rcu_read_unlock+0x33/0x60 [ 572.148712] ? get_mem_cgroup_from_mm+0x185/0x510 [ 572.153577] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 572.159737] mem_cgroup_try_charge+0x259/0x6b0 [ 572.164435] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 572.169397] wp_page_copy+0x430/0x16a0 [ 572.173389] ? follow_pfn+0x2a0/0x2a0 [ 572.177186] ? do_raw_spin_unlock+0x181/0x270 [ 572.181687] do_wp_page+0x57d/0x10b0 [ 572.185551] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 572.190253] ? kasan_check_write+0x14/0x20 [ 572.194622] ? do_raw_spin_lock+0xd7/0x250 [ 572.198969] __handle_mm_fault+0x2305/0x3f80 [ 572.203416] ? copy_page_range+0x2030/0x2030 [ 572.207837] ? count_memcg_event_mm+0x2b1/0x4d0 [ 572.212518] handle_mm_fault+0x1b5/0x690 [ 572.216584] __do_page_fault+0x62a/0xe90 [ 572.220692] ? __lock_is_held+0xb6/0x140 [ 572.224870] ? vmalloc_fault+0x740/0x740 [ 572.228971] ? trace_hardirqs_off_caller+0x65/0x220 [ 572.234075] ? trace_hardirqs_on_caller+0x6a/0x220 [ 572.239012] ? page_fault+0x8/0x30 [ 572.242582] do_page_fault+0x71/0x57d [ 572.246398] ? page_fault+0x8/0x30 [ 572.249964] page_fault+0x1e/0x30 [ 572.253431] RIP: 0033:0x40f7d0 [ 572.256637] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 572.275771] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 572.281135] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 572.288457] RDX: fffffffffffffff7 RSI: 0000000000001bc0 RDI: 0000000000000003 [ 572.295730] RBP: 0000000000000000 R08: 000000002ece9bc0 R09: 000000002ece9bc4 [ 572.302999] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 572.310660] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 572.319745] Task in /syz1 killed as a result of limit of /syz1 [ 572.325861] memory: usage 301356kB, limit 307200kB, failcnt 1813 [ 572.332205] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 572.339215] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 572.345522] Memory cgroup stats for /syz1: cache:28KB rss:291608KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184516KB [ 572.367785] Memory cgroup out of memory: Kill process 24921 (syz-executor.1) score 1226 or sacrifice child [ 572.378123] Killed process 24921 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB 14:29:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:34 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:29:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0xfffffffffffff000}, 0x0) 14:29:34 executing program 5: 14:29:34 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(0x0, &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:34 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=']) 14:29:34 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:34 executing program 5: 14:29:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x2}, 0x0) 14:29:34 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:29:34 executing program 5: 14:29:34 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 573.137722] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 573.149594] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 573.155072] CPU: 0 PID: 24976 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 573.163109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 573.172470] Call Trace: [ 573.175090] dump_stack+0x197/0x210 [ 573.178733] dump_header+0x15e/0xa55 [ 573.182450] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 573.187557] ? ___ratelimit+0x60/0x595 [ 573.191558] ? do_raw_spin_unlock+0x181/0x270 [ 573.196206] oom_kill_process.cold+0x10/0x6ef [ 573.201086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 573.206650] ? task_will_free_mem+0x139/0x6e0 [ 573.211175] ? find_held_lock+0x35/0x130 [ 573.215246] out_of_memory+0x362/0x1330 [ 573.219230] ? lock_downgrade+0x880/0x880 [ 573.223641] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 573.228745] ? oom_killer_disable+0x280/0x280 [ 573.233238] ? find_held_lock+0x35/0x130 [ 573.237301] mem_cgroup_out_of_memory+0x1d2/0x240 [ 573.242257] ? memcg_event_wake+0x230/0x230 [ 573.246589] ? do_raw_spin_unlock+0x181/0x270 [ 573.251084] ? _raw_spin_unlock+0x2d/0x50 [ 573.255390] try_charge+0xec5/0x1490 [ 573.259118] ? lock_downgrade+0x880/0x880 [ 573.263408] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 573.268344] ? rcu_read_unlock+0x33/0x60 [ 573.272447] ? get_mem_cgroup_from_mm+0x185/0x510 [ 573.277509] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 573.283576] mem_cgroup_try_charge+0x259/0x6b0 [ 573.288168] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 573.293138] wp_page_copy+0x430/0x16a0 [ 573.297086] ? follow_pfn+0x2a0/0x2a0 [ 573.300907] ? do_raw_spin_unlock+0x181/0x270 [ 573.305408] do_wp_page+0x57d/0x10b0 [ 573.309126] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 573.313806] ? kasan_check_write+0x14/0x20 [ 573.318170] ? do_raw_spin_lock+0xd7/0x250 [ 573.322511] __handle_mm_fault+0x2305/0x3f80 [ 573.326930] ? copy_page_range+0x2030/0x2030 [ 573.331370] ? count_memcg_event_mm+0x2b1/0x4d0 [ 573.336041] handle_mm_fault+0x1b5/0x690 [ 573.341271] __get_user_pages+0x609/0x1860 [ 573.345547] ? follow_page_mask+0x1ac0/0x1ac0 [ 573.350222] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 573.355012] ? retint_kernel+0x2d/0x2d [ 573.358928] populate_vma_page_range+0x20d/0x2a0 [ 573.363705] __mm_populate+0x204/0x380 [ 573.367613] ? populate_vma_page_range+0x2a0/0x2a0 [ 573.372564] __x64_sys_mlockall+0x35c/0x520 [ 573.376902] do_syscall_64+0xfd/0x620 [ 573.380724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 573.386063] RIP: 0033:0x45b349 [ 573.389262] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 573.408358] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 573.416215] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 573.423500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 573.430903] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 573.438272] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 573.445556] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 573.456380] Task in /syz1 killed as a result of limit of /syz1 [ 573.462399] memory: usage 307200kB, limit 307200kB, failcnt 1868 [ 573.468997] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 573.475772] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 573.481988] Memory cgroup stats for /syz1: cache:28KB rss:297056KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188544KB [ 573.504221] Memory cgroup out of memory: Kill process 24974 (syz-executor.1) score 1226 or sacrifice child [ 573.514356] Killed process 25005 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 573.528465] oom_reaper: reaped process 25005 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 573.545743] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 573.564173] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 573.569883] CPU: 0 PID: 24974 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 573.577852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 573.587205] Call Trace: [ 573.589855] dump_stack+0x197/0x210 [ 573.593565] dump_header+0x15e/0xa55 [ 573.597282] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 573.602378] ? ___ratelimit+0x60/0x595 [ 573.606323] ? do_raw_spin_unlock+0x181/0x270 [ 573.610925] oom_kill_process.cold+0x10/0x6ef [ 573.615500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 573.621037] ? task_will_free_mem+0x139/0x6e0 [ 573.625537] out_of_memory+0x362/0x1330 [ 573.629517] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 573.634648] ? oom_killer_disable+0x280/0x280 [ 573.639143] ? find_held_lock+0x35/0x130 [ 573.643210] mem_cgroup_out_of_memory+0x1d2/0x240 [ 573.648430] ? memcg_event_wake+0x230/0x230 [ 573.652750] ? do_raw_spin_unlock+0x181/0x270 [ 573.657418] ? _raw_spin_unlock+0x2d/0x50 [ 573.661567] try_charge+0xc6e/0x1490 [ 573.665352] ? lock_downgrade+0x880/0x880 [ 573.669508] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 573.674353] ? rcu_read_unlock+0x33/0x60 [ 573.678414] ? get_mem_cgroup_from_mm+0x185/0x510 [ 573.683257] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 573.689326] mem_cgroup_try_charge+0x259/0x6b0 [ 573.693962] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 573.698940] wp_page_copy+0x430/0x16a0 [ 573.702828] ? follow_pfn+0x2a0/0x2a0 [ 573.706629] ? do_raw_spin_unlock+0x181/0x270 [ 573.711122] do_wp_page+0x57d/0x10b0 [ 573.714838] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 573.719510] ? kasan_check_write+0x14/0x20 [ 573.723751] ? do_raw_spin_lock+0xd7/0x250 [ 573.727982] __handle_mm_fault+0x2305/0x3f80 [ 573.732451] ? copy_page_range+0x2030/0x2030 [ 573.736902] ? count_memcg_event_mm+0x2b1/0x4d0 [ 573.741590] handle_mm_fault+0x1b5/0x690 [ 573.745658] __do_page_fault+0x62a/0xe90 [ 573.749726] ? __lock_is_held+0xb6/0x140 [ 573.753792] ? vmalloc_fault+0x740/0x740 [ 573.757862] ? trace_hardirqs_off_caller+0x65/0x220 [ 573.762890] ? trace_hardirqs_on_caller+0x6a/0x220 [ 573.768078] ? page_fault+0x8/0x30 [ 573.771619] do_page_fault+0x71/0x57d [ 573.775470] ? page_fault+0x8/0x30 [ 573.779117] page_fault+0x1e/0x30 [ 573.782565] RIP: 0033:0x40f7d0 [ 573.785750] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 573.805061] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 573.810425] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 573.817804] RDX: fffffffffffffff7 RSI: 0000000000001dbd RDI: 0000000000000003 [ 573.825131] RBP: 0000000000000000 R08: 000000002cf53dbd R09: 000000002cf53dc1 [ 573.832509] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 573.839821] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 573.849802] Task in /syz1 killed as a result of limit of /syz1 [ 573.855826] memory: usage 301476kB, limit 307200kB, failcnt 1878 [ 573.862214] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 573.869123] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 573.875259] Memory cgroup stats for /syz1: cache:28KB rss:291640KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184580KB [ 573.897287] Memory cgroup out of memory: Kill process 24974 (syz-executor.1) score 1226 or sacrifice child [ 573.907269] Killed process 24974 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB 14:29:35 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x3}, 0x0) 14:29:35 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:29:35 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:35 executing program 5: 14:29:35 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYRESDEC]) 14:29:35 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 574.039633] 9pnet: Insufficient options for proto=fd 14:29:35 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:35 executing program 5: 14:29:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x4}, 0x0) 14:29:35 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYRESDEC]) 14:29:35 executing program 5: [ 574.265870] ptrace attach of "/root/syz-executor.4"[25041] was attempted by "/root/syz-executor.4"[25042] [ 574.321184] 9pnet: Insufficient options for proto=fd [ 574.622268] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 574.634246] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 574.640665] CPU: 0 PID: 25025 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 574.648692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 574.658061] Call Trace: [ 574.660720] dump_stack+0x197/0x210 [ 574.664372] dump_header+0x15e/0xa55 [ 574.669334] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 574.674500] ? ___ratelimit+0x60/0x595 [ 574.678553] ? do_raw_spin_unlock+0x181/0x270 [ 574.683082] oom_kill_process.cold+0x10/0x6ef [ 574.687599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 574.693172] ? task_will_free_mem+0x139/0x6e0 [ 574.697683] ? find_held_lock+0x35/0x130 [ 574.701762] out_of_memory+0x362/0x1330 [ 574.705732] ? lock_downgrade+0x880/0x880 [ 574.709884] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 574.715088] ? oom_killer_disable+0x280/0x280 [ 574.719583] ? find_held_lock+0x35/0x130 [ 574.723651] mem_cgroup_out_of_memory+0x1d2/0x240 [ 574.728512] ? memcg_event_wake+0x230/0x230 [ 574.732851] ? do_raw_spin_unlock+0x181/0x270 [ 574.737377] ? _raw_spin_unlock+0x2d/0x50 [ 574.741561] try_charge+0xec5/0x1490 [ 574.745275] ? lock_downgrade+0x880/0x880 [ 574.749448] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 574.754299] ? rcu_read_unlock+0x33/0x60 [ 574.758519] ? get_mem_cgroup_from_mm+0x185/0x510 [ 574.763377] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 574.769570] mem_cgroup_try_charge+0x259/0x6b0 [ 574.774157] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 574.779087] wp_page_copy+0x430/0x16a0 [ 574.783047] ? follow_pfn+0x2a0/0x2a0 [ 574.786856] ? do_raw_spin_unlock+0x181/0x270 [ 574.791469] do_wp_page+0x57d/0x10b0 [ 574.795333] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 574.800043] ? __handle_mm_fault+0x186e/0x3f80 [ 574.804652] __handle_mm_fault+0x2305/0x3f80 [ 574.809092] ? copy_page_range+0x2030/0x2030 [ 574.813543] ? count_memcg_event_mm+0x2b1/0x4d0 [ 574.818224] handle_mm_fault+0x1b5/0x690 [ 574.822298] __get_user_pages+0x609/0x1860 [ 574.826589] ? follow_page_mask+0x1ac0/0x1ac0 [ 574.831150] ? populate_vma_page_range+0x116/0x2a0 [ 574.836146] ? check_memory_region+0x104/0x190 [ 574.840757] populate_vma_page_range+0x20d/0x2a0 [ 574.845540] __mm_populate+0x204/0x380 [ 574.850391] ? populate_vma_page_range+0x2a0/0x2a0 [ 574.855354] __x64_sys_mlockall+0x35c/0x520 [ 574.859703] do_syscall_64+0xfd/0x620 [ 574.863520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 574.869037] RIP: 0033:0x45b349 [ 574.872234] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 574.891135] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 574.898871] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 574.906173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 574.913476] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 574.920776] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 574.928062] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 574.936534] Task in /syz1 killed as a result of limit of /syz1 [ 574.942566] memory: usage 307200kB, limit 307200kB, failcnt 1911 [ 574.948917] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 574.955688] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 574.961997] Memory cgroup stats for /syz1: cache:28KB rss:297044KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188540KB [ 574.984315] Memory cgroup out of memory: Kill process 25010 (syz-executor.1) score 1226 or sacrifice child [ 574.994395] Killed process 25053 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 575.008690] oom_reaper: reaped process 25053 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 575.025468] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 575.044610] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 575.051005] CPU: 0 PID: 25010 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 575.059223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 575.068734] Call Trace: [ 575.071346] dump_stack+0x197/0x210 [ 575.074998] dump_header+0x15e/0xa55 [ 575.078725] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 575.083848] ? ___ratelimit+0x60/0x595 [ 575.087735] ? do_raw_spin_unlock+0x181/0x270 [ 575.092237] oom_kill_process.cold+0x10/0x6ef [ 575.096742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 575.102280] ? task_will_free_mem+0x139/0x6e0 [ 575.106783] out_of_memory+0x362/0x1330 [ 575.110851] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 575.115967] ? oom_killer_disable+0x280/0x280 [ 575.120522] ? find_held_lock+0x35/0x130 [ 575.125248] mem_cgroup_out_of_memory+0x1d2/0x240 [ 575.130144] ? memcg_event_wake+0x230/0x230 [ 575.134521] ? do_raw_spin_unlock+0x181/0x270 [ 575.139030] ? _raw_spin_unlock+0x2d/0x50 [ 575.143174] try_charge+0xc6e/0x1490 [ 575.146892] ? lock_downgrade+0x880/0x880 [ 575.151056] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 575.155910] ? rcu_read_unlock+0x33/0x60 [ 575.159995] ? get_mem_cgroup_from_mm+0x185/0x510 [ 575.164854] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 575.171030] mem_cgroup_try_charge+0x259/0x6b0 [ 575.175627] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 575.180556] wp_page_copy+0x430/0x16a0 [ 575.184445] ? follow_pfn+0x2a0/0x2a0 [ 575.188320] ? do_raw_spin_unlock+0x181/0x270 [ 575.192814] do_wp_page+0x57d/0x10b0 [ 575.196543] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 575.201317] ? kasan_check_write+0x14/0x20 [ 575.205567] ? do_raw_spin_lock+0xd7/0x250 [ 575.209847] __handle_mm_fault+0x2305/0x3f80 [ 575.214273] ? copy_page_range+0x2030/0x2030 [ 575.218797] ? count_memcg_event_mm+0x2b1/0x4d0 [ 575.223502] handle_mm_fault+0x1b5/0x690 [ 575.228817] __do_page_fault+0x62a/0xe90 [ 575.232875] ? __lock_is_held+0xb6/0x140 [ 575.236959] ? vmalloc_fault+0x740/0x740 [ 575.241210] ? trace_hardirqs_off_caller+0x65/0x220 [ 575.246241] ? trace_hardirqs_on_caller+0x6a/0x220 [ 575.251173] ? page_fault+0x8/0x30 [ 575.254819] do_page_fault+0x71/0x57d [ 575.258747] ? page_fault+0x8/0x30 [ 575.262288] page_fault+0x1e/0x30 [ 575.265793] RIP: 0033:0x40f7d0 [ 575.269036] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 575.288122] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 575.293550] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 575.300988] RDX: fffffffffffffff7 RSI: 0000000000000426 RDI: 0000000000000003 [ 575.308281] RBP: 0000000000000000 R08: 00000000d2b7a426 R09: 00000000d2b7a42a [ 575.315634] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 575.322952] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 575.331959] Task in /syz1 killed as a result of limit of /syz1 [ 575.338127] memory: usage 301612kB, limit 307200kB, failcnt 1920 [ 575.344568] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 575.351408] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 575.357638] Memory cgroup stats for /syz1: cache:28KB rss:291592KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184580KB [ 575.379648] Memory cgroup out of memory: Kill process 25010 (syz-executor.1) score 1226 or sacrifice child [ 575.389607] Killed process 25010 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 575.400853] oom_reaper: reaped process 25010 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:37 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xa}, 0x0) 14:29:37 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:37 executing program 5: 14:29:37 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:37 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYRESDEC]) 14:29:37 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:37 executing program 5: [ 575.510300] 9pnet: Insufficient options for proto=fd [ 575.530304] ptrace attach of "/root/syz-executor.4"[25060] was attempted by "/root/syz-executor.4"[25067] 14:29:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe}, 0x0) 14:29:37 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:37 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB, @ANYRESDEC]) 14:29:37 executing program 5: [ 575.787074] 9pnet: Insufficient options for proto=fd [ 576.125041] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 576.136774] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 576.142260] CPU: 1 PID: 25072 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 576.150165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 576.159699] Call Trace: [ 576.162336] dump_stack+0x197/0x210 [ 576.165963] dump_header+0x15e/0xa55 [ 576.169690] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 576.174862] ? ___ratelimit+0x60/0x595 [ 576.178754] ? do_raw_spin_unlock+0x181/0x270 [ 576.183340] oom_kill_process.cold+0x10/0x6ef [ 576.187838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 576.193384] ? task_will_free_mem+0x139/0x6e0 [ 576.197879] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 576.202851] out_of_memory+0x362/0x1330 [ 576.206830] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 576.211947] ? oom_killer_disable+0x280/0x280 [ 576.216450] mem_cgroup_out_of_memory+0x1d2/0x240 [ 576.221303] ? memcg_event_wake+0x230/0x230 [ 576.225629] ? do_raw_spin_unlock+0x181/0x270 [ 576.230149] ? _raw_spin_unlock+0x2d/0x50 [ 576.234301] try_charge+0xec5/0x1490 [ 576.238022] ? lock_downgrade+0x880/0x880 [ 576.242308] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 576.247324] ? rcu_read_unlock+0x33/0x60 [ 576.251386] ? get_mem_cgroup_from_mm+0x185/0x510 [ 576.256248] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 576.262313] mem_cgroup_try_charge+0x259/0x6b0 [ 576.266965] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 576.272622] wp_page_copy+0x430/0x16a0 [ 576.276519] ? follow_pfn+0x2a0/0x2a0 [ 576.280328] ? do_raw_spin_unlock+0x181/0x270 [ 576.284824] do_wp_page+0x57d/0x10b0 [ 576.288552] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 576.293219] ? kasan_check_write+0x14/0x20 [ 576.297459] ? do_raw_spin_lock+0xd7/0x250 [ 576.301700] __handle_mm_fault+0x2305/0x3f80 [ 576.306113] ? copy_page_range+0x2030/0x2030 [ 576.310538] ? count_memcg_event_mm+0x2b1/0x4d0 [ 576.315231] handle_mm_fault+0x1b5/0x690 [ 576.319359] __get_user_pages+0x609/0x1860 [ 576.323600] ? follow_page_mask+0x1ac0/0x1ac0 [ 576.328208] ? retint_kernel+0x2d/0x2d [ 576.332102] populate_vma_page_range+0x20d/0x2a0 [ 576.336869] __mm_populate+0x204/0x380 [ 576.340819] ? populate_vma_page_range+0x2a0/0x2a0 [ 576.345754] __x64_sys_mlockall+0x35c/0x520 [ 576.350183] do_syscall_64+0xfd/0x620 [ 576.353998] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 576.359193] RIP: 0033:0x45b349 [ 576.362435] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 576.381362] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 576.389096] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 576.396371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 576.403835] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 576.411117] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 576.418409] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 576.427974] Task in /syz1 killed as a result of limit of /syz1 [ 576.434107] memory: usage 307200kB, limit 307200kB, failcnt 1959 [ 576.440594] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 576.447448] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 576.453660] Memory cgroup stats for /syz1: cache:28KB rss:297168KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188540KB [ 576.475762] Memory cgroup out of memory: Kill process 25070 (syz-executor.1) score 1226 or sacrifice child [ 576.485852] Killed process 25101 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 576.498676] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 576.498729] oom_reaper: reaped process 25101 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 576.520531] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 576.525939] CPU: 1 PID: 25070 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 576.533832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 576.543241] Call Trace: [ 576.545858] dump_stack+0x197/0x210 [ 576.549513] dump_header+0x15e/0xa55 [ 576.553266] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 576.558396] ? ___ratelimit+0x60/0x595 [ 576.562306] ? do_raw_spin_unlock+0x181/0x270 [ 576.566833] oom_kill_process.cold+0x10/0x6ef [ 576.571351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 576.577011] ? task_will_free_mem+0x139/0x6e0 [ 576.581510] out_of_memory+0x362/0x1330 [ 576.585582] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 576.590683] ? oom_killer_disable+0x280/0x280 [ 576.595273] ? find_held_lock+0x35/0x130 [ 576.599453] mem_cgroup_out_of_memory+0x1d2/0x240 [ 576.604311] ? memcg_event_wake+0x230/0x230 [ 576.608724] ? do_raw_spin_unlock+0x181/0x270 [ 576.613226] ? _raw_spin_unlock+0x2d/0x50 [ 576.617463] try_charge+0xc6e/0x1490 [ 576.621254] ? lock_downgrade+0x880/0x880 [ 576.625406] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 576.631291] ? rcu_read_unlock+0x33/0x60 [ 576.635377] ? get_mem_cgroup_from_mm+0x185/0x510 [ 576.640225] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 576.646430] mem_cgroup_try_charge+0x259/0x6b0 [ 576.651036] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 576.656021] wp_page_copy+0x430/0x16a0 [ 576.659925] ? follow_pfn+0x2a0/0x2a0 [ 576.663843] ? do_raw_spin_unlock+0x181/0x270 [ 576.668471] do_wp_page+0x57d/0x10b0 [ 576.672396] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 576.677069] ? kasan_check_write+0x14/0x20 [ 576.681477] ? do_raw_spin_lock+0xd7/0x250 [ 576.685718] __handle_mm_fault+0x2305/0x3f80 [ 576.690180] ? copy_page_range+0x2030/0x2030 [ 576.694665] ? count_memcg_event_mm+0x2b1/0x4d0 [ 576.699335] handle_mm_fault+0x1b5/0x690 [ 576.703508] __do_page_fault+0x62a/0xe90 [ 576.708797] ? __lock_is_held+0xb6/0x140 [ 576.712883] ? vmalloc_fault+0x740/0x740 [ 576.717074] ? trace_hardirqs_off_caller+0x65/0x220 [ 576.722163] ? trace_hardirqs_on_caller+0x6a/0x220 [ 576.727143] ? page_fault+0x8/0x30 [ 576.730685] do_page_fault+0x71/0x57d [ 576.734484] ? page_fault+0x8/0x30 [ 576.738129] page_fault+0x1e/0x30 [ 576.741595] RIP: 0033:0x40f7d0 [ 576.744792] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 576.764390] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 576.769755] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 576.777210] RDX: fffffffffffffff7 RSI: 0000000000001627 RDI: 0000000000000003 [ 576.784479] RBP: 0000000000000000 R08: 00000000acdf9627 R09: 00000000acdf962b [ 576.791842] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 576.799109] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 576.807552] Task in /syz1 killed as a result of limit of /syz1 [ 576.813565] memory: usage 301356kB, limit 307200kB, failcnt 1967 [ 576.819815] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 576.826669] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 576.832879] Memory cgroup stats for /syz1: cache:28KB rss:291540KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184448KB [ 576.854995] Memory cgroup out of memory: Kill process 25070 (syz-executor.1) score 1226 or sacrifice child [ 576.864917] Killed process 25070 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 576.875999] oom_reaper: reaped process 25070 (syz-executor.1), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB 14:29:38 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf}, 0x0) 14:29:38 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:38 executing program 5: 14:29:38 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB, @ANYRESDEC]) 14:29:38 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:38 executing program 5: [ 576.986990] encrypted_key: key description must be 16 hexadecimal characters long [ 577.020711] 9pnet: Insufficient options for proto=fd 14:29:38 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:38 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x60}, 0x0) 14:29:38 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB, @ANYRESDEC]) 14:29:38 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 577.151084] encrypted_key: key description must be 16 hexadecimal characters long 14:29:38 executing program 5: [ 577.270951] 9pnet: Insufficient options for proto=fd [ 577.634941] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 577.646876] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 577.652448] CPU: 0 PID: 25117 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 577.660339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 577.669703] Call Trace: [ 577.672415] dump_stack+0x197/0x210 [ 577.676060] dump_header+0x15e/0xa55 [ 577.679780] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 577.685080] ? ___ratelimit+0x60/0x595 [ 577.688998] ? do_raw_spin_unlock+0x181/0x270 [ 577.693505] oom_kill_process.cold+0x10/0x6ef [ 577.698015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 577.703653] ? task_will_free_mem+0x139/0x6e0 [ 577.708154] out_of_memory+0x362/0x1330 [ 577.712180] ? lock_downgrade+0x880/0x880 [ 577.716348] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 577.721603] ? oom_killer_disable+0x280/0x280 [ 577.726156] ? find_held_lock+0x35/0x130 [ 577.730303] mem_cgroup_out_of_memory+0x1d2/0x240 [ 577.735270] ? memcg_event_wake+0x230/0x230 [ 577.739611] ? do_raw_spin_unlock+0x181/0x270 [ 577.744144] ? _raw_spin_unlock+0x2d/0x50 [ 577.748298] try_charge+0xec5/0x1490 [ 577.752013] ? lock_downgrade+0x880/0x880 [ 577.756242] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 577.761117] ? rcu_read_unlock+0x33/0x60 [ 577.765201] ? get_mem_cgroup_from_mm+0x185/0x510 [ 577.770175] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 577.776240] mem_cgroup_try_charge+0x259/0x6b0 [ 577.780872] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 577.785813] wp_page_copy+0x430/0x16a0 [ 577.789811] ? follow_pfn+0x2a0/0x2a0 [ 577.793672] ? do_raw_spin_unlock+0x181/0x270 [ 577.798198] do_wp_page+0x57d/0x10b0 [ 577.801970] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 577.806638] ? kasan_check_write+0x14/0x20 [ 577.810878] ? do_raw_spin_lock+0xd7/0x250 [ 577.815173] __handle_mm_fault+0x2305/0x3f80 [ 577.819699] ? copy_page_range+0x2030/0x2030 [ 577.824140] ? count_memcg_event_mm+0x2b1/0x4d0 [ 577.828846] handle_mm_fault+0x1b5/0x690 [ 577.832941] __get_user_pages+0x609/0x1860 [ 577.837212] ? follow_page_mask+0x1ac0/0x1ac0 [ 577.841730] ? retint_kernel+0x2d/0x2d [ 577.845766] ? populate_vma_page_range+0x91/0x2a0 [ 577.850625] populate_vma_page_range+0x20d/0x2a0 [ 577.855420] __mm_populate+0x204/0x380 [ 577.859334] ? populate_vma_page_range+0x2a0/0x2a0 [ 577.864302] ? __sanitizer_cov_trace_const_cmp4+0x5/0x20 [ 577.869776] __x64_sys_mlockall+0x35c/0x520 [ 577.874120] do_syscall_64+0xfd/0x620 [ 577.877926] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 577.883146] RIP: 0033:0x45b349 [ 577.886334] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 577.905256] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 577.913113] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 577.920391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 577.927664] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 577.934941] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 577.942216] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 577.954273] Task in /syz1 killed as a result of limit of /syz1 [ 577.960636] memory: usage 307200kB, limit 307200kB, failcnt 2022 [ 577.966927] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 577.973724] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 577.979992] Memory cgroup stats for /syz1: cache:28KB rss:296928KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188504KB [ 578.005281] Memory cgroup out of memory: Kill process 25116 (syz-executor.1) score 1226 or sacrifice child [ 578.015258] Killed process 25151 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 578.029909] oom_reaper: reaped process 25151 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 578.040526] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 578.052034] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 578.057525] CPU: 1 PID: 25116 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 578.065424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 578.074798] Call Trace: [ 578.077506] dump_stack+0x197/0x210 [ 578.081167] dump_header+0x15e/0xa55 [ 578.084901] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 578.090380] ? ___ratelimit+0x60/0x595 [ 578.094296] ? do_raw_spin_unlock+0x181/0x270 [ 578.098851] oom_kill_process.cold+0x10/0x6ef [ 578.103367] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 578.108939] ? task_will_free_mem+0x139/0x6e0 [ 578.113467] out_of_memory+0x362/0x1330 [ 578.117470] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 578.122596] ? oom_killer_disable+0x280/0x280 [ 578.127103] ? find_held_lock+0x35/0x130 [ 578.131200] mem_cgroup_out_of_memory+0x1d2/0x240 [ 578.136057] ? memcg_event_wake+0x230/0x230 [ 578.140396] ? do_raw_spin_unlock+0x181/0x270 [ 578.144913] ? _raw_spin_unlock+0x2d/0x50 [ 578.149086] try_charge+0xc6e/0x1490 [ 578.152956] ? lock_downgrade+0x880/0x880 [ 578.157249] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 578.162170] ? rcu_read_unlock+0x33/0x60 [ 578.166381] ? get_mem_cgroup_from_mm+0x185/0x510 [ 578.171458] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 578.177583] mem_cgroup_try_charge+0x259/0x6b0 [ 578.182227] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 578.187178] wp_page_copy+0x430/0x16a0 [ 578.191094] ? follow_pfn+0x2a0/0x2a0 [ 578.194909] ? do_raw_spin_unlock+0x181/0x270 [ 578.199422] do_wp_page+0x57d/0x10b0 [ 578.203132] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 578.207830] ? kasan_check_write+0x14/0x20 [ 578.212087] ? do_raw_spin_lock+0xd7/0x250 [ 578.216356] __handle_mm_fault+0x2305/0x3f80 [ 578.220824] ? copy_page_range+0x2030/0x2030 [ 578.225285] ? count_memcg_event_mm+0x2b1/0x4d0 [ 578.229977] handle_mm_fault+0x1b5/0x690 [ 578.234057] __do_page_fault+0x62a/0xe90 [ 578.238123] ? __lock_is_held+0xb6/0x140 [ 578.242189] ? vmalloc_fault+0x740/0x740 [ 578.246250] ? trace_hardirqs_off_caller+0x65/0x220 [ 578.251289] ? trace_hardirqs_on_caller+0x6a/0x220 [ 578.256393] ? page_fault+0x8/0x30 [ 578.259979] do_page_fault+0x71/0x57d [ 578.263793] ? page_fault+0x8/0x30 [ 578.267341] page_fault+0x1e/0x30 [ 578.270907] RIP: 0033:0x40f7d0 [ 578.274164] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 578.293197] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 578.298560] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 578.305833] RDX: fffffffffffffff7 RSI: 00000000000013b8 RDI: 0000000000000003 [ 578.313112] RBP: 0000000000000000 R08: 00000000fccb33b8 R09: 00000000fccb33bc [ 578.320645] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 578.327924] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 578.335530] Task in /syz1 killed as a result of limit of /syz1 [ 578.341726] memory: usage 301356kB, limit 307200kB, failcnt 2022 [ 578.348497] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 578.355267] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 578.361651] Memory cgroup stats for /syz1: cache:28KB rss:291384KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184416KB [ 578.383788] Memory cgroup out of memory: Kill process 25116 (syz-executor.1) score 1226 or sacrifice child [ 578.393822] Killed process 25116 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 578.404999] oom_reaper: reaped process 25116 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:40 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe2}, 0x0) 14:29:40 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:40 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acc', @ANYRESDEC]) 14:29:40 executing program 5: 14:29:40 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:40 executing program 5: [ 578.497025] encrypted_key: key description must be 16 hexadecimal characters long 14:29:40 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf0}, 0x0) 14:29:40 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:40 executing program 5: [ 578.674320] encrypted_key: key description must be 16 hexadecimal characters long 14:29:40 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 578.813722] ptrace attach of "/root/syz-executor.4"[25190] was attempted by "/root/syz-executor.4"[25189] [ 578.955689] encrypted_key: key description must be 16 hexadecimal characters long [ 579.155004] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 579.166884] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 579.172394] CPU: 1 PID: 25171 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 579.180294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 579.189723] Call Trace: [ 579.192340] dump_stack+0x197/0x210 [ 579.195979] dump_header+0x15e/0xa55 [ 579.199696] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 579.204885] ? ___ratelimit+0x60/0x595 [ 579.208863] ? do_raw_spin_unlock+0x181/0x270 [ 579.213381] oom_kill_process.cold+0x10/0x6ef [ 579.217969] ? task_will_free_mem+0x139/0x6e0 [ 579.222468] ? find_held_lock+0x35/0x130 [ 579.226538] out_of_memory+0x362/0x1330 [ 579.230518] ? lock_downgrade+0x880/0x880 [ 579.234665] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 579.239771] ? oom_killer_disable+0x280/0x280 [ 579.244291] ? find_held_lock+0x35/0x130 [ 579.248385] mem_cgroup_out_of_memory+0x1d2/0x240 [ 579.253240] ? memcg_event_wake+0x230/0x230 [ 579.257576] ? do_raw_spin_unlock+0x181/0x270 [ 579.262084] ? _raw_spin_unlock+0x2d/0x50 [ 579.266475] try_charge+0xec5/0x1490 [ 579.270199] ? lock_downgrade+0x880/0x880 [ 579.274355] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 579.279229] ? rcu_read_unlock+0x33/0x60 [ 579.283302] ? get_mem_cgroup_from_mm+0x185/0x510 [ 579.288232] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 579.294316] mem_cgroup_try_charge+0x259/0x6b0 [ 579.298905] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 579.303837] wp_page_copy+0x430/0x16a0 [ 579.307734] ? follow_pfn+0x2a0/0x2a0 [ 579.311546] ? do_raw_spin_unlock+0x181/0x270 [ 579.316041] do_wp_page+0x57d/0x10b0 [ 579.319750] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 579.324418] ? kasan_check_write+0x14/0x20 [ 579.328647] ? do_raw_spin_lock+0xd7/0x250 [ 579.332894] __handle_mm_fault+0x2305/0x3f80 [ 579.337323] ? copy_page_range+0x2030/0x2030 [ 579.341794] ? count_memcg_event_mm+0x2b1/0x4d0 [ 579.346604] handle_mm_fault+0x1b5/0x690 [ 579.350808] __get_user_pages+0x609/0x1860 [ 579.355059] ? follow_page_mask+0x1ac0/0x1ac0 [ 579.359554] ? retint_kernel+0x2d/0x2d [ 579.363468] populate_vma_page_range+0x20d/0x2a0 [ 579.368245] __mm_populate+0x204/0x380 [ 579.372167] ? populate_vma_page_range+0x2a0/0x2a0 [ 579.377118] __x64_sys_mlockall+0x35c/0x520 [ 579.381442] do_syscall_64+0xfd/0x620 [ 579.385324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 579.390522] RIP: 0033:0x45b349 [ 579.393723] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 579.412786] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 579.420503] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 579.427793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 579.435858] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 579.443140] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 579.450429] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 579.459926] Task in /syz1 killed as a result of limit of /syz1 [ 579.466464] memory: usage 307200kB, limit 307200kB, failcnt 2077 [ 579.472645] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 579.479528] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 579.485680] Memory cgroup stats for /syz1: cache:28KB rss:297052KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188456KB [ 579.508037] Memory cgroup out of memory: Kill process 25170 (syz-executor.1) score 1226 or sacrifice child [ 579.518172] Killed process 25201 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 579.532469] oom_reaper: reaped process 25201 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 579.551029] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 579.568502] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 579.573954] CPU: 1 PID: 25170 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 579.581848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 579.591210] Call Trace: [ 579.593806] dump_stack+0x197/0x210 [ 579.597447] dump_header+0x15e/0xa55 [ 579.601191] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 579.606293] ? ___ratelimit+0x60/0x595 [ 579.610236] ? do_raw_spin_unlock+0x181/0x270 [ 579.614736] oom_kill_process.cold+0x10/0x6ef [ 579.619293] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 579.624878] ? task_will_free_mem+0x139/0x6e0 [ 579.629494] out_of_memory+0x362/0x1330 [ 579.633469] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 579.638673] ? oom_killer_disable+0x280/0x280 [ 579.643278] ? find_held_lock+0x35/0x130 [ 579.647460] mem_cgroup_out_of_memory+0x1d2/0x240 [ 579.652508] ? memcg_event_wake+0x230/0x230 [ 579.656839] ? do_raw_spin_unlock+0x181/0x270 [ 579.661472] ? _raw_spin_unlock+0x2d/0x50 [ 579.665624] try_charge+0xc6e/0x1490 [ 579.669388] ? lock_downgrade+0x880/0x880 [ 579.673550] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 579.678395] ? rcu_read_unlock+0x33/0x60 [ 579.682526] ? get_mem_cgroup_from_mm+0x185/0x510 [ 579.687386] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 579.693615] mem_cgroup_try_charge+0x259/0x6b0 [ 579.698315] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 579.703486] wp_page_copy+0x430/0x16a0 [ 579.707375] ? follow_pfn+0x2a0/0x2a0 [ 579.711261] ? do_raw_spin_unlock+0x181/0x270 [ 579.715761] do_wp_page+0x57d/0x10b0 [ 579.719529] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 579.724322] ? kasan_check_write+0x14/0x20 [ 579.728555] ? do_raw_spin_lock+0xd7/0x250 [ 579.732911] __handle_mm_fault+0x2305/0x3f80 [ 579.737439] ? copy_page_range+0x2030/0x2030 [ 579.741920] ? count_memcg_event_mm+0x2b1/0x4d0 [ 579.746629] handle_mm_fault+0x1b5/0x690 [ 579.750924] __do_page_fault+0x62a/0xe90 [ 579.755092] ? __lock_is_held+0xb6/0x140 [ 579.759170] ? vmalloc_fault+0x740/0x740 [ 579.763238] ? trace_hardirqs_off_caller+0x65/0x220 [ 579.768259] ? trace_hardirqs_on_caller+0x6a/0x220 [ 579.773194] ? page_fault+0x8/0x30 [ 579.776736] do_page_fault+0x71/0x57d [ 579.780532] ? page_fault+0x8/0x30 [ 579.784091] page_fault+0x1e/0x30 [ 579.787580] RIP: 0033:0x40f7d0 [ 579.790901] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 579.809876] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 579.815365] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 579.822639] RDX: fffffffffffffff7 RSI: 0000000000000b97 RDI: 0000000000000003 [ 579.830045] RBP: 0000000000000000 R08: 0000000041386b97 R09: 0000000041386b9b [ 579.837504] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 579.844803] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 579.853803] Task in /syz1 killed as a result of limit of /syz1 [ 579.859938] memory: usage 301592kB, limit 307200kB, failcnt 2078 [ 579.866372] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 579.873170] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 579.879450] Memory cgroup stats for /syz1: cache:28KB rss:291572KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184504KB [ 579.901568] Memory cgroup out of memory: Kill process 25170 (syz-executor.1) score 1226 or sacrifice child [ 579.911520] Killed process 25170 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 579.922554] oom_reaper: reaped process 25170 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:41 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:41 executing program 5: 14:29:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x300}, 0x0) 14:29:41 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:41 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acc', @ANYRESDEC]) 14:29:41 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:41 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:41 executing program 5: [ 580.048881] encrypted_key: key description must be 16 hexadecimal characters long 14:29:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xa00}, 0x0) 14:29:41 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:41 executing program 5: [ 580.236717] ptrace attach of "/root/syz-executor.4"[25229] was attempted by "/root/syz-executor.4"[25228] 14:29:41 executing program 4: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 580.285327] encrypted_key: key description must be 16 hexadecimal characters long [ 580.708060] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 580.720360] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 580.725807] CPU: 0 PID: 25221 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 580.733814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 580.743166] Call Trace: [ 580.745756] dump_stack+0x197/0x210 [ 580.749401] dump_header+0x15e/0xa55 [ 580.753226] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 580.758349] ? ___ratelimit+0x60/0x595 [ 580.762237] ? do_raw_spin_unlock+0x181/0x270 [ 580.766901] oom_kill_process.cold+0x10/0x6ef [ 580.771453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 580.777064] ? task_will_free_mem+0x139/0x6e0 [ 580.781848] ? find_held_lock+0x35/0x130 [ 580.785933] out_of_memory+0x362/0x1330 [ 580.789907] ? lock_downgrade+0x880/0x880 [ 580.794048] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 580.799153] ? oom_killer_disable+0x280/0x280 [ 580.803666] ? find_held_lock+0x35/0x130 [ 580.807789] mem_cgroup_out_of_memory+0x1d2/0x240 [ 580.812634] ? memcg_event_wake+0x230/0x230 [ 580.816977] ? do_raw_spin_unlock+0x181/0x270 [ 580.821477] ? _raw_spin_unlock+0x2d/0x50 [ 580.825687] try_charge+0xec5/0x1490 [ 580.829399] ? lock_downgrade+0x880/0x880 [ 580.833547] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 580.838534] ? rcu_read_unlock+0x33/0x60 [ 580.842603] ? get_mem_cgroup_from_mm+0x185/0x510 [ 580.847461] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 580.853620] mem_cgroup_try_charge+0x259/0x6b0 [ 580.858291] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 580.863387] wp_page_copy+0x430/0x16a0 [ 580.867306] ? follow_pfn+0x2a0/0x2a0 [ 580.871115] ? do_raw_spin_unlock+0x181/0x270 [ 580.875751] do_wp_page+0x57d/0x10b0 [ 580.879466] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 580.884155] ? kasan_check_write+0x14/0x20 [ 580.888404] ? do_raw_spin_lock+0xd7/0x250 [ 580.892659] __handle_mm_fault+0x2305/0x3f80 [ 580.897153] ? copy_page_range+0x2030/0x2030 [ 580.901587] ? count_memcg_event_mm+0x2b1/0x4d0 [ 580.906254] handle_mm_fault+0x1b5/0x690 [ 580.910419] __get_user_pages+0x609/0x1860 [ 580.914664] ? follow_page_mask+0x1ac0/0x1ac0 [ 580.919171] ? retint_kernel+0x2d/0x2d [ 580.923125] populate_vma_page_range+0x20d/0x2a0 [ 580.927899] __mm_populate+0x204/0x380 [ 580.931807] ? populate_vma_page_range+0x2a0/0x2a0 [ 580.936754] __x64_sys_mlockall+0x35c/0x520 [ 580.941086] do_syscall_64+0xfd/0x620 [ 580.945027] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 580.950312] RIP: 0033:0x45b349 [ 580.953501] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 580.972415] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 580.980250] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 580.987540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 580.994810] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 581.002089] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 581.009442] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 581.018118] Task in /syz1 killed as a result of limit of /syz1 [ 581.024126] memory: usage 307200kB, limit 307200kB, failcnt 2113 [ 581.030493] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 581.037302] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 581.043483] Memory cgroup stats for /syz1: cache:28KB rss:297036KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188472KB [ 581.066029] Memory cgroup out of memory: Kill process 25217 (syz-executor.1) score 1226 or sacrifice child [ 581.076028] Killed process 25251 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 581.089433] oom_reaper: reaped process 25251 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 581.090461] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 581.114107] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 581.122387] CPU: 0 PID: 25217 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 581.130296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 581.139739] Call Trace: [ 581.142350] dump_stack+0x197/0x210 [ 581.146265] dump_header+0x15e/0xa55 [ 581.150005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 581.155170] ? ___ratelimit+0x60/0x595 [ 581.159073] ? do_raw_spin_unlock+0x181/0x270 [ 581.163602] oom_kill_process.cold+0x10/0x6ef [ 581.168111] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 581.173825] ? task_will_free_mem+0x139/0x6e0 [ 581.178378] out_of_memory+0x362/0x1330 [ 581.182368] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 581.187481] ? oom_killer_disable+0x280/0x280 [ 581.192020] ? find_held_lock+0x35/0x130 [ 581.196113] mem_cgroup_out_of_memory+0x1d2/0x240 [ 581.200964] ? memcg_event_wake+0x230/0x230 [ 581.205371] ? do_raw_spin_unlock+0x181/0x270 [ 581.209887] ? _raw_spin_unlock+0x2d/0x50 [ 581.214041] try_charge+0xc6e/0x1490 [ 581.217749] ? lock_downgrade+0x880/0x880 [ 581.221944] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 581.227132] ? rcu_read_unlock+0x33/0x60 [ 581.231209] ? get_mem_cgroup_from_mm+0x185/0x510 [ 581.236168] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 581.242370] mem_cgroup_try_charge+0x259/0x6b0 [ 581.247141] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 581.252089] wp_page_copy+0x430/0x16a0 [ 581.255983] ? follow_pfn+0x2a0/0x2a0 [ 581.259789] ? do_raw_spin_unlock+0x181/0x270 [ 581.264469] do_wp_page+0x57d/0x10b0 [ 581.268182] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 581.272905] ? kasan_check_write+0x14/0x20 [ 581.277142] ? do_raw_spin_lock+0xd7/0x250 [ 581.281425] __handle_mm_fault+0x2305/0x3f80 [ 581.285845] ? copy_page_range+0x2030/0x2030 [ 581.290253] ? count_memcg_event_mm+0x2b1/0x4d0 [ 581.295060] handle_mm_fault+0x1b5/0x690 [ 581.299185] __do_page_fault+0x62a/0xe90 [ 581.303238] ? __lock_is_held+0xb6/0x140 [ 581.307302] ? vmalloc_fault+0x740/0x740 [ 581.311827] ? trace_hardirqs_off_caller+0x65/0x220 [ 581.316830] ? trace_hardirqs_on_caller+0x6a/0x220 [ 581.321766] ? page_fault+0x8/0x30 [ 581.325303] do_page_fault+0x71/0x57d [ 581.329273] ? page_fault+0x8/0x30 [ 581.332980] page_fault+0x1e/0x30 [ 581.336421] RIP: 0033:0x40f7d0 [ 581.339716] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 581.358616] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 581.364086] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 581.371607] RDX: fffffffffffffff7 RSI: 0000000000000714 RDI: 0000000000000003 [ 581.378874] RBP: 0000000000000000 R08: 0000000069cea713 R09: 0000000069cea717 [ 581.386237] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 581.393512] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 581.402600] Task in /syz1 killed as a result of limit of /syz1 [ 581.409347] memory: usage 301356kB, limit 307200kB, failcnt 2113 [ 581.415675] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 581.422653] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 581.429008] Memory cgroup stats for /syz1: cache:28KB rss:291404KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184376KB [ 581.451188] Memory cgroup out of memory: Kill process 25217 (syz-executor.1) score 1226 or sacrifice child [ 581.461356] Killed process 25217 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB 14:29:43 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:43 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe00}, 0x0) 14:29:43 executing program 5: 14:29:43 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:43 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acc', @ANYRESDEC]) 14:29:43 executing program 4: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:43 executing program 5: 14:29:43 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 581.578976] encrypted_key: key description must be 16 hexadecimal characters long 14:29:43 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xec0}, 0x0) 14:29:43 executing program 4: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 581.719217] encrypted_key: key description must be 16 hexadecimal characters long 14:29:43 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:43 executing program 5: [ 581.943295] encrypted_key: key description must be 16 hexadecimal characters long [ 582.227626] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 582.239756] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 582.245462] CPU: 1 PID: 25265 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 582.253411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 582.262847] Call Trace: [ 582.265456] dump_stack+0x197/0x210 [ 582.269097] dump_header+0x15e/0xa55 [ 582.272830] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 582.277937] ? ___ratelimit+0x60/0x595 [ 582.282779] ? do_raw_spin_unlock+0x181/0x270 [ 582.287335] oom_kill_process.cold+0x10/0x6ef [ 582.291952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 582.297510] ? task_will_free_mem+0x139/0x6e0 [ 582.302010] ? find_held_lock+0x35/0x130 [ 582.306078] out_of_memory+0x362/0x1330 [ 582.310059] ? lock_downgrade+0x880/0x880 [ 582.314202] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 582.319304] ? oom_killer_disable+0x280/0x280 [ 582.323824] ? find_held_lock+0x35/0x130 [ 582.327912] mem_cgroup_out_of_memory+0x1d2/0x240 [ 582.332923] ? memcg_event_wake+0x230/0x230 [ 582.337305] ? do_raw_spin_unlock+0x181/0x270 [ 582.341855] ? _raw_spin_unlock+0x2d/0x50 [ 582.346012] try_charge+0xec5/0x1490 [ 582.349725] ? lock_downgrade+0x880/0x880 [ 582.353983] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 582.358913] ? rcu_read_unlock+0x33/0x60 [ 582.363004] ? get_mem_cgroup_from_mm+0x185/0x510 [ 582.367989] ? retint_kernel+0x2d/0x2d [ 582.371933] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 582.377997] mem_cgroup_try_charge+0x259/0x6b0 [ 582.382586] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 582.387521] wp_page_copy+0x430/0x16a0 [ 582.391425] ? follow_pfn+0x2a0/0x2a0 [ 582.395316] ? do_raw_spin_unlock+0x181/0x270 [ 582.399978] do_wp_page+0x57d/0x10b0 [ 582.403700] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 582.408814] ? kasan_check_write+0x14/0x20 [ 582.413046] ? do_raw_spin_lock+0xd7/0x250 [ 582.417558] __handle_mm_fault+0x2305/0x3f80 [ 582.422075] ? copy_page_range+0x2030/0x2030 [ 582.426507] ? count_memcg_event_mm+0x2b1/0x4d0 [ 582.431195] handle_mm_fault+0x1b5/0x690 [ 582.435269] __get_user_pages+0x609/0x1860 [ 582.439537] ? follow_page_mask+0x1ac0/0x1ac0 [ 582.444122] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 582.448889] ? retint_kernel+0x2d/0x2d [ 582.452797] populate_vma_page_range+0x20d/0x2a0 [ 582.457578] __mm_populate+0x204/0x380 [ 582.461497] ? populate_vma_page_range+0x2a0/0x2a0 [ 582.466842] __x64_sys_mlockall+0x35c/0x520 [ 582.471193] do_syscall_64+0xfd/0x620 [ 582.475017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 582.480217] RIP: 0033:0x45b349 [ 582.483420] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 582.502329] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 582.510045] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 582.517453] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 582.524737] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 582.532009] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 582.539295] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 582.546859] Task in /syz1 killed as a result of limit of /syz1 [ 582.552890] memory: usage 307200kB, limit 307200kB, failcnt 2159 [ 582.559195] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 582.566077] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 582.573302] Memory cgroup stats for /syz1: cache:28KB rss:296896KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188452KB [ 582.595644] Memory cgroup out of memory: Kill process 25263 (syz-executor.1) score 1226 or sacrifice child [ 582.605589] Killed process 25297 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 582.620253] oom_reaper: reaped process 25297 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 582.637124] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 582.656144] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 582.661993] CPU: 1 PID: 25263 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 582.670230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 582.679725] Call Trace: [ 582.682369] dump_stack+0x197/0x210 [ 582.685991] dump_header+0x15e/0xa55 [ 582.689709] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 582.694829] ? ___ratelimit+0x60/0x595 [ 582.698824] ? do_raw_spin_unlock+0x181/0x270 [ 582.703328] oom_kill_process.cold+0x10/0x6ef [ 582.707826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 582.713487] ? task_will_free_mem+0x139/0x6e0 [ 582.718139] out_of_memory+0x362/0x1330 [ 582.722111] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 582.727211] ? oom_killer_disable+0x280/0x280 [ 582.731793] ? find_held_lock+0x35/0x130 [ 582.735861] mem_cgroup_out_of_memory+0x1d2/0x240 [ 582.740837] ? memcg_event_wake+0x230/0x230 [ 582.745179] ? do_raw_spin_unlock+0x181/0x270 [ 582.749686] ? _raw_spin_unlock+0x2d/0x50 [ 582.753851] try_charge+0xc6e/0x1490 [ 582.757579] ? lock_downgrade+0x880/0x880 [ 582.761770] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 582.766614] ? rcu_read_unlock+0x33/0x60 [ 582.770673] ? get_mem_cgroup_from_mm+0x185/0x510 [ 582.775572] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 582.781643] mem_cgroup_try_charge+0x259/0x6b0 [ 582.786234] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 582.791310] wp_page_copy+0x430/0x16a0 [ 582.795205] ? follow_pfn+0x2a0/0x2a0 [ 582.798999] ? do_raw_spin_unlock+0x181/0x270 [ 582.803486] do_wp_page+0x57d/0x10b0 [ 582.807195] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 582.811979] ? kasan_check_write+0x14/0x20 [ 582.816254] ? do_raw_spin_lock+0xd7/0x250 [ 582.820597] __handle_mm_fault+0x2305/0x3f80 [ 582.825012] ? copy_page_range+0x2030/0x2030 [ 582.829423] ? count_memcg_event_mm+0x2b1/0x4d0 [ 582.834295] handle_mm_fault+0x1b5/0x690 [ 582.838470] __do_page_fault+0x62a/0xe90 [ 582.842670] ? __lock_is_held+0xb6/0x140 [ 582.846745] ? vmalloc_fault+0x740/0x740 [ 582.850920] ? trace_hardirqs_off_caller+0x65/0x220 [ 582.855943] ? trace_hardirqs_on_caller+0x6a/0x220 [ 582.860881] ? page_fault+0x8/0x30 [ 582.864482] do_page_fault+0x71/0x57d [ 582.868487] ? page_fault+0x8/0x30 [ 582.872070] page_fault+0x1e/0x30 [ 582.875543] RIP: 0033:0x40f7d0 [ 582.878727] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 582.898729] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 582.904088] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 582.911366] RDX: fffffffffffffff7 RSI: 0000000000000cb9 RDI: 0000000000000003 [ 582.918626] RBP: 0000000000000000 R08: 00000000b2c0ecb9 R09: 00000000b2c0ecbd [ 582.925888] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 582.933244] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 582.940704] Task in /syz1 killed as a result of limit of /syz1 [ 582.946790] memory: usage 301612kB, limit 307200kB, failcnt 2161 [ 582.952968] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 582.959835] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 582.965981] Memory cgroup stats for /syz1: cache:28KB rss:291476KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184504KB [ 582.988127] Memory cgroup out of memory: Kill process 25263 (syz-executor.1) score 1226 or sacrifice child [ 582.998203] Killed process 25263 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 583.009294] oom_reaper: reaped process 25263 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:44 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:44 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:44 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acces', @ANYRESDEC]) 14:29:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf00}, 0x0) 14:29:44 executing program 5: 14:29:44 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:44 executing program 5: [ 583.127380] encrypted_key: key description must be 16 hexadecimal characters long 14:29:44 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x3f00}, 0x0) 14:29:44 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 583.274348] encrypted_key: key description must be 16 hexadecimal characters long 14:29:44 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:45 executing program 5: [ 583.453846] encrypted_key: key description must be 16 hexadecimal characters long [ 583.757696] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 583.770566] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 583.776004] CPU: 1 PID: 25314 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 583.784077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 583.793445] Call Trace: [ 583.796043] dump_stack+0x197/0x210 [ 583.799771] dump_header+0x15e/0xa55 [ 583.803538] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 583.808712] ? ___ratelimit+0x60/0x595 [ 583.812666] ? do_raw_spin_unlock+0x181/0x270 [ 583.817167] oom_kill_process.cold+0x10/0x6ef [ 583.821811] ? task_will_free_mem+0x139/0x6e0 [ 583.826480] ? find_held_lock+0x35/0x130 [ 583.830545] out_of_memory+0x362/0x1330 [ 583.834529] ? lock_downgrade+0x880/0x880 [ 583.838683] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 583.843793] ? oom_killer_disable+0x280/0x280 [ 583.848295] ? find_held_lock+0x35/0x130 [ 583.852547] mem_cgroup_out_of_memory+0x1d2/0x240 [ 583.857399] ? memcg_event_wake+0x230/0x230 [ 583.861760] ? do_raw_spin_unlock+0x181/0x270 [ 583.866267] ? _raw_spin_unlock+0x2d/0x50 [ 583.870425] try_charge+0xec5/0x1490 [ 583.874146] ? lock_downgrade+0x880/0x880 [ 583.878294] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 583.883161] ? rcu_read_unlock+0x33/0x60 [ 583.887224] ? get_mem_cgroup_from_mm+0x185/0x510 [ 583.892165] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 583.898239] mem_cgroup_try_charge+0x259/0x6b0 [ 583.902964] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 583.907931] wp_page_copy+0x430/0x16a0 [ 583.911924] ? follow_pfn+0x2a0/0x2a0 [ 583.915792] ? do_raw_spin_unlock+0x181/0x270 [ 583.920300] do_wp_page+0x57d/0x10b0 [ 583.924032] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 583.928970] ? kasan_check_write+0x14/0x20 [ 583.933203] ? do_raw_spin_lock+0xd7/0x250 [ 583.937881] __handle_mm_fault+0x2305/0x3f80 [ 583.942295] ? copy_page_range+0x2030/0x2030 [ 583.946726] ? count_memcg_event_mm+0x2b1/0x4d0 [ 583.951405] handle_mm_fault+0x1b5/0x690 [ 583.955478] __get_user_pages+0x609/0x1860 [ 583.959908] ? follow_page_mask+0x1ac0/0x1ac0 [ 583.964431] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 583.969196] ? retint_kernel+0x2d/0x2d [ 583.973104] populate_vma_page_range+0x20d/0x2a0 [ 583.977966] __mm_populate+0x204/0x380 [ 583.981963] ? populate_vma_page_range+0x2a0/0x2a0 [ 583.986919] __x64_sys_mlockall+0x35c/0x520 [ 583.991407] do_syscall_64+0xfd/0x620 [ 583.995341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 584.000656] RIP: 0033:0x45b349 [ 584.003858] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 584.022768] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 584.030493] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 584.037873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 584.045158] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 584.052464] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 584.059761] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 584.067998] Task in /syz1 killed as a result of limit of /syz1 [ 584.074020] memory: usage 307200kB, limit 307200kB, failcnt 2215 [ 584.080440] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 584.087299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 584.093456] Memory cgroup stats for /syz1: cache:28KB rss:297024KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:91212KB active_anon:17436KB inactive_file:0KB active_file:0KB unevictable:188444KB [ 584.115699] Memory cgroup out of memory: Kill process 25313 (syz-executor.1) score 1226 or sacrifice child [ 584.125650] Killed process 25344 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 584.139904] oom_reaper: reaped process 25344 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 584.156619] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 584.177200] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 584.187293] CPU: 1 PID: 25313 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 584.195217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 584.204597] Call Trace: [ 584.207314] dump_stack+0x197/0x210 [ 584.210951] dump_header+0x15e/0xa55 [ 584.214670] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 584.219776] ? ___ratelimit+0x60/0x595 [ 584.223670] ? do_raw_spin_unlock+0x181/0x270 [ 584.228182] oom_kill_process.cold+0x10/0x6ef [ 584.232684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 584.238495] ? task_will_free_mem+0x139/0x6e0 [ 584.243134] out_of_memory+0x362/0x1330 [ 584.247119] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 584.252238] ? oom_killer_disable+0x280/0x280 [ 584.256732] ? find_held_lock+0x35/0x130 [ 584.260807] mem_cgroup_out_of_memory+0x1d2/0x240 [ 584.265660] ? memcg_event_wake+0x230/0x230 [ 584.269993] ? do_raw_spin_unlock+0x181/0x270 [ 584.274594] ? _raw_spin_unlock+0x2d/0x50 [ 584.278745] try_charge+0xc6e/0x1490 [ 584.282464] ? lock_downgrade+0x880/0x880 [ 584.286611] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 584.291457] ? rcu_read_unlock+0x33/0x60 [ 584.295534] ? get_mem_cgroup_from_mm+0x185/0x510 [ 584.300385] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 584.306450] mem_cgroup_try_charge+0x259/0x6b0 [ 584.311221] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 584.316256] wp_page_copy+0x430/0x16a0 [ 584.320184] ? follow_pfn+0x2a0/0x2a0 [ 584.323983] ? do_raw_spin_unlock+0x181/0x270 [ 584.328527] do_wp_page+0x57d/0x10b0 [ 584.332263] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 584.336941] ? kasan_check_write+0x14/0x20 [ 584.341187] ? do_raw_spin_lock+0xd7/0x250 [ 584.345428] __handle_mm_fault+0x2305/0x3f80 [ 584.349855] ? copy_page_range+0x2030/0x2030 [ 584.354281] ? count_memcg_event_mm+0x2b1/0x4d0 [ 584.358963] handle_mm_fault+0x1b5/0x690 [ 584.363106] __do_page_fault+0x62a/0xe90 [ 584.367178] ? __lock_is_held+0xb6/0x140 [ 584.371246] ? vmalloc_fault+0x740/0x740 [ 584.375428] ? trace_hardirqs_off_caller+0x65/0x220 [ 584.380581] ? trace_hardirqs_on_caller+0x6a/0x220 [ 584.385552] ? page_fault+0x8/0x30 [ 584.389098] do_page_fault+0x71/0x57d [ 584.392900] ? page_fault+0x8/0x30 [ 584.396436] page_fault+0x1e/0x30 [ 584.399916] RIP: 0033:0x40f7d0 [ 584.403288] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 584.422290] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 584.427653] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 584.434991] RDX: fffffffffffffff7 RSI: 000000000000052e RDI: 0000000000000003 [ 584.442376] RBP: 0000000000000000 R08: 00000000bfaf652e R09: 00000000bfaf6532 [ 584.449666] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 584.456932] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 584.466066] Task in /syz1 killed as a result of limit of /syz1 [ 584.472980] memory: usage 301612kB, limit 307200kB, failcnt 2216 [ 584.479329] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 584.486099] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 584.492296] Memory cgroup stats for /syz1: cache:28KB rss:291508KB rss_huge:258048KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:19484KB inactive_file:0KB active_file:0KB unevictable:184508KB [ 584.514477] Memory cgroup out of memory: Kill process 25313 (syz-executor.1) score 1226 or sacrifice child [ 584.524527] Killed process 25313 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 584.535650] oom_reaper: reaped process 25313 (syz-executor.1), now anon-rss:18328kB, file-rss:54368kB, shmem-rss:0kB 14:29:46 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:46 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x6000}, 0x0) 14:29:46 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:46 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acces', @ANYRESDEC]) 14:29:46 executing program 5: 14:29:46 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:46 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:46 executing program 5: 14:29:46 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xc00e}, 0x0) [ 584.681574] encrypted_key: key description must be 16 hexadecimal characters long [ 584.928309] encrypted_key: key description must be 16 hexadecimal characters long 14:29:46 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe200}, 0x0) 14:29:46 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:46 executing program 5: [ 585.122966] ptrace attach of "/root/syz-executor.4"[25383] was attempted by "/root/syz-executor.4"[25385] 14:29:47 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:47 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:47 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',acces', @ANYRESDEC]) 14:29:47 executing program 5: 14:29:47 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf000}, 0x0) [ 585.759897] encrypted_key: key description must be 16 hexadecimal characters long [ 585.783917] ptrace attach of "/root/syz-executor.4"[25409] was attempted by "/root/syz-executor.4"[25410] 14:29:47 executing program 5: 14:29:47 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 585.835815] cgroup: fork rejected by pids controller in /syz3 14:29:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x34000}, 0x0) 14:29:47 executing program 5: [ 586.167551] ptrace attach of "/root/syz-executor.4"[25525] was attempted by "/root/syz-executor.4"[25527] 14:29:47 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:47 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 586.477762] encrypted_key: key description must be 16 hexadecimal characters long 14:29:48 executing program 5: 14:29:48 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x400300}, 0x0) 14:29:48 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access', @ANYRESDEC]) 14:29:48 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:48 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:29:48 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:48 executing program 5: [ 586.673818] encrypted_key: key description must be 16 hexadecimal characters long 14:29:48 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf0ffff}, 0x0) 14:29:48 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) 14:29:48 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:48 executing program 5: [ 587.018906] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 587.031410] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 587.038262] CPU: 0 PID: 25566 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 587.046171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 587.055545] Call Trace: [ 587.058154] dump_stack+0x197/0x210 [ 587.061807] dump_header+0x15e/0xa55 [ 587.065525] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 587.071686] ? ___ratelimit+0x60/0x595 [ 587.075593] oom_kill_process.cold+0x10/0x6ef [ 587.080109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 587.085659] ? task_will_free_mem+0x139/0x6e0 [ 587.090172] out_of_memory+0x362/0x1330 [ 587.094163] ? lock_downgrade+0x880/0x880 [ 587.098315] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 587.103557] ? oom_killer_disable+0x280/0x280 [ 587.108092] ? find_held_lock+0x35/0x130 [ 587.112867] mem_cgroup_out_of_memory+0x1d2/0x240 [ 587.117722] ? memcg_event_wake+0x230/0x230 [ 587.122063] ? do_raw_spin_unlock+0x181/0x270 [ 587.126579] ? _raw_spin_unlock+0x2d/0x50 [ 587.130771] try_charge+0xec5/0x1490 [ 587.134492] ? lock_downgrade+0x880/0x880 [ 587.139086] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 587.144127] ? rcu_read_unlock+0x33/0x60 [ 587.148217] ? get_mem_cgroup_from_mm+0x185/0x510 [ 587.153075] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 587.159680] ? mark_held_locks+0x100/0x100 [ 587.163946] mem_cgroup_try_charge+0x259/0x6b0 [ 587.168553] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 587.173491] __handle_mm_fault+0x1e50/0x3f80 [ 587.177940] ? copy_page_range+0x2030/0x2030 [ 587.182360] ? retint_kernel+0x2d/0x2d [ 587.186277] ? count_memcg_event_mm+0x2b1/0x4d0 [ 587.190985] handle_mm_fault+0x1b5/0x690 [ 587.195051] __get_user_pages+0x609/0x1860 [ 587.199308] ? follow_page_mask+0x1ac0/0x1ac0 [ 587.203830] ? retint_kernel+0x2d/0x2d [ 587.207739] populate_vma_page_range+0x20d/0x2a0 [ 587.212538] __mm_populate+0x204/0x380 [ 587.216547] ? populate_vma_page_range+0x2a0/0x2a0 [ 587.221502] __x64_sys_mlockall+0x35c/0x520 [ 587.225829] do_syscall_64+0xfd/0x620 [ 587.229668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 587.234879] RIP: 0033:0x45b349 [ 587.238090] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 587.257478] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 587.265450] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 587.272740] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 587.280066] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 587.287564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 587.294848] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 587.304297] Task in /syz1 killed as a result of limit of /syz1 [ 587.310737] memory: usage 307200kB, limit 307200kB, failcnt 2235 [ 587.317280] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 587.324185] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 587.330709] Memory cgroup stats for /syz1: cache:28KB rss:296772KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:23904KB inactive_file:8KB active_file:4KB unevictable:185332KB [ 587.353263] Memory cgroup out of memory: Kill process 25563 (syz-executor.1) score 1170 or sacrifice child [ 587.363833] Killed process 25568 (syz-executor.1) total-vm:72588kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 14:29:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x1000000}, 0x0) 14:29:49 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access', @ANYRESDEC]) [ 587.466752] encrypted_key: key description must be 16 hexadecimal characters long 14:29:49 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) 14:29:49 executing program 5: [ 587.623777] cgroup: fork rejected by pids controller in /syz4 [ 587.785370] encrypted_key: key description must be 16 hexadecimal characters long 14:29:49 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x2000000}, 0x0) 14:29:49 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:49 executing program 5: 14:29:49 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access', @ANYRESDEC]) 14:29:49 executing program 3: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) 14:29:49 executing program 5: [ 588.180482] encrypted_key: key description must be 16 hexadecimal characters long 14:29:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x3000000}, 0x0) 14:29:50 executing program 5: 14:29:50 executing program 3: 14:29:50 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 588.527671] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 588.540116] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 588.545893] CPU: 1 PID: 25832 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 588.553794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 588.563167] Call Trace: [ 588.565783] dump_stack+0x197/0x210 [ 588.569438] dump_header+0x15e/0xa55 14:29:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x4000000}, 0x0) [ 588.573174] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 588.578422] ? ___ratelimit+0x60/0x595 [ 588.582416] ? do_raw_spin_unlock+0x181/0x270 [ 588.586934] oom_kill_process.cold+0x10/0x6ef [ 588.591556] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 588.597115] ? task_will_free_mem+0x139/0x6e0 [ 588.601636] ? find_held_lock+0x35/0x130 [ 588.605726] out_of_memory+0x362/0x1330 [ 588.609722] ? lock_downgrade+0x880/0x880 [ 588.613891] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 588.619137] ? oom_killer_disable+0x280/0x280 [ 588.623685] ? find_held_lock+0x35/0x130 [ 588.627769] mem_cgroup_out_of_memory+0x1d2/0x240 [ 588.632626] ? memcg_event_wake+0x230/0x230 [ 588.636984] ? do_raw_spin_unlock+0x181/0x270 [ 588.641509] ? _raw_spin_unlock+0x2d/0x50 [ 588.645685] try_charge+0xec5/0x1490 [ 588.649428] ? lock_downgrade+0x880/0x880 [ 588.653607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 588.659342] ? rcu_read_unlock+0x33/0x60 [ 588.663428] ? get_mem_cgroup_from_mm+0x185/0x510 [ 588.669256] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 588.675359] mem_cgroup_try_charge+0x259/0x6b0 [ 588.680074] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 588.685034] wp_page_copy+0x430/0x16a0 [ 588.688956] ? follow_pfn+0x2a0/0x2a0 [ 588.692787] ? do_raw_spin_unlock+0x181/0x270 [ 588.697305] do_wp_page+0x57d/0x10b0 [ 588.701044] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 588.705738] ? kasan_check_write+0x14/0x20 [ 588.710124] ? do_raw_spin_lock+0xd7/0x250 [ 588.714385] __handle_mm_fault+0x2305/0x3f80 [ 588.718822] ? copy_page_range+0x2030/0x2030 [ 588.723399] ? count_memcg_event_mm+0x2b1/0x4d0 [ 588.728094] handle_mm_fault+0x1b5/0x690 [ 588.732183] __get_user_pages+0x609/0x1860 [ 588.736456] ? follow_page_mask+0x1ac0/0x1ac0 [ 588.741010] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 588.745796] ? retint_kernel+0x2d/0x2d [ 588.749847] populate_vma_page_range+0x20d/0x2a0 [ 588.754635] __mm_populate+0x204/0x380 [ 588.758558] ? populate_vma_page_range+0x2a0/0x2a0 [ 588.763528] __x64_sys_mlockall+0x35c/0x520 [ 588.768141] do_syscall_64+0xfd/0x620 [ 588.771967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 588.777303] RIP: 0033:0x45b349 [ 588.780650] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 588.799668] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 588.807420] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 588.814724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 588.822138] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 588.829432] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 588.836719] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 588.846635] Task in /syz1 killed as a result of limit of /syz1 [ 588.853122] memory: usage 307200kB, limit 307200kB, failcnt 2275 [ 588.859538] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 588.866701] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 588.873125] Memory cgroup stats for /syz1: cache:28KB rss:296616KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92780KB active_anon:21748KB inactive_file:0KB active_file:0KB unevictable:182176KB [ 588.895882] Memory cgroup out of memory: Kill process 25830 (syz-executor.1) score 1226 or sacrifice child [ 588.906105] Killed process 25941 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 588.928367] oom_reaper: reaped process 25941 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:29:50 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:50 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYBLOB=',access=', @ANYRESDEC]) 14:29:50 executing program 5: 14:29:50 executing program 3: 14:29:50 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xa000000}, 0x0) 14:29:50 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:29:50 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) rt_sigaction(0x2d, &(0x7f0000000240)={&(0x7f0000000180)="c482a1a6534e0f6e29f083b1f0ffff7f09d3c6460fac2000c422f9968e00000000f0440fba37ebc4c315183e86440f1821c4a2d1a76532", 0x0, 0xfffffffffffffffe}, &(0x7f00000003c0)={&(0x7f00000002c0)="0f0d9517000000f0873500080000c401e16c9006000000f242afc4a13a515e840f4d2966f30f1ad5c461f8534431ff3edfd9440f1826", 0x0, 0x0}, 0x8, &(0x7f0000000400)) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(0x0, 0x0, 0x200000000000000, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='./bus\x00', 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) creat(&(0x7f00000001c0)='./bus\x00', 0x20) recvmsg(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) 14:29:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe000000}, 0x0) 14:29:51 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYBLOB=',access=', @ANYRESDEC]) [ 589.388463] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 589.400270] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 589.405953] CPU: 1 PID: 26160 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 589.413909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 589.423276] Call Trace: [ 589.425889] dump_stack+0x197/0x210 [ 589.430072] dump_header+0x15e/0xa55 [ 589.433812] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 589.438952] ? ___ratelimit+0x60/0x595 [ 589.442874] ? do_raw_spin_unlock+0x181/0x270 [ 589.447534] oom_kill_process.cold+0x10/0x6ef [ 589.452118] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 589.457812] ? task_will_free_mem+0x139/0x6e0 [ 589.462497] out_of_memory+0x362/0x1330 [ 589.466733] ? lock_downgrade+0x880/0x880 [ 589.470932] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 589.476064] ? oom_killer_disable+0x280/0x280 [ 589.480583] ? find_held_lock+0x35/0x130 14:29:51 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000040)='./bus\x00', 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x208) ioctl$SIOCX25GFACILITIES(r2, 0x89e2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) getpid() r5 = accept$alg(r4, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) creat(&(0x7f00000001c0)='./bus\x00', 0x20) recvmsg(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) [ 589.484689] mem_cgroup_out_of_memory+0x1d2/0x240 [ 589.489558] ? memcg_event_wake+0x230/0x230 [ 589.493910] ? do_raw_spin_unlock+0x181/0x270 [ 589.498439] ? _raw_spin_unlock+0x2d/0x50 [ 589.502614] try_charge+0xec5/0x1490 [ 589.506356] ? lock_downgrade+0x880/0x880 [ 589.510533] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 589.515413] ? rcu_read_unlock+0x33/0x60 [ 589.519535] ? get_mem_cgroup_from_mm+0x185/0x510 [ 589.524526] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 589.530720] mem_cgroup_try_charge+0x259/0x6b0 [ 589.535528] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 589.540489] wp_page_copy+0x430/0x16a0 [ 589.544416] ? follow_pfn+0x2a0/0x2a0 [ 589.548309] ? do_raw_spin_unlock+0x181/0x270 [ 589.552839] do_wp_page+0x57d/0x10b0 [ 589.556620] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 589.561846] ? kasan_check_write+0x14/0x20 [ 589.566107] ? do_raw_spin_lock+0xd7/0x250 [ 589.568611] 9pnet: Insufficient options for proto=fd [ 589.570376] __handle_mm_fault+0x2305/0x3f80 [ 589.570398] ? copy_page_range+0x2030/0x2030 [ 589.570429] ? count_memcg_event_mm+0x2b1/0x4d0 14:29:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf000000}, 0x0) [ 589.589319] handle_mm_fault+0x1b5/0x690 [ 589.593430] __get_user_pages+0x609/0x1860 [ 589.597727] ? follow_page_mask+0x1ac0/0x1ac0 [ 589.602250] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 589.607056] ? retint_kernel+0x2d/0x2d [ 589.610999] populate_vma_page_range+0x20d/0x2a0 [ 589.615781] __mm_populate+0x204/0x380 [ 589.619695] ? populate_vma_page_range+0x2a0/0x2a0 [ 589.624657] __x64_sys_mlockall+0x35c/0x520 [ 589.629012] do_syscall_64+0xfd/0x620 [ 589.632847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 589.638061] RIP: 0033:0x45b349 [ 589.641435] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 589.660678] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 589.668411] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 589.675790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 589.683776] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 589.691067] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 589.698355] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 589.707821] Task in /syz1 killed as a result of limit of /syz1 [ 589.714245] memory: usage 307200kB, limit 307200kB, failcnt 2302 [ 589.720749] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 589.727875] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 589.734186] Memory cgroup stats for /syz1: cache:28KB rss:296680KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92952KB active_anon:21748KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 589.757065] Memory cgroup out of memory: Kill process 26159 (syz-executor.1) score 1226 or sacrifice child [ 589.767589] Killed process 26195 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:29:51 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:51 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:29:51 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYBLOB=',access=', @ANYRESDEC]) 14:29:51 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:51 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x18000000000000, 0x40, &(0x7f00000001c0)=@raw={'raw\x00', 0x2, 0x3, 0x270, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x1d8, 0x1d8, 0x1d8, 0x1d8, 0x1d8, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x48], 0x0, 0xb8, 0xe0, 0x0, {}, [@common=@unspec=@nfacct={{0x48, 'nfacct\x00'}, {'syz1\x00'}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0x0, '\x00', 'rose0\x00'}, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2d0) 14:29:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x3f000000}, 0x0) 14:29:52 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 590.324880] xt_nfacct: accounting object `syz1' does not exists [ 590.348461] 9pnet: Insufficient options for proto=fd 14:29:52 executing program 5: creat(&(0x7f0000000040)='./bus\x00', 0x0) clone(0xa2181503, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 14:29:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x60000000}, 0x0) 14:29:52 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:52 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',access=', @ANYRESDEC]) [ 590.643125] 9pnet: Insufficient options for proto=fd 14:29:52 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 590.715777] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 590.727805] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 590.733622] CPU: 0 PID: 26431 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 590.741544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 590.750920] Call Trace: [ 590.753572] dump_stack+0x197/0x210 [ 590.757235] dump_header+0x15e/0xa55 [ 590.760987] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 590.766244] ? ___ratelimit+0x60/0x595 [ 590.770158] ? do_raw_spin_unlock+0x181/0x270 [ 590.774710] oom_kill_process.cold+0x10/0x6ef [ 590.780445] ? oom_badness+0x6c0/0x6c0 [ 590.784338] ? mem_cgroup_scan_tasks+0x1f/0x180 [ 590.789058] out_of_memory+0x362/0x1330 [ 590.793056] ? lock_downgrade+0x880/0x880 [ 590.797237] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 590.802366] ? oom_killer_disable+0x280/0x280 [ 590.807490] ? find_held_lock+0x35/0x130 [ 590.811574] mem_cgroup_out_of_memory+0x1d2/0x240 [ 590.816443] ? memcg_event_wake+0x230/0x230 [ 590.820779] ? do_raw_spin_unlock+0x181/0x270 [ 590.825295] ? _raw_spin_unlock+0x2d/0x50 [ 590.829474] try_charge+0xec5/0x1490 [ 590.833189] ? lock_downgrade+0x880/0x880 [ 590.837354] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 590.842314] ? rcu_read_unlock+0x33/0x60 [ 590.846377] ? get_mem_cgroup_from_mm+0x185/0x510 [ 590.851234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 590.856012] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 590.862092] ? retint_kernel+0x2d/0x2d [ 590.865986] mem_cgroup_try_charge+0x259/0x6b0 [ 590.870591] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 590.875564] wp_page_copy+0x430/0x16a0 [ 590.879482] ? follow_pfn+0x2a0/0x2a0 [ 590.883410] ? do_raw_spin_unlock+0x181/0x270 [ 590.887943] do_wp_page+0x57d/0x10b0 [ 590.891674] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 590.896354] ? kasan_check_write+0x14/0x20 [ 590.900611] ? do_raw_spin_lock+0xd7/0x250 [ 590.904853] __handle_mm_fault+0x2305/0x3f80 [ 590.909280] ? copy_page_range+0x2030/0x2030 [ 590.913724] ? count_memcg_event_mm+0x2b1/0x4d0 [ 590.918409] handle_mm_fault+0x1b5/0x690 [ 590.922492] __get_user_pages+0x609/0x1860 [ 590.926752] ? follow_page_mask+0x1ac0/0x1ac0 [ 590.931260] ? retint_kernel+0x2d/0x2d [ 590.935175] populate_vma_page_range+0x20d/0x2a0 [ 590.939948] __mm_populate+0x204/0x380 [ 590.943844] ? populate_vma_page_range+0x2a0/0x2a0 [ 590.949060] __x64_sys_mlockall+0x35c/0x520 [ 590.953498] do_syscall_64+0xfd/0x620 [ 590.957337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 590.962544] RIP: 0033:0x45b349 [ 590.965764] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 590.984965] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 590.992711] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 590.999993] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 591.007273] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 591.014563] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 591.021855] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 591.032432] Task in /syz1 killed as a result of limit of /syz1 [ 591.038688] memory: usage 307200kB, limit 307200kB, failcnt 2313 [ 591.045022] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 591.052239] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 591.059112] Memory cgroup stats for /syz1: cache:28KB rss:296580KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92788KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182172KB [ 591.081892] Memory cgroup out of memory: Kill process 26430 (syz-executor.1) score 1226 or sacrifice child [ 591.094035] Killed process 26527 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 591.178595] oom_reaper: reaped process 26527 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:29:53 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x0, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:53 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x9effffff}, 0x0) 14:29:53 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:53 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:29:53 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:53 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 591.683630] 9pnet: Insufficient options for proto=fd 14:29:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xc00e0000}, 0x0) [ 591.712688] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 591.724322] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 591.730112] CPU: 0 PID: 26653 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 591.738150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 591.747660] Call Trace: [ 591.750275] dump_stack+0x197/0x210 [ 591.753934] dump_header+0x15e/0xa55 [ 591.757674] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 591.762796] ? ___ratelimit+0x60/0x595 [ 591.766710] ? do_raw_spin_unlock+0x181/0x270 [ 591.771229] oom_kill_process.cold+0x10/0x6ef [ 591.775951] ? mem_cgroup_get_max+0x5e/0x240 [ 591.780384] out_of_memory+0x362/0x1330 [ 591.784385] ? lock_downgrade+0x880/0x880 [ 591.788555] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 591.793684] ? oom_killer_disable+0x280/0x280 [ 591.798200] ? find_held_lock+0x35/0x130 [ 591.802299] mem_cgroup_out_of_memory+0x1d2/0x240 [ 591.807164] ? memcg_event_wake+0x230/0x230 [ 591.811565] ? do_raw_spin_unlock+0x181/0x270 [ 591.816214] ? _raw_spin_unlock+0x2d/0x50 [ 591.820384] try_charge+0xec5/0x1490 [ 591.824126] ? lock_downgrade+0x880/0x880 [ 591.828386] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 591.833249] ? rcu_read_unlock+0x33/0x60 [ 591.837362] ? get_mem_cgroup_from_mm+0x185/0x510 [ 591.842929] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 591.849106] mem_cgroup_try_charge+0x259/0x6b0 [ 591.853723] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 591.858681] wp_page_copy+0x430/0x16a0 [ 591.862604] ? follow_pfn+0x2a0/0x2a0 [ 591.866424] ? do_raw_spin_unlock+0x181/0x270 [ 591.870938] do_wp_page+0x57d/0x10b0 [ 591.874682] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 591.879365] ? kasan_check_write+0x14/0x20 [ 591.884484] ? do_raw_spin_lock+0xd7/0x250 [ 591.888738] __handle_mm_fault+0x2305/0x3f80 [ 591.893331] ? copy_page_range+0x2030/0x2030 [ 591.897767] ? count_memcg_event_mm+0x2b1/0x4d0 [ 591.902451] handle_mm_fault+0x1b5/0x690 [ 591.906527] __get_user_pages+0x609/0x1860 [ 591.910784] ? follow_page_mask+0x1ac0/0x1ac0 [ 591.915296] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 591.920153] ? retint_kernel+0x2d/0x2d [ 591.924054] populate_vma_page_range+0x20d/0x2a0 [ 591.928823] __mm_populate+0x204/0x380 [ 591.932725] ? populate_vma_page_range+0x2a0/0x2a0 [ 591.937670] __x64_sys_mlockall+0x35c/0x520 [ 591.942007] do_syscall_64+0xfd/0x620 [ 591.945836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 591.951041] RIP: 0033:0x45b349 [ 591.954260] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 591.973176] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 591.980893] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 591.988167] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 591.995445] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 592.002738] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 592.010007] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 592.026352] Task in /syz1 killed as a result of limit of /syz1 [ 592.032879] memory: usage 307200kB, limit 307200kB, failcnt 2375 [ 592.039317] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 592.046308] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 592.052813] Memory cgroup stats for /syz1: cache:28KB rss:296684KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:90904KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:184088KB [ 592.076012] Memory cgroup out of memory: Kill process 26651 (syz-executor.1) score 1226 or sacrifice child [ 592.086103] Killed process 26663 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:29:54 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:29:54 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:54 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe2000000}, 0x0) 14:29:54 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 592.669285] 9pnet: Insufficient options for proto=fd 14:29:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x0, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:54 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:54 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) 14:29:54 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:54 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf0ffffff}, 0x0) [ 592.985594] 9pnet: Insufficient options for proto=fd 14:29:54 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) [ 593.181821] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 593.193305] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 593.199011] CPU: 0 PID: 26796 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 593.206910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 593.216278] Call Trace: [ 593.218893] dump_stack+0x197/0x210 [ 593.222562] dump_header+0x15e/0xa55 [ 593.226421] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 14:29:54 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:54 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xfffff000}, 0x0) [ 593.231732] ? ___ratelimit+0x60/0x595 [ 593.235647] ? do_raw_spin_unlock+0x181/0x270 [ 593.240183] oom_kill_process.cold+0x10/0x6ef [ 593.245058] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 593.250628] ? task_will_free_mem+0x139/0x6e0 [ 593.255159] ? find_held_lock+0x35/0x130 [ 593.259257] out_of_memory+0x362/0x1330 [ 593.263255] ? lock_downgrade+0x880/0x880 [ 593.267591] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 593.272720] ? oom_killer_disable+0x280/0x280 [ 593.277245] ? find_held_lock+0x35/0x130 14:29:54 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 593.281348] mem_cgroup_out_of_memory+0x1d2/0x240 [ 593.286219] ? memcg_event_wake+0x230/0x230 [ 593.290566] ? do_raw_spin_unlock+0x181/0x270 [ 593.295087] ? _raw_spin_unlock+0x2d/0x50 [ 593.299258] try_charge+0xec5/0x1490 [ 593.303951] ? lock_downgrade+0x880/0x880 [ 593.308129] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 593.312995] ? rcu_read_unlock+0x33/0x60 [ 593.317075] ? get_mem_cgroup_from_mm+0x185/0x510 [ 593.325718] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 593.331817] mem_cgroup_try_charge+0x259/0x6b0 [ 593.336552] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 593.341512] wp_page_copy+0x430/0x16a0 [ 593.345441] ? follow_pfn+0x2a0/0x2a0 [ 593.349278] ? do_raw_spin_unlock+0x181/0x270 [ 593.353807] do_wp_page+0x57d/0x10b0 [ 593.357549] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 593.362241] ? kasan_check_write+0x14/0x20 [ 593.366493] ? do_raw_spin_lock+0xd7/0x250 [ 593.370763] __handle_mm_fault+0x2305/0x3f80 [ 593.375354] ? copy_page_range+0x2030/0x2030 14:29:55 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) [ 593.379897] ? count_memcg_event_mm+0x2b1/0x4d0 [ 593.384782] handle_mm_fault+0x1b5/0x690 [ 593.388906] __get_user_pages+0x609/0x1860 [ 593.393302] ? follow_page_mask+0x1ac0/0x1ac0 [ 593.397836] ? retint_kernel+0x2d/0x2d [ 593.401791] populate_vma_page_range+0x20d/0x2a0 [ 593.406575] __mm_populate+0x204/0x380 [ 593.410486] ? populate_vma_page_range+0x2a0/0x2a0 [ 593.415577] __x64_sys_mlockall+0x35c/0x520 [ 593.419918] do_syscall_64+0xfd/0x620 [ 593.423776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 593.428982] RIP: 0033:0x45b349 [ 593.433142] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 593.452057] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 593.459910] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 593.467978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 593.475262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 593.482546] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 593.489919] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 593.497344] Task in /syz1 killed as a result of limit of /syz1 [ 593.503761] memory: usage 307200kB, limit 307200kB, failcnt 2422 [ 593.510292] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 593.517441] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 593.523734] Memory cgroup stats for /syz1: cache:28KB rss:296648KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92948KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 593.546816] Memory cgroup out of memory: Kill process 26791 (syz-executor.1) score 1226 or sacrifice child [ 593.557759] Killed process 26829 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 594.197956] 9pnet: Insufficient options for proto=fd 14:29:55 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xffffff7f}, 0x0) 14:29:55 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x0, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) [ 594.490040] 9pnet: Insufficient options for proto=fd 14:29:56 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, 0x0) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:56 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:56 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:29:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xffffff9e}, 0x0) 14:29:56 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:56 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:29:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xfffffff0}, 0x0) [ 594.869630] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 594.881403] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 594.887871] CPU: 0 PID: 27039 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 594.895792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 594.905167] Call Trace: [ 594.907778] dump_stack+0x197/0x210 [ 594.911435] dump_header+0x15e/0xa55 [ 594.915174] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 594.920405] ? ___ratelimit+0x60/0x595 [ 594.924325] oom_kill_process.cold+0x10/0x6ef [ 594.928863] ? mem_cgroup_get_max+0xd1/0x240 [ 594.933306] out_of_memory+0x362/0x1330 [ 594.937372] ? lock_downgrade+0x880/0x880 [ 594.941564] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 594.946699] ? oom_killer_disable+0x280/0x280 [ 594.951240] ? find_held_lock+0x35/0x130 [ 594.955341] mem_cgroup_out_of_memory+0x1d2/0x240 [ 594.960220] ? memcg_event_wake+0x230/0x230 [ 594.964585] ? do_raw_spin_unlock+0x181/0x270 14:29:56 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 594.969226] ? _raw_spin_unlock+0x2d/0x50 [ 594.973407] try_charge+0xec5/0x1490 [ 594.977144] ? lock_downgrade+0x880/0x880 [ 594.981330] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 594.986200] ? rcu_read_unlock+0x33/0x60 [ 594.990284] ? get_mem_cgroup_from_mm+0x185/0x510 [ 594.995499] ? retint_kernel+0x2d/0x2d [ 594.999418] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 595.005527] mem_cgroup_try_charge+0x259/0x6b0 [ 595.010183] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 595.015137] wp_page_copy+0x430/0x16a0 [ 595.019050] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 595.023834] ? follow_pfn+0x2a0/0x2a0 [ 595.027667] ? do_raw_spin_unlock+0x181/0x270 [ 595.032183] do_wp_page+0x57d/0x10b0 [ 595.035925] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 595.040802] ? kasan_check_write+0x14/0x20 [ 595.045239] ? do_raw_spin_lock+0xd7/0x250 [ 595.049508] __handle_mm_fault+0x2305/0x3f80 [ 595.053951] ? copy_page_range+0x2030/0x2030 [ 595.058391] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 595.063190] ? handle_mm_fault+0x10e/0x690 14:29:56 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) [ 595.067457] handle_mm_fault+0x1b5/0x690 [ 595.071552] __get_user_pages+0x609/0x1860 [ 595.075820] ? follow_page_mask+0x1ac0/0x1ac0 [ 595.080348] ? retint_kernel+0x2d/0x2d [ 595.084303] populate_vma_page_range+0x20d/0x2a0 [ 595.089111] __mm_populate+0x204/0x380 [ 595.093163] ? populate_vma_page_range+0x2a0/0x2a0 [ 595.098140] __x64_sys_mlockall+0x35c/0x520 [ 595.102772] do_syscall_64+0xfd/0x620 [ 595.106600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 595.111820] RIP: 0033:0x45b349 [ 595.115389] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 595.134328] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 595.142062] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 595.149361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 595.156794] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 595.164089] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 595.171537] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 595.179978] Task in /syz1 killed as a result of limit of /syz1 [ 595.186646] memory: usage 307200kB, limit 307200kB, failcnt 2474 [ 595.192946] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 595.199943] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:29:56 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:29:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x40030000000000}, 0x0) [ 595.206603] Memory cgroup stats for /syz1: cache:28KB rss:296568KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92944KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182040KB [ 595.229478] Memory cgroup out of memory: Kill process 27038 (syz-executor.1) score 1226 or sacrifice child [ 595.239828] 9pnet: Insufficient options for proto=fd [ 595.240038] Killed process 27047 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 595.271970] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 595.946370] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 595.975037] CPU: 0 PID: 27038 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 595.982970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 595.992343] Call Trace: [ 595.994947] dump_stack+0x197/0x210 [ 595.998722] dump_header+0x15e/0xa55 [ 596.002471] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 596.007596] ? ___ratelimit+0x60/0x595 [ 596.011501] ? do_raw_spin_unlock+0x181/0x270 [ 596.016026] oom_kill_process.cold+0x10/0x6ef [ 596.020553] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.026107] ? task_will_free_mem+0x139/0x6e0 [ 596.030630] out_of_memory+0x362/0x1330 [ 596.034640] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 596.039930] ? oom_killer_disable+0x280/0x280 [ 596.044471] ? find_held_lock+0x35/0x130 [ 596.048567] mem_cgroup_out_of_memory+0x1d2/0x240 [ 596.053434] ? memcg_event_wake+0x230/0x230 [ 596.057799] ? do_raw_spin_unlock+0x181/0x270 [ 596.062331] ? _raw_spin_unlock+0x2d/0x50 [ 596.066544] try_charge+0xc6e/0x1490 [ 596.070323] ? lock_downgrade+0x880/0x880 [ 596.074643] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 596.079520] ? rcu_read_unlock+0x33/0x60 [ 596.083598] ? get_mem_cgroup_from_mm+0x185/0x510 [ 596.088477] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 596.094701] ? __split_huge_pmd+0x2ba/0x2b10 [ 596.099146] mem_cgroup_try_charge+0x259/0x6b0 [ 596.103757] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 596.108716] wp_page_copy+0x430/0x16a0 [ 596.114037] ? follow_pfn+0x2a0/0x2a0 [ 596.117865] ? do_raw_spin_unlock+0x181/0x270 [ 596.122384] do_wp_page+0x57d/0x10b0 [ 596.126127] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 596.130816] ? kasan_check_write+0x14/0x20 [ 596.135080] ? do_raw_spin_lock+0xd7/0x250 [ 596.139347] __handle_mm_fault+0x2305/0x3f80 [ 596.143934] ? copy_page_range+0x2030/0x2030 [ 596.148650] ? count_memcg_event_mm+0x2b1/0x4d0 [ 596.153355] handle_mm_fault+0x1b5/0x690 [ 596.157455] __do_page_fault+0x62a/0xe90 [ 596.161564] ? vmalloc_fault+0x740/0x740 [ 596.165663] ? trace_hardirqs_off_caller+0x65/0x220 [ 596.170710] ? trace_hardirqs_on_caller+0x6a/0x220 [ 596.175769] ? page_fault+0x8/0x30 [ 596.179338] do_page_fault+0x71/0x57d [ 596.183276] ? page_fault+0x8/0x30 [ 596.186836] page_fault+0x1e/0x30 [ 596.190301] RIP: 0033:0x400644 [ 596.193511] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 596.212515] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 596.217893] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 596.225177] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000001 [ 596.232461] RBP: 0000000000760f30 R08: 0000000000000000 R09: 0000000000000000 [ 596.239746] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 596.247038] R13: 000000000009134d R14: 0000000000760f38 R15: 000000000075bf2c [ 596.280349] Task in /syz1 killed as a result of limit of /syz1 [ 596.300098] memory: usage 305764kB, limit 307200kB, failcnt 2474 [ 596.319600] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 596.338559] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 596.345435] Memory cgroup stats for /syz1: cache:28KB rss:295500KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:25848KB inactive_file:0KB active_file:0KB unevictable:182040KB [ 596.381234] Memory cgroup out of memory: Kill process 27038 (syz-executor.1) score 1226 or sacrifice child [ 596.392959] Killed process 27038 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB [ 596.405448] oom_reaper: reaped process 27038 (syz-executor.1), now anon-rss:18196kB, file-rss:54368kB, shmem-rss:0kB 14:29:58 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:58 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB, @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:58 executing program 3: socket$inet(0x2, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) 14:29:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf0ffffffffffff}, 0x0) 14:29:58 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:58 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:58 executing program 3: socket$inet(0x2, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) [ 596.563056] 9pnet: Insufficient options for proto=fd 14:29:58 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x100000000000000}, 0x0) 14:29:58 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:58 executing program 3: socket$inet(0x2, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) 14:29:58 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) [ 596.842115] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 596.853780] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 596.859825] CPU: 0 PID: 27429 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 596.867989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 596.877468] Call Trace: [ 596.880088] dump_stack+0x197/0x210 [ 596.883749] dump_header+0x15e/0xa55 [ 596.887498] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 596.892623] ? ___ratelimit+0x60/0x595 [ 596.893749] 9pnet: Insufficient options for proto=fd [ 596.896523] ? do_raw_spin_unlock+0x181/0x270 [ 596.896546] oom_kill_process.cold+0x10/0x6ef [ 596.896564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 596.896578] ? task_will_free_mem+0x139/0x6e0 [ 596.896593] ? find_held_lock+0x35/0x130 [ 596.896612] out_of_memory+0x362/0x1330 [ 596.896632] ? lock_downgrade+0x880/0x880 [ 596.932948] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 596.938130] ? oom_killer_disable+0x280/0x280 [ 596.942662] ? find_held_lock+0x35/0x130 [ 596.946758] mem_cgroup_out_of_memory+0x1d2/0x240 [ 596.951632] ? memcg_event_wake+0x230/0x230 [ 596.955982] ? do_raw_spin_unlock+0x181/0x270 [ 596.960506] ? _raw_spin_unlock+0x2d/0x50 [ 596.964682] try_charge+0xec5/0x1490 [ 596.968429] ? lock_downgrade+0x880/0x880 [ 596.972603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 596.977469] ? rcu_read_unlock+0x33/0x60 [ 596.981552] ? get_mem_cgroup_from_mm+0x185/0x510 [ 596.986427] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 596.992520] mem_cgroup_try_charge+0x259/0x6b0 [ 596.997135] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 597.002089] wp_page_copy+0x430/0x16a0 [ 597.006004] ? follow_pfn+0x2a0/0x2a0 [ 597.009822] ? unlock_page+0x151/0x290 [ 597.015299] ? do_raw_spin_unlock+0x181/0x270 [ 597.019814] do_wp_page+0x57d/0x10b0 [ 597.023548] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 597.028233] ? kasan_check_write+0x14/0x20 [ 597.032488] ? do_raw_spin_lock+0xd7/0x250 [ 597.036749] __handle_mm_fault+0x2305/0x3f80 [ 597.041384] ? copy_page_range+0x2030/0x2030 [ 597.045825] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 597.050626] handle_mm_fault+0x1b5/0x690 [ 597.054721] __get_user_pages+0x609/0x1860 [ 597.058998] ? follow_page_mask+0x1ac0/0x1ac0 [ 597.063555] ? __get_user_pages+0x405/0x1860 [ 597.067997] ? __get_user_pages+0x44a/0x1860 [ 597.072450] populate_vma_page_range+0x20d/0x2a0 [ 597.077239] __mm_populate+0x204/0x380 [ 597.081157] ? populate_vma_page_range+0x2a0/0x2a0 [ 597.086119] __x64_sys_mlockall+0x35c/0x520 [ 597.090467] do_syscall_64+0xfd/0x620 [ 597.094303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 597.099537] RIP: 0033:0x45b349 [ 597.102749] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 597.121666] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 597.129411] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 597.136701] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 597.143993] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 597.151287] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 597.158578] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 597.166521] Task in /syz1 killed as a result of limit of /syz1 [ 597.172868] memory: usage 307200kB, limit 307200kB, failcnt 2493 [ 597.179238] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 597.186180] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 597.192582] Memory cgroup stats for /syz1: cache:28KB rss:296552KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92940KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 597.215609] Memory cgroup out of memory: Kill process 27403 (syz-executor.1) score 1226 or sacrifice child [ 597.225710] Killed process 27509 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:29:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:29:59 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x200000000000000}, 0x0) 14:29:59 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:59 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:29:59 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) tkill(r0, 0x9) 14:29:59 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 597.837954] 9pnet: Insufficient options for proto=fd 14:29:59 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:29:59 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfd', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:29:59 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x300000000000000}, 0x0) 14:29:59 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) [ 598.048830] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 598.060497] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 598.066038] CPU: 0 PID: 27645 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 598.074025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 598.083397] Call Trace: [ 598.086019] dump_stack+0x197/0x210 [ 598.089683] dump_header+0x15e/0xa55 [ 598.093428] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 598.098557] ? ___ratelimit+0x60/0x595 [ 598.102475] ? do_raw_spin_unlock+0x181/0x270 [ 598.107000] oom_kill_process.cold+0x10/0x6ef [ 598.111530] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 598.117088] ? task_will_free_mem+0x139/0x6e0 [ 598.121690] ? find_held_lock+0x35/0x130 [ 598.125782] out_of_memory+0x362/0x1330 [ 598.129784] ? lock_downgrade+0x880/0x880 [ 598.133957] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 598.139099] ? oom_killer_disable+0x280/0x280 [ 598.143625] ? find_held_lock+0x35/0x130 14:29:59 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 598.147751] mem_cgroup_out_of_memory+0x1d2/0x240 [ 598.152623] ? memcg_event_wake+0x230/0x230 [ 598.156984] ? do_raw_spin_unlock+0x181/0x270 [ 598.161609] ? _raw_spin_unlock+0x2d/0x50 [ 598.165798] try_charge+0xec5/0x1490 [ 598.169587] ? lock_downgrade+0x880/0x880 [ 598.173759] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 598.178619] ? rcu_read_unlock+0x33/0x60 [ 598.182821] ? get_mem_cgroup_from_mm+0x185/0x510 [ 598.188241] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 598.192764] 9pnet: Insufficient options for proto=fd 14:29:59 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) [ 598.194329] mem_cgroup_try_charge+0x259/0x6b0 [ 598.194351] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 598.194370] wp_page_copy+0x430/0x16a0 [ 598.213032] ? follow_pfn+0x2a0/0x2a0 [ 598.216854] ? do_raw_spin_unlock+0x181/0x270 [ 598.221384] do_wp_page+0x57d/0x10b0 [ 598.225132] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 598.229830] ? kasan_check_write+0x14/0x20 [ 598.234237] ? do_raw_spin_lock+0xd7/0x250 [ 598.238509] __handle_mm_fault+0x2305/0x3f80 [ 598.242960] ? copy_page_range+0x2030/0x2030 [ 598.247423] ? count_memcg_event_mm+0x2b1/0x4d0 [ 598.252377] handle_mm_fault+0x1b5/0x690 [ 598.256514] __get_user_pages+0x609/0x1860 [ 598.260804] ? follow_page_mask+0x1ac0/0x1ac0 [ 598.265327] ? retint_kernel+0x2d/0x2d [ 598.269250] ? populate_vma_page_range+0x189/0x2a0 [ 598.274215] populate_vma_page_range+0x20d/0x2a0 [ 598.279156] __mm_populate+0x204/0x380 [ 598.283070] ? populate_vma_page_range+0x2a0/0x2a0 [ 598.288152] __x64_sys_mlockall+0x35c/0x520 [ 598.292506] do_syscall_64+0xfd/0x620 [ 598.296340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 598.301552] RIP: 0033:0x45b349 [ 598.304779] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 598.323852] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 598.331585] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 598.338875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 598.346171] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 598.353640] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 598.360934] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 598.368793] Task in /syz1 killed as a result of limit of /syz1 [ 598.375222] memory: usage 307200kB, limit 307200kB, failcnt 2505 [ 598.381715] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 598.388725] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 598.395284] Memory cgroup stats for /syz1: cache:28KB rss:296552KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92912KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 598.422092] Memory cgroup out of memory: Kill process 27642 (syz-executor.1) score 1226 or sacrifice child [ 598.432853] Killed process 27694 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:00 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x400000000000000}, 0x0) 14:30:00 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) 14:30:00 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:00 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 599.057383] 9pnet: Insufficient options for proto=fd 14:30:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xa00000000000000}, 0x0) 14:30:00 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ptrace(0x4206, r0) 14:30:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe00000000000000}, 0x0) 14:30:00 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:00 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:01 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) [ 599.331531] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 599.347105] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 599.352878] CPU: 1 PID: 27912 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 599.360790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 599.370234] Call Trace: [ 599.372887] dump_stack+0x197/0x210 [ 599.376549] dump_header+0x15e/0xa55 [ 599.380295] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 599.385426] ? ___ratelimit+0x60/0x595 [ 599.389341] ? do_raw_spin_unlock+0x181/0x270 [ 599.393880] oom_kill_process.cold+0x10/0x6ef [ 599.398411] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 599.404001] ? task_will_free_mem+0x139/0x6e0 [ 599.408535] ? find_held_lock+0x35/0x130 [ 599.412723] out_of_memory+0x362/0x1330 [ 599.416861] ? lock_downgrade+0x880/0x880 [ 599.421031] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 599.426158] ? oom_killer_disable+0x280/0x280 [ 599.430679] ? find_held_lock+0x35/0x130 [ 599.434867] mem_cgroup_out_of_memory+0x1d2/0x240 [ 599.439741] ? memcg_event_wake+0x230/0x230 [ 599.444454] ? do_raw_spin_unlock+0x181/0x270 [ 599.448983] ? _raw_spin_unlock+0x2d/0x50 [ 599.453183] try_charge+0xec5/0x1490 [ 599.457036] ? lock_downgrade+0x880/0x880 [ 599.461219] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 599.466081] ? rcu_read_unlock+0x33/0x60 [ 599.470256] ? get_mem_cgroup_from_mm+0x185/0x510 [ 599.475135] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 599.481354] mem_cgroup_try_charge+0x259/0x6b0 [ 599.485970] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 599.490938] wp_page_copy+0x430/0x16a0 [ 599.494861] ? follow_pfn+0x2a0/0x2a0 [ 599.498824] ? do_raw_spin_unlock+0x181/0x270 [ 599.503464] do_wp_page+0x57d/0x10b0 [ 599.507208] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 599.512128] ? kasan_check_write+0x14/0x20 [ 599.516352] 9pnet: Insufficient options for proto=fd [ 599.516388] ? do_raw_spin_lock+0xd7/0x250 [ 599.525964] __handle_mm_fault+0x2305/0x3f80 [ 599.530418] ? copy_page_range+0x2030/0x2030 [ 599.534995] ? count_memcg_event_mm+0x2b1/0x4d0 [ 599.539694] handle_mm_fault+0x1b5/0x690 [ 599.543793] __get_user_pages+0x609/0x1860 [ 599.548082] ? follow_page_mask+0x1ac0/0x1ac0 [ 599.552611] ? retint_kernel+0x2d/0x2d [ 599.556545] populate_vma_page_range+0x20d/0x2a0 [ 599.561923] __mm_populate+0x204/0x380 [ 599.565854] ? populate_vma_page_range+0x2a0/0x2a0 [ 599.570823] __x64_sys_mlockall+0x35c/0x520 [ 599.575227] do_syscall_64+0xfd/0x620 [ 599.579072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 599.584290] RIP: 0033:0x45b349 [ 599.587500] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 599.606769] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 599.614505] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 599.621793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 599.629098] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 599.636830] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 599.644236] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 599.651691] Task in /syz1 killed as a result of limit of /syz1 [ 599.658199] memory: usage 307200kB, limit 307200kB, failcnt 2515 [ 599.664518] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 599.671620] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 599.677983] Memory cgroup stats for /syz1: cache:28KB rss:296704KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92968KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 599.703687] Memory cgroup out of memory: Kill process 27903 (syz-executor.1) score 1226 or sacrifice child [ 599.713749] Killed process 28084 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:01 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:01 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) tkill(r0, 0x9) 14:30:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf00000000000000}, 0x0) 14:30:01 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:01 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:01 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) [ 600.351650] 9pnet: Insufficient options for proto=fd 14:30:02 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:02 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) tkill(r0, 0x9) 14:30:02 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x3f00000000000000}, 0x0) [ 600.596981] 9pnet: Insufficient options for proto=fd 14:30:02 executing program 3: socket$inet(0x2, 0x6, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:30:02 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) tkill(r0, 0x9) 14:30:02 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) [ 600.695441] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 600.707282] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 600.713095] CPU: 0 PID: 28369 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 600.720993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 600.730360] Call Trace: [ 600.733109] dump_stack+0x197/0x210 [ 600.736775] dump_header+0x15e/0xa55 [ 600.740528] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 600.745665] ? ___ratelimit+0x60/0x595 [ 600.749576] ? do_raw_spin_unlock+0x181/0x270 [ 600.754104] oom_kill_process.cold+0x10/0x6ef [ 600.758635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.764192] ? task_will_free_mem+0x139/0x6e0 [ 600.768733] out_of_memory+0x362/0x1330 [ 600.772747] ? lock_downgrade+0x880/0x880 [ 600.776930] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 600.782064] ? oom_killer_disable+0x280/0x280 [ 600.786692] ? find_held_lock+0x35/0x130 [ 600.790796] mem_cgroup_out_of_memory+0x1d2/0x240 [ 600.796541] ? memcg_event_wake+0x230/0x230 [ 600.800898] ? do_raw_spin_unlock+0x181/0x270 [ 600.805424] ? _raw_spin_unlock+0x2d/0x50 [ 600.809607] try_charge+0xec5/0x1490 [ 600.813366] ? lock_downgrade+0x880/0x880 [ 600.817634] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 600.822597] ? rcu_read_unlock+0x33/0x60 [ 600.826691] ? get_mem_cgroup_from_mm+0x185/0x510 [ 600.831554] ? trace_hardirqs_on_caller+0x6a/0x220 [ 600.836523] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 600.842617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 600.847408] mem_cgroup_try_charge+0x259/0x6b0 [ 600.852140] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 600.857282] wp_page_copy+0x430/0x16a0 [ 600.861219] ? follow_pfn+0x2a0/0x2a0 [ 600.865328] ? do_raw_spin_unlock+0x181/0x270 [ 600.869977] do_wp_page+0x57d/0x10b0 [ 600.873724] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 600.878420] ? kasan_check_write+0x14/0x20 [ 600.882690] ? do_raw_spin_lock+0xd7/0x250 [ 600.886990] __handle_mm_fault+0x2305/0x3f80 [ 600.891427] ? copy_page_range+0x2030/0x2030 [ 600.896016] ? count_memcg_event_mm+0x2b1/0x4d0 [ 600.900795] handle_mm_fault+0x1b5/0x690 [ 600.904891] __get_user_pages+0x609/0x1860 [ 600.909293] ? follow_page_mask+0x1ac0/0x1ac0 [ 600.913948] ? lock_acquire+0x16f/0x3f0 [ 600.918162] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 600.923730] populate_vma_page_range+0x20d/0x2a0 [ 600.928516] __mm_populate+0x204/0x380 [ 600.932431] ? populate_vma_page_range+0x2a0/0x2a0 [ 600.937390] __x64_sys_mlockall+0x35c/0x520 [ 600.941743] do_syscall_64+0xfd/0x620 [ 600.945580] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 600.950803] RIP: 0033:0x45b349 [ 600.954024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 600.973072] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 600.980807] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 600.988099] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 600.995392] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 600.996732] 9pnet: Insufficient options for proto=fd [ 601.002674] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 601.002683] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 601.003960] Task in /syz1 killed as a result of limit of /syz1 [ 601.029623] memory: usage 307200kB, limit 307200kB, failcnt 2542 [ 601.036029] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 601.043416] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 601.050001] Memory cgroup stats for /syz1: cache:28KB rss:296648KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92968KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 601.072781] Memory cgroup out of memory: Kill process 28367 (syz-executor.1) score 1226 or sacrifice child [ 601.082805] Killed process 28523 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:03 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:03 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x6000000000000000}, 0x0) 14:30:03 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) 14:30:03 executing program 3: socket$inet(0x2, 0x6, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:30:03 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:03 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:03 executing program 3: socket$inet(0x2, 0x6, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) [ 601.768467] 9pnet: Insufficient options for proto=fd 14:30:03 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x9effffff00000000}, 0x0) [ 601.891508] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 601.902903] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 601.909101] CPU: 0 PID: 28613 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 601.917176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 601.926587] Call Trace: [ 601.929212] dump_stack+0x197/0x210 [ 601.932987] dump_header+0x15e/0xa55 [ 601.936731] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 14:30:03 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 601.941875] ? ___ratelimit+0x60/0x595 [ 601.945768] ? do_raw_spin_unlock+0x181/0x270 [ 601.950313] oom_kill_process.cold+0x10/0x6ef [ 601.954849] ? task_will_free_mem+0x139/0x6e0 [ 601.959373] ? find_held_lock+0x35/0x130 [ 601.963478] out_of_memory+0x362/0x1330 [ 601.967509] ? lock_downgrade+0x880/0x880 [ 601.971731] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 601.976860] ? oom_killer_disable+0x280/0x280 [ 601.981529] ? find_held_lock+0x35/0x130 [ 601.985629] mem_cgroup_out_of_memory+0x1d2/0x240 14:30:03 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) [ 601.990499] ? memcg_event_wake+0x230/0x230 [ 601.994984] ? do_raw_spin_unlock+0x181/0x270 [ 601.999505] ? _raw_spin_unlock+0x2d/0x50 [ 602.003747] try_charge+0xec5/0x1490 [ 602.007493] ? lock_downgrade+0x880/0x880 [ 602.011682] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 602.016555] ? rcu_read_unlock+0x33/0x60 [ 602.020655] ? get_mem_cgroup_from_mm+0x185/0x510 [ 602.025697] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 602.031793] mem_cgroup_try_charge+0x259/0x6b0 [ 602.036409] mem_cgroup_try_charge_delay+0x1f/0xa0 14:30:03 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(r0, 0x9) [ 602.041501] wp_page_copy+0x430/0x16a0 [ 602.045433] ? follow_pfn+0x2a0/0x2a0 [ 602.049270] ? do_raw_spin_unlock+0x181/0x270 [ 602.053796] do_wp_page+0x57d/0x10b0 [ 602.057649] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 602.062351] ? kasan_check_write+0x14/0x20 [ 602.066610] ? do_raw_spin_lock+0xd7/0x250 [ 602.070911] __handle_mm_fault+0x2305/0x3f80 [ 602.075368] ? copy_page_range+0x2030/0x2030 [ 602.079835] ? count_memcg_event_mm+0x2b1/0x4d0 [ 602.084529] handle_mm_fault+0x1b5/0x690 [ 602.088659] __get_user_pages+0x609/0x1860 [ 602.092928] ? follow_page_mask+0x1ac0/0x1ac0 [ 602.097458] ? lock_acquire+0x16f/0x3f0 [ 602.101457] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 602.107026] populate_vma_page_range+0x20d/0x2a0 [ 602.111810] __mm_populate+0x204/0x380 [ 602.115720] ? populate_vma_page_range+0x2a0/0x2a0 [ 602.120840] __x64_sys_mlockall+0x35c/0x520 [ 602.125187] do_syscall_64+0xfd/0x620 [ 602.129014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 602.134220] RIP: 0033:0x45b349 14:30:03 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) [ 602.137450] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 602.156821] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 602.164563] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 602.171851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 602.179137] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 602.186431] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 602.193722] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 602.202470] Task in /syz1 killed as a result of limit of /syz1 [ 602.208918] memory: usage 307200kB, limit 307200kB, failcnt 2557 [ 602.215565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.222684] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 602.229251] Memory cgroup stats for /syz1: cache:28KB rss:296684KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92964KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 602.243449] 9pnet: Insufficient options for proto=fd [ 602.252138] Memory cgroup out of memory: Kill process 28612 (syz-executor.1) score 1226 or sacrifice child [ 602.267650] Killed process 28629 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xc00e000000000000}, 0x0) 14:30:04 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:30:04 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:30:04 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:04 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(r0, 0x9) [ 602.938765] 9pnet: Insufficient options for proto=fd 14:30:04 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:30:04 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:30:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xe200000000000000}, 0x0) [ 603.091784] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 603.103689] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 603.109252] CPU: 0 PID: 28868 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 603.117154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 603.126519] Call Trace: [ 603.129125] dump_stack+0x197/0x210 [ 603.132783] dump_header+0x15e/0xa55 [ 603.136626] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 14:30:04 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',access=', @ANYRESDEC]) [ 603.141756] ? ___ratelimit+0x60/0x595 [ 603.145666] ? do_raw_spin_unlock+0x181/0x270 [ 603.150338] oom_kill_process.cold+0x10/0x6ef [ 603.154962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 603.160526] ? task_will_free_mem+0x139/0x6e0 [ 603.165268] out_of_memory+0x362/0x1330 [ 603.169272] ? oom_killer_disable+0x280/0x280 [ 603.173799] mem_cgroup_out_of_memory+0x1d2/0x240 [ 603.178661] ? memcg_event_wake+0x230/0x230 [ 603.183034] ? do_raw_spin_unlock+0x181/0x270 [ 603.187547] ? _raw_spin_unlock+0x2d/0x50 [ 603.191728] try_charge+0xec5/0x1490 [ 603.195486] ? lock_downgrade+0x880/0x880 [ 603.199684] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 603.204564] ? rcu_read_unlock+0x33/0x60 [ 603.208765] ? get_mem_cgroup_from_mm+0x185/0x510 [ 603.213646] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 603.219755] mem_cgroup_try_charge+0x259/0x6b0 [ 603.224369] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 603.229321] wp_page_copy+0x430/0x16a0 [ 603.233250] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 603.238043] ? follow_pfn+0x2a0/0x2a0 14:30:04 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, 0x0) tkill(r0, 0x9) [ 603.241875] ? do_raw_spin_unlock+0x181/0x270 [ 603.246627] do_wp_page+0x57d/0x10b0 [ 603.250371] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 603.255079] ? kasan_check_write+0x14/0x20 [ 603.259343] ? do_raw_spin_lock+0xd7/0x250 [ 603.263610] __handle_mm_fault+0x2305/0x3f80 [ 603.268220] ? copy_page_range+0x2030/0x2030 [ 603.272933] ? count_memcg_event_mm+0x2b1/0x4d0 [ 603.277635] handle_mm_fault+0x1b5/0x690 [ 603.281726] __get_user_pages+0x609/0x1860 [ 603.286014] ? follow_page_mask+0x1ac0/0x1ac0 [ 603.290553] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 603.295348] ? retint_kernel+0x2d/0x2d [ 603.299274] populate_vma_page_range+0x20d/0x2a0 [ 603.304181] __mm_populate+0x204/0x380 [ 603.308313] ? populate_vma_page_range+0x2a0/0x2a0 [ 603.313276] __x64_sys_mlockall+0x35c/0x520 [ 603.317622] do_syscall_64+0xfd/0x620 [ 603.321437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 603.326646] RIP: 0033:0x45b349 14:30:04 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 603.329995] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 603.349525] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 603.357260] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 603.364592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 603.371967] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 603.379251] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 603.386694] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 603.395378] Task in /syz1 killed as a result of limit of /syz1 [ 603.401686] memory: usage 307200kB, limit 307200kB, failcnt 2579 [ 603.408392] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 603.415366] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 603.421867] Memory cgroup stats for /syz1: cache:28KB rss:296684KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92996KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 603.444670] Memory cgroup out of memory: Kill process 28866 (syz-executor.1) score 1226 or sacrifice child [ 603.446637] 9pnet: Insufficient options for proto=fd [ 603.454957] Killed process 28885 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:05 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:05 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(0x0, 0x9) 14:30:05 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0) 14:30:05 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:05 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:05 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(0x0, 0x9) 14:30:05 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:05 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:05 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:05 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xffffff7f00000000}, 0x0) [ 604.349090] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 604.360716] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 604.366390] CPU: 0 PID: 29133 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 604.374301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 604.383940] Call Trace: [ 604.386559] dump_stack+0x197/0x210 [ 604.390235] dump_header+0x15e/0xa55 [ 604.393989] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 604.399228] ? ___ratelimit+0x60/0x595 [ 604.403148] oom_kill_process.cold+0x10/0x6ef [ 604.407680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 604.413253] ? task_will_free_mem+0x139/0x6e0 [ 604.417883] ? find_held_lock+0x35/0x130 [ 604.422126] out_of_memory+0x362/0x1330 [ 604.426167] ? lock_downgrade+0x880/0x880 [ 604.430344] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 604.435482] ? oom_killer_disable+0x280/0x280 [ 604.440185] ? find_held_lock+0x35/0x130 [ 604.444380] mem_cgroup_out_of_memory+0x1d2/0x240 14:30:06 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(0x0, 0x9) [ 604.449277] ? memcg_event_wake+0x230/0x230 [ 604.453639] ? do_raw_spin_unlock+0x181/0x270 [ 604.458348] ? _raw_spin_unlock+0x2d/0x50 [ 604.462535] try_charge+0xec5/0x1490 [ 604.466277] ? lock_downgrade+0x880/0x880 [ 604.470545] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 604.476474] ? rcu_read_unlock+0x33/0x60 [ 604.480568] ? get_mem_cgroup_from_mm+0x185/0x510 [ 604.485450] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 604.491564] mem_cgroup_try_charge+0x259/0x6b0 [ 604.496290] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 604.501254] wp_page_copy+0x430/0x16a0 [ 604.505180] ? follow_pfn+0x2a0/0x2a0 [ 604.509000] ? do_raw_spin_unlock+0x181/0x270 [ 604.511168] ptrace attach of "/root/syz-executor.5"[29252] was attempted by "/root/syz-executor.5"[29253] [ 604.513626] do_wp_page+0x57d/0x10b0 [ 604.513647] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 604.513662] ? kasan_check_write+0x14/0x20 [ 604.513689] ? do_raw_spin_lock+0xd7/0x250 [ 604.541389] __handle_mm_fault+0x2305/0x3f80 [ 604.546093] ? copy_page_range+0x2030/0x2030 [ 604.550568] ? count_memcg_event_mm+0x2b1/0x4d0 [ 604.555277] handle_mm_fault+0x1b5/0x690 [ 604.559379] __get_user_pages+0x609/0x1860 [ 604.563684] ? follow_page_mask+0x1ac0/0x1ac0 [ 604.568209] ? retint_kernel+0x2d/0x2d [ 604.572132] ? populate_vma_page_range+0x59/0x2a0 [ 604.577018] populate_vma_page_range+0x20d/0x2a0 [ 604.581807] __mm_populate+0x204/0x380 [ 604.585720] ? populate_vma_page_range+0x2a0/0x2a0 [ 604.590694] __x64_sys_mlockall+0x35c/0x520 [ 604.595054] do_syscall_64+0xfd/0x620 14:30:06 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 604.598889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 604.604136] RIP: 0033:0x45b349 [ 604.607376] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 604.626118] cgroup: fork rejected by pids controller in /syz5 [ 604.626386] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 604.626401] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 604.626409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 604.626417] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 604.626426] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 604.626433] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 604.627621] Task in /syz1 killed as a result of limit of /syz1 [ 604.688102] memory: usage 307184kB, limit 307200kB, failcnt 2618 [ 604.694355] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 604.701264] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 604.707632] Memory cgroup stats for /syz1: cache:28KB rss:296684KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92972KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 604.730366] Memory cgroup out of memory: Kill process 29121 (syz-executor.1) score 1226 or sacrifice child [ 604.740751] Killed process 29196 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 14:30:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:06 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:06 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xffffffff00000000}, 0x0) 14:30:06 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:06 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:06 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(0x0, 0x9) 14:30:07 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:07 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:07 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:07 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:07 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0xfffffffffffff000}, 0x0) 14:30:07 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 605.688234] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 605.704785] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 605.710717] CPU: 1 PID: 29428 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 605.718615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 605.727979] Call Trace: [ 605.730586] dump_stack+0x197/0x210 [ 605.734248] dump_header+0x15e/0xa55 [ 605.738119] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 605.743342] ? ___ratelimit+0x60/0x595 [ 605.747255] ? do_raw_spin_unlock+0x181/0x270 [ 605.751775] oom_kill_process.cold+0x10/0x6ef [ 605.756297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 605.761860] ? task_will_free_mem+0x139/0x6e0 [ 605.766379] ? find_held_lock+0x35/0x130 [ 605.770703] out_of_memory+0x362/0x1330 [ 605.774711] ? lock_downgrade+0x880/0x880 [ 605.778889] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 605.784023] ? oom_killer_disable+0x280/0x280 [ 605.788712] ? find_held_lock+0x35/0x130 [ 605.792815] mem_cgroup_out_of_memory+0x1d2/0x240 [ 605.797689] ? memcg_event_wake+0x230/0x230 [ 605.802061] ? do_raw_spin_unlock+0x181/0x270 [ 605.806587] ? _raw_spin_unlock+0x2d/0x50 [ 605.811194] try_charge+0xec5/0x1490 [ 605.815018] ? lock_downgrade+0x880/0x880 [ 605.819191] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 605.824063] ? rcu_read_unlock+0x33/0x60 [ 605.828162] ? get_mem_cgroup_from_mm+0x185/0x510 [ 605.833027] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 605.839105] ? mark_held_locks+0xb1/0x100 [ 605.843301] mem_cgroup_try_charge+0x259/0x6b0 [ 605.847919] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 605.852962] wp_page_copy+0x430/0x16a0 [ 605.856881] ? follow_pfn+0x2a0/0x2a0 [ 605.861408] ? do_raw_spin_unlock+0x181/0x270 [ 605.865910] do_wp_page+0x57d/0x10b0 [ 605.869733] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 605.874431] ? kasan_check_write+0x14/0x20 [ 605.878683] ? do_raw_spin_lock+0xd7/0x250 [ 605.882948] __handle_mm_fault+0x2305/0x3f80 [ 605.887383] ? copy_page_range+0x2030/0x2030 [ 605.891826] ? count_memcg_event_mm+0x2b1/0x4d0 [ 605.896526] handle_mm_fault+0x1b5/0x690 [ 605.900617] __get_user_pages+0x609/0x1860 [ 605.904880] ? follow_page_mask+0x1ac0/0x1ac0 [ 605.909394] ? retint_kernel+0x2d/0x2d [ 605.913312] populate_vma_page_range+0x20d/0x2a0 [ 605.918098] __mm_populate+0x204/0x380 [ 605.922011] ? populate_vma_page_range+0x2a0/0x2a0 [ 605.926965] ? up_write+0x50/0x150 [ 605.930528] __x64_sys_mlockall+0x35c/0x520 [ 605.934901] do_syscall_64+0xfd/0x620 [ 605.938724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 605.943931] RIP: 0033:0x45b349 [ 605.947143] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 605.966067] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 605.973798] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 605.981082] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 605.988461] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 605.995747] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 606.003041] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 606.011475] Task in /syz1 killed as a result of limit of /syz1 [ 606.017972] memory: usage 307200kB, limit 307200kB, failcnt 2649 [ 606.024213] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 606.031319] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 606.037764] Memory cgroup stats for /syz1: cache:28KB rss:296644KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:92988KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182044KB [ 606.060524] Memory cgroup out of memory: Kill process 29412 (syz-executor.1) score 1226 or sacrifice child [ 606.070914] Killed process 29517 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB 14:30:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:08 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x0) 14:30:08 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:08 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB, @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:08 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 14:30:08 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:08 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, 0x0, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:08 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x2}, 0x0) [ 606.799612] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 606.811218] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 606.816719] CPU: 1 PID: 29767 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 606.824873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 606.834279] Call Trace: [ 606.836911] dump_stack+0x197/0x210 [ 606.840574] dump_header+0x15e/0xa55 [ 606.844317] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 606.849466] ? ___ratelimit+0x60/0x595 [ 606.853360] ? do_raw_spin_unlock+0x181/0x270 [ 606.857947] oom_kill_process.cold+0x10/0x6ef [ 606.862473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 606.868023] ? task_will_free_mem+0x139/0x6e0 [ 606.872525] ? find_held_lock+0x35/0x130 [ 606.876671] out_of_memory+0x362/0x1330 [ 606.880640] ? lock_downgrade+0x880/0x880 [ 606.884777] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 606.889876] ? oom_killer_disable+0x280/0x280 [ 606.894361] ? find_held_lock+0x35/0x130 [ 606.898420] mem_cgroup_out_of_memory+0x1d2/0x240 [ 606.903258] ? memcg_event_wake+0x230/0x230 [ 606.907582] ? do_raw_spin_unlock+0x181/0x270 [ 606.912081] ? _raw_spin_unlock+0x2d/0x50 [ 606.916329] try_charge+0xec5/0x1490 [ 606.920034] ? lock_downgrade+0x880/0x880 [ 606.924177] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 606.929019] ? rcu_read_unlock+0x33/0x60 [ 606.933079] ? get_mem_cgroup_from_mm+0x185/0x510 [ 606.938182] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 606.944241] mem_cgroup_try_charge+0x259/0x6b0 [ 606.948854] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 606.953820] wp_page_copy+0x430/0x16a0 [ 606.957713] ? follow_pfn+0x2a0/0x2a0 [ 606.961734] ? do_raw_spin_unlock+0x181/0x270 [ 606.966245] do_wp_page+0x57d/0x10b0 [ 606.969985] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 606.974666] ? kasan_check_write+0x14/0x20 [ 606.978906] ? do_raw_spin_lock+0xd7/0x250 [ 606.983141] __handle_mm_fault+0x2305/0x3f80 [ 606.987560] ? copy_page_range+0x2030/0x2030 [ 606.992113] ? count_memcg_event_mm+0x2b1/0x4d0 [ 606.996885] handle_mm_fault+0x1b5/0x690 [ 607.001098] __get_user_pages+0x609/0x1860 [ 607.005353] ? follow_page_mask+0x1ac0/0x1ac0 [ 607.009871] ? lock_acquire+0x16f/0x3f0 [ 607.013847] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.019410] populate_vma_page_range+0x20d/0x2a0 [ 607.024307] __mm_populate+0x204/0x380 [ 607.028205] ? populate_vma_page_range+0x2a0/0x2a0 [ 607.033149] __x64_sys_mlockall+0x35c/0x520 [ 607.037495] do_syscall_64+0xfd/0x620 [ 607.041312] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.046522] RIP: 0033:0x45b349 [ 607.049727] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 607.068632] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 607.076352] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 607.083626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 607.091018] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 607.098303] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 607.105584] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 607.113124] Task in /syz1 killed as a result of limit of /syz1 [ 607.120007] memory: usage 307200kB, limit 307200kB, failcnt 2688 [ 607.126291] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 607.133057] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:30:08 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 607.139611] Memory cgroup stats for /syz1: cache:28KB rss:296684KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:93020KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182040KB [ 607.161818] Memory cgroup out of memory: Kill process 29762 (syz-executor.1) score 1226 or sacrifice child [ 607.171931] Killed process 29833 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:08 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x0) 14:30:08 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:08 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x0, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 607.389082] 9pnet: Could not find request transport: fd0x0000000000000003 14:30:09 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x3}, 0x0) 14:30:09 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x0, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:09 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:09 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:09 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace(0x4206, r0) tkill(r0, 0x0) 14:30:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x0) [ 607.709589] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 607.721081] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 607.726581] CPU: 1 PID: 30186 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 607.734479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.743855] Call Trace: [ 607.746472] dump_stack+0x197/0x210 [ 607.752560] dump_header+0x15e/0xa55 [ 607.756309] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 607.761445] ? ___ratelimit+0x60/0x595 [ 607.765465] ? do_raw_spin_unlock+0x181/0x270 [ 607.769994] oom_kill_process.cold+0x10/0x6ef [ 607.774523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.780102] ? task_will_free_mem+0x139/0x6e0 [ 607.784626] ? find_held_lock+0x35/0x130 [ 607.788879] out_of_memory+0x362/0x1330 [ 607.792892] ? lock_downgrade+0x880/0x880 [ 607.794276] 9pnet: Could not find request transport: fd0x0000000000000003 [ 607.797059] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 14:30:09 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x0, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 607.797075] ? oom_killer_disable+0x280/0x280 [ 607.797090] ? find_held_lock+0x35/0x130 [ 607.797115] mem_cgroup_out_of_memory+0x1d2/0x240 [ 607.823416] ? memcg_event_wake+0x230/0x230 [ 607.827766] ? do_raw_spin_unlock+0x181/0x270 [ 607.832286] ? _raw_spin_unlock+0x2d/0x50 [ 607.836457] try_charge+0xec5/0x1490 [ 607.840197] ? lock_downgrade+0x880/0x880 [ 607.844361] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 607.849413] ? rcu_read_unlock+0x33/0x60 [ 607.853506] ? get_mem_cgroup_from_mm+0x185/0x510 [ 607.858382] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 607.864688] mem_cgroup_try_charge+0x259/0x6b0 [ 607.869303] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 607.874260] wp_page_copy+0x430/0x16a0 [ 607.878179] ? follow_pfn+0x2a0/0x2a0 [ 607.882004] ? do_raw_spin_unlock+0x181/0x270 [ 607.886523] do_wp_page+0x57d/0x10b0 [ 607.890257] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 607.894952] ? kasan_check_write+0x14/0x20 [ 607.899212] ? do_raw_spin_lock+0xd7/0x250 [ 607.903476] __handle_mm_fault+0x2305/0x3f80 14:30:09 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 607.907913] ? copy_page_range+0x2030/0x2030 [ 607.912360] ? count_memcg_event_mm+0x2b1/0x4d0 [ 607.917052] handle_mm_fault+0x1b5/0x690 [ 607.921136] __get_user_pages+0x609/0x1860 [ 607.925406] ? follow_page_mask+0x1ac0/0x1ac0 [ 607.929932] ? lock_acquire+0x16f/0x3f0 [ 607.935398] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 607.940960] populate_vma_page_range+0x20d/0x2a0 [ 607.945786] __mm_populate+0x204/0x380 [ 607.949784] ? populate_vma_page_range+0x2a0/0x2a0 [ 607.954875] __x64_sys_mlockall+0x35c/0x520 [ 607.959228] do_syscall_64+0xfd/0x620 [ 607.963186] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.968405] RIP: 0033:0x45b349 [ 607.971619] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 607.990640] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 607.998368] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 14:30:09 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xa}, 0x0) [ 608.005661] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 608.013063] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 608.020439] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 608.027732] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 608.035835] Task in /syz1 killed as a result of limit of /syz1 [ 608.041993] memory: usage 307200kB, limit 307200kB, failcnt 2728 [ 608.048292] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.055063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.061472] Memory cgroup stats for /syz1: cache:28KB rss:296688KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:90972KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:184088KB [ 608.083673] Memory cgroup out of memory: Kill process 30138 (syz-executor.1) score 1226 or sacrifice child [ 608.093635] Killed process 30212 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:09 executing program 4: keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:30:09 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) [ 608.237209] 9pnet: Could not find request transport: fd0x0000000000000003 [ 608.286710] encrypted_key: key description must be 16 hexadecimal characters long 14:30:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:10 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:10 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe}, 0x0) 14:30:10 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:10 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) [ 608.505908] 9pnet: Insufficient options for proto=fd 14:30:10 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf}, 0x0) 14:30:10 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:10 executing program 4: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 608.639283] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 608.650760] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 608.656850] CPU: 0 PID: 30553 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 608.664819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.674197] Call Trace: [ 608.677683] dump_stack+0x197/0x210 [ 608.681341] dump_header+0x15e/0xa55 [ 608.685082] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 608.690213] ? ___ratelimit+0x60/0x595 [ 608.694126] ? do_raw_spin_unlock+0x181/0x270 [ 608.698751] oom_kill_process.cold+0x10/0x6ef [ 608.703424] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.708986] ? task_will_free_mem+0x139/0x6e0 [ 608.713502] ? find_held_lock+0x35/0x130 [ 608.717592] out_of_memory+0x362/0x1330 [ 608.721701] ? lock_downgrade+0x880/0x880 [ 608.725878] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 608.731115] ? oom_killer_disable+0x280/0x280 [ 608.735664] ? find_held_lock+0x35/0x130 14:30:10 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:10 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) [ 608.739884] mem_cgroup_out_of_memory+0x1d2/0x240 [ 608.741347] encrypted_key: key description must be 16 hexadecimal characters long [ 608.744757] ? memcg_event_wake+0x230/0x230 [ 608.744779] ? do_raw_spin_unlock+0x181/0x270 [ 608.744798] ? _raw_spin_unlock+0x2d/0x50 [ 608.744813] try_charge+0xec5/0x1490 [ 608.744834] ? lock_downgrade+0x880/0x880 [ 608.773389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 608.778255] ? rcu_read_unlock+0x33/0x60 [ 608.782345] ? get_mem_cgroup_from_mm+0x185/0x510 [ 608.787219] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 608.793307] mem_cgroup_try_charge+0x259/0x6b0 [ 608.797928] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 608.802882] wp_page_copy+0x430/0x16a0 [ 608.806804] ? follow_pfn+0x2a0/0x2a0 [ 608.810628] ? do_raw_spin_unlock+0x181/0x270 [ 608.815176] do_wp_page+0x57d/0x10b0 [ 608.818910] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 608.823588] ? kasan_check_write+0x14/0x20 [ 608.827854] ? do_raw_spin_lock+0xd7/0x250 [ 608.832103] __handle_mm_fault+0x2305/0x3f80 [ 608.836520] ? copy_page_range+0x2030/0x2030 [ 608.840960] ? count_memcg_event_mm+0x2b1/0x4d0 [ 608.845651] handle_mm_fault+0x1b5/0x690 [ 608.849725] __get_user_pages+0x609/0x1860 [ 608.853989] ? follow_page_mask+0x1ac0/0x1ac0 [ 608.858512] ? lock_acquire+0x16f/0x3f0 [ 608.862499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 608.868062] populate_vma_page_range+0x20d/0x2a0 [ 608.872848] __mm_populate+0x204/0x380 [ 608.876752] ? populate_vma_page_range+0x2a0/0x2a0 [ 608.881828] __x64_sys_mlockall+0x35c/0x520 [ 608.886168] do_syscall_64+0xfd/0x620 [ 608.889980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.895193] RIP: 0033:0x45b349 [ 608.898405] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 608.917321] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 608.925046] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 608.932444] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 608.939729] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 608.947181] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 608.954456] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 608.962935] Task in /syz1 killed as a result of limit of /syz1 [ 608.969025] memory: usage 307200kB, limit 307200kB, failcnt 2768 [ 608.975188] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.982063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.988492] Memory cgroup stats for /syz1: cache:28KB rss:296668KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:93020KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182040KB [ 609.010541] Memory cgroup out of memory: Kill process 30549 (syz-executor.1) score 1226 or sacrifice child [ 609.020702] Killed process 30564 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:10 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x60}, 0x0) 14:30:10 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfd', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:10 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:10 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:10 executing program 4: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) [ 609.289987] 9pnet: Insufficient options for proto=fd 14:30:10 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe2}, 0x0) 14:30:11 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 609.561070] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 609.572364] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 609.577966] CPU: 0 PID: 30909 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 609.585864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.595231] Call Trace: [ 609.597844] dump_stack+0x197/0x210 [ 609.601500] dump_header+0x15e/0xa55 [ 609.605240] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 609.606898] encrypted_key: key description must be 16 hexadecimal characters long [ 609.610875] ? ___ratelimit+0x60/0x595 [ 609.610892] ? do_raw_spin_unlock+0x181/0x270 [ 609.610912] oom_kill_process.cold+0x10/0x6ef [ 609.610933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.637210] ? task_will_free_mem+0x139/0x6e0 [ 609.642253] ? find_held_lock+0x35/0x130 [ 609.647305] out_of_memory+0x362/0x1330 [ 609.651315] ? lock_downgrade+0x880/0x880 [ 609.655610] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 609.660741] ? oom_killer_disable+0x280/0x280 [ 609.665265] ? find_held_lock+0x35/0x130 [ 609.669383] mem_cgroup_out_of_memory+0x1d2/0x240 [ 609.674255] ? memcg_event_wake+0x230/0x230 [ 609.678606] ? do_raw_spin_unlock+0x181/0x270 [ 609.683125] ? _raw_spin_unlock+0x2d/0x50 [ 609.687411] try_charge+0xec5/0x1490 [ 609.691148] ? lock_downgrade+0x880/0x880 [ 609.695364] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 609.700232] ? rcu_read_unlock+0x33/0x60 [ 609.704337] ? get_mem_cgroup_from_mm+0x185/0x510 14:30:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf0}, 0x0) [ 609.709329] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 609.715508] mem_cgroup_try_charge+0x259/0x6b0 [ 609.720206] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 609.721777] 9pnet: Insufficient options for proto=fd [ 609.725210] wp_page_copy+0x430/0x16a0 [ 609.725235] ? follow_pfn+0x2a0/0x2a0 [ 609.725256] ? do_raw_spin_unlock+0x181/0x270 [ 609.725275] do_wp_page+0x57d/0x10b0 [ 609.725296] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 609.751218] ? kasan_check_write+0x14/0x20 [ 609.755480] ? do_raw_spin_lock+0xd7/0x250 [ 609.759750] __handle_mm_fault+0x2305/0x3f80 [ 609.764290] ? copy_page_range+0x2030/0x2030 [ 609.768755] ? count_memcg_event_mm+0x2b1/0x4d0 [ 609.773442] handle_mm_fault+0x1b5/0x690 [ 609.777524] __get_user_pages+0x609/0x1860 [ 609.781785] ? follow_page_mask+0x1ac0/0x1ac0 [ 609.786309] ? lock_acquire+0x16f/0x3f0 [ 609.790308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 609.795870] populate_vma_page_range+0x20d/0x2a0 [ 609.800650] __mm_populate+0x204/0x380 [ 609.804577] ? populate_vma_page_range+0x2a0/0x2a0 [ 609.809653] __x64_sys_mlockall+0x35c/0x520 [ 609.814004] do_syscall_64+0xfd/0x620 [ 609.817946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.823271] RIP: 0033:0x45b349 [ 609.827001] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.846027] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 609.853760] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 14:30:11 executing program 5: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 609.861075] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 609.868485] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 609.875777] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 609.883504] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 609.891154] Task in /syz1 killed as a result of limit of /syz1 [ 609.897375] memory: usage 307200kB, limit 307200kB, failcnt 2805 [ 609.903648] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 14:30:11 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 609.910518] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 609.916865] Memory cgroup stats for /syz1: cache:28KB rss:296812KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:90972KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:184088KB [ 609.939031] Memory cgroup out of memory: Kill process 30868 (syz-executor.1) score 1226 or sacrifice child [ 609.948942] Killed process 30989 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:11 executing program 4: clone(0x2102201ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_load={'load ', 'ecryptfs', 0x20, 'user:', 'user:', 0x20, 0x40}, 0x2f, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) 14:30:11 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x300}, 0x0) [ 610.171904] 9pnet: Insufficient options for proto=fd 14:30:11 executing program 0: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:11 executing program 5: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 610.220963] encrypted_key: key description must be 16 hexadecimal characters long 14:30:11 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @local, @dev}, 0xc) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = syz_open_procfs(0x0, 0x0) io_cancel(0x0, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x9, 0x1, r1, 0x0, 0x0, 0x5, 0x0, 0x0, r2}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) preadv(r3, &(0x7f0000000480), 0x1000000000000143, 0x0) [ 610.438373] 9pnet: Insufficient options for proto=fd 14:30:12 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) prctl$PR_SET_FPEXC(0xc, 0x10000) [ 610.622414] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 610.633798] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 610.639349] CPU: 0 PID: 31333 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 610.647256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.656741] Call Trace: [ 610.659454] dump_stack+0x197/0x210 [ 610.663114] dump_header+0x15e/0xa55 [ 610.666860] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 610.671999] ? ___ratelimit+0x60/0x595 [ 610.675942] ? do_raw_spin_unlock+0x181/0x270 [ 610.680536] oom_kill_process.cold+0x10/0x6ef [ 610.685053] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.690632] ? task_will_free_mem+0x139/0x6e0 [ 610.695244] ? find_held_lock+0x35/0x130 [ 610.699336] out_of_memory+0x362/0x1330 [ 610.703337] ? lock_downgrade+0x880/0x880 [ 610.707508] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 610.712631] ? oom_killer_disable+0x280/0x280 [ 610.717144] ? find_held_lock+0x35/0x130 [ 610.721244] mem_cgroup_out_of_memory+0x1d2/0x240 [ 610.726114] ? memcg_event_wake+0x230/0x230 [ 610.730459] ? do_raw_spin_unlock+0x181/0x270 [ 610.734978] ? _raw_spin_unlock+0x2d/0x50 [ 610.739151] try_charge+0xec5/0x1490 [ 610.743870] ? lock_downgrade+0x880/0x880 [ 610.748164] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 610.753093] ? rcu_read_unlock+0x33/0x60 [ 610.757193] ? get_mem_cgroup_from_mm+0x185/0x510 [ 610.762068] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 610.768164] mem_cgroup_try_charge+0x259/0x6b0 [ 610.772757] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 610.777853] wp_page_copy+0x430/0x16a0 [ 610.781772] ? follow_pfn+0x2a0/0x2a0 [ 610.785589] ? do_raw_spin_unlock+0x181/0x270 [ 610.790108] do_wp_page+0x57d/0x10b0 [ 610.793838] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 610.798618] ? kasan_check_write+0x14/0x20 [ 610.803372] ? do_raw_spin_lock+0xd7/0x250 [ 610.807806] __handle_mm_fault+0x2305/0x3f80 [ 610.812223] ? copy_page_range+0x2030/0x2030 [ 610.816743] ? count_memcg_event_mm+0x2b1/0x4d0 [ 610.821426] handle_mm_fault+0x1b5/0x690 [ 610.825508] __get_user_pages+0x609/0x1860 [ 610.829797] ? follow_page_mask+0x1ac0/0x1ac0 [ 610.834702] ? lock_acquire+0x16f/0x3f0 [ 610.838680] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 610.844399] populate_vma_page_range+0x20d/0x2a0 [ 610.849184] __mm_populate+0x204/0x380 [ 610.853092] ? populate_vma_page_range+0x2a0/0x2a0 [ 610.858043] __x64_sys_mlockall+0x35c/0x520 [ 610.862393] do_syscall_64+0xfd/0x620 [ 610.866231] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.871435] RIP: 0033:0x45b349 [ 610.874627] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 610.893539] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 610.901299] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 610.908636] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 610.915934] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 610.923237] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 610.930779] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 610.938696] Task in /syz1 killed as a result of limit of /syz1 [ 610.944734] memory: usage 307148kB, limit 307200kB, failcnt 2849 [ 610.951131] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.958175] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.964439] Memory cgroup stats for /syz1: cache:28KB rss:296812KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:93020KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:182040KB [ 610.987278] Memory cgroup out of memory: Kill process 31331 (syz-executor.1) score 1226 or sacrifice child [ 610.997210] Killed process 31355 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:12 executing program 5: wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:12 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xa00}, 0x0) 14:30:12 executing program 4 (fault-call:3 fault-nth:0): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 611.420484] FAULT_INJECTION: forcing a failure. [ 611.420484] name failslab, interval 1, probability 0, space 0, times 0 [ 611.466174] CPU: 1 PID: 31455 Comm: syz-executor.4 Not tainted 4.19.100-syzkaller #0 [ 611.474105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.483511] Call Trace: [ 611.486123] dump_stack+0x197/0x210 [ 611.489782] should_fail.cold+0xa/0x1b [ 611.493704] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 611.498834] ? lock_downgrade+0x880/0x880 [ 611.503355] __should_failslab+0x121/0x190 [ 611.507618] should_failslab+0x9/0x14 [ 611.511443] __kmalloc_track_caller+0x2de/0x750 [ 611.516271] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 611.521828] ? strndup_user+0x77/0xd0 [ 611.525650] memdup_user+0x26/0xb0 [ 611.529212] strndup_user+0x77/0xd0 [ 611.532854] ksys_mount+0x3c/0x150 [ 611.536428] __x64_sys_mount+0xbe/0x150 [ 611.540438] do_syscall_64+0xfd/0x620 [ 611.544396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 611.549608] RIP: 0033:0x45b349 14:30:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:13 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 611.552814] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 611.572450] RSP: 002b:00007ff63bfdfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 611.580306] RAX: ffffffffffffffda RBX: 00007ff63bfe06d4 RCX: 000000000045b349 [ 611.587710] RDX: 0000000020000200 RSI: 0000000020000040 RDI: 0000000000000000 [ 611.595023] RBP: 000000000075bf20 R08: 0000000020000d80 R09: 0000000000000000 [ 611.602313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 611.609613] R13: 0000000000000745 R14: 00000000004c8b43 R15: 0000000000000000 [ 611.639900] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 611.665840] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 611.671921] CPU: 0 PID: 31660 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 611.679877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.689382] Call Trace: [ 611.691986] dump_stack+0x197/0x210 [ 611.695631] dump_header+0x15e/0xa55 [ 611.699372] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 611.704518] ? ___ratelimit+0x60/0x595 [ 611.708421] ? do_raw_spin_unlock+0x181/0x270 [ 611.715216] oom_kill_process.cold+0x10/0x6ef [ 611.719947] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 611.725501] ? task_will_free_mem+0x139/0x6e0 [ 611.730018] ? find_held_lock+0x35/0x130 [ 611.734108] out_of_memory+0x362/0x1330 [ 611.738153] ? lock_downgrade+0x880/0x880 [ 611.742332] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 611.748509] ? oom_killer_disable+0x280/0x280 [ 611.753032] ? find_held_lock+0x35/0x130 [ 611.757256] mem_cgroup_out_of_memory+0x1d2/0x240 [ 611.762125] ? memcg_event_wake+0x230/0x230 [ 611.766587] ? do_raw_spin_unlock+0x181/0x270 [ 611.771105] ? _raw_spin_unlock+0x2d/0x50 [ 611.775277] try_charge+0xec5/0x1490 [ 611.779020] ? lock_downgrade+0x880/0x880 [ 611.783187] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 611.788053] ? rcu_read_unlock+0x33/0x60 [ 611.792141] ? get_mem_cgroup_from_mm+0x185/0x510 [ 611.797007] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 611.803097] ? lock_downgrade+0x880/0x880 [ 611.807280] mem_cgroup_try_charge+0x259/0x6b0 [ 611.811889] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 611.816948] do_huge_pmd_wp_page+0x97e/0x3580 [ 611.821473] ? __split_huge_pmd+0x2b10/0x2b10 [ 611.826084] ? pmd_val+0x85/0x100 [ 611.829589] __handle_mm_fault+0x167b/0x3f80 [ 611.834021] ? copy_page_range+0x2030/0x2030 [ 611.838466] ? count_memcg_event_mm+0x2b1/0x4d0 [ 611.843409] handle_mm_fault+0x1b5/0x690 [ 611.847500] __do_page_fault+0x62a/0xe90 [ 611.851741] ? vmalloc_fault+0x740/0x740 [ 611.855831] ? trace_hardirqs_off_caller+0x65/0x220 [ 611.860883] ? trace_hardirqs_on_caller+0x6a/0x220 [ 611.865834] ? page_fault+0x8/0x30 [ 611.869493] do_page_fault+0x71/0x57d [ 611.873328] ? page_fault+0x8/0x30 [ 611.876892] page_fault+0x1e/0x30 [ 611.880361] RIP: 0033:0x400644 [ 611.883574] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 611.902490] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 611.907868] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 611.915185] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 611.922589] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 611.929983] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 14:30:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:13 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe00}, 0x0) [ 611.937270] R13: 0000000000095508 R14: 00000000007603e0 R15: 000000000075bf2c 14:30:13 executing program 4 (fault-call:3 fault-nth:1): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:13 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:13 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xec0}, 0x0) 14:30:13 executing program 3 (fault-call:5 fault-nth:0): r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 612.182463] Task in /syz1 killed as a result of limit of /syz1 [ 612.213721] memory: usage 307196kB, limit 307200kB, failcnt 3132 [ 612.276681] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.283956] FAULT_INJECTION: forcing a failure. [ 612.283956] name failslab, interval 1, probability 0, space 0, times 0 [ 612.331039] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.367116] Memory cgroup stats for /syz1: cache:28KB rss:295500KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87652KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 612.390241] CPU: 0 PID: 31900 Comm: syz-executor.4 Not tainted 4.19.100-syzkaller #0 [ 612.398186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.407685] Call Trace: [ 612.410305] dump_stack+0x197/0x210 [ 612.413964] should_fail.cold+0xa/0x1b [ 612.417930] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 612.423074] ? lock_downgrade+0x880/0x880 [ 612.427258] __should_failslab+0x121/0x190 [ 612.431522] should_failslab+0x9/0x14 [ 612.435432] kmem_cache_alloc_trace+0x2cc/0x760 [ 612.440234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.445797] ? _copy_from_user+0xdd/0x150 [ 612.450118] copy_mount_options+0x5c/0x3a0 [ 612.454418] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 612.460053] ksys_mount+0xa7/0x150 [ 612.463890] __x64_sys_mount+0xbe/0x150 [ 612.467891] do_syscall_64+0xfd/0x620 [ 612.471722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 612.477039] RIP: 0033:0x45b349 [ 612.480251] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 612.499689] RSP: 002b:00007ff63bfdfc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 612.507453] RAX: ffffffffffffffda RBX: 00007ff63bfe06d4 RCX: 000000000045b349 [ 612.514876] RDX: 0000000020000200 RSI: 0000000020000040 RDI: 0000000000000000 [ 612.522304] RBP: 000000000075bf20 R08: 0000000020000d80 R09: 0000000000000000 [ 612.529588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 612.536876] R13: 0000000000000745 R14: 00000000004c8b43 R15: 0000000000000001 [ 612.545262] Memory cgroup out of memory: Kill process 31660 (syz-executor.1) score 1223 or sacrifice child [ 612.555549] Killed process 31662 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 612.583822] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 612.596593] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 612.602140] CPU: 1 PID: 31660 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 612.610030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.619391] Call Trace: [ 612.621997] dump_stack+0x197/0x210 [ 612.625653] dump_header+0x15e/0xa55 [ 612.629387] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 612.634506] ? ___ratelimit+0x60/0x595 [ 612.638407] ? do_raw_spin_unlock+0x181/0x270 [ 612.642923] oom_kill_process.cold+0x10/0x6ef [ 612.647707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 612.653446] ? task_will_free_mem+0x139/0x6e0 [ 612.658104] ? find_held_lock+0x35/0x130 [ 612.662191] out_of_memory+0x362/0x1330 [ 612.666182] ? lock_downgrade+0x880/0x880 [ 612.670346] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 612.675461] ? oom_killer_disable+0x280/0x280 [ 612.679977] ? find_held_lock+0x35/0x130 [ 612.684671] mem_cgroup_out_of_memory+0x1d2/0x240 [ 612.689521] ? memcg_event_wake+0x230/0x230 [ 612.693865] ? do_raw_spin_unlock+0x181/0x270 [ 612.698548] ? _raw_spin_unlock+0x2d/0x50 [ 612.702713] try_charge+0xec5/0x1490 [ 612.706482] ? lock_downgrade+0x880/0x880 [ 612.710648] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 612.715502] ? rcu_read_unlock+0x33/0x60 [ 612.719575] ? get_mem_cgroup_from_mm+0x185/0x510 [ 612.724438] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 612.730502] ? lock_downgrade+0x880/0x880 [ 612.734692] mem_cgroup_try_charge+0x259/0x6b0 [ 612.739292] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 612.744420] do_huge_pmd_wp_page+0x97e/0x3580 [ 612.748962] ? __split_huge_pmd+0x2b10/0x2b10 [ 612.753537] ? pmd_val+0x85/0x100 [ 612.757014] __handle_mm_fault+0x167b/0x3f80 [ 612.761440] ? copy_page_range+0x2030/0x2030 [ 612.766010] ? count_memcg_event_mm+0x2b1/0x4d0 [ 612.770697] handle_mm_fault+0x1b5/0x690 [ 612.774771] __do_page_fault+0x62a/0xe90 [ 612.778852] ? vmalloc_fault+0x740/0x740 [ 612.782937] ? trace_hardirqs_off_caller+0x65/0x220 [ 612.787958] ? trace_hardirqs_on_caller+0x6a/0x220 [ 612.792900] ? page_fault+0x8/0x30 [ 612.796450] do_page_fault+0x71/0x57d [ 612.800298] ? page_fault+0x8/0x30 [ 612.803850] page_fault+0x1e/0x30 [ 612.807315] RIP: 0033:0x400644 [ 612.810542] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 612.829454] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 612.834828] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 612.842111] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 612.849444] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 612.856730] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 612.864010] R13: 0000000000095508 R14: 00000000007603e0 R15: 000000000075bf2c [ 612.873187] Task in /syz1 killed as a result of limit of /syz1 [ 612.879390] memory: usage 307200kB, limit 307200kB, failcnt 3143 [ 612.885658] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.893110] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.900000] Memory cgroup stats for /syz1: cache:28KB rss:295500KB rss_huge:262144KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 612.922776] Memory cgroup out of memory: Kill process 31660 (syz-executor.1) score 1223 or sacrifice child [ 612.933273] Killed process 31660 (syz-executor.1) total-vm:72588kB, anon-rss:18152kB, file-rss:53400kB, shmem-rss:0kB [ 612.945109] oom_reaper: reaped process 31660 (syz-executor.1), now anon-rss:18152kB, file-rss:53400kB, shmem-rss:0kB 14:30:15 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:15 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf00}, 0x0) 14:30:15 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:15 executing program 5: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:15 executing program 4 (fault-call:3 fault-nth:2): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:15 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x3f00}, 0x0) 14:30:15 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:15 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x2, 0x0) [ 613.752146] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 613.789325] syz-executor.1 cpuset=syz1 mems_allowed=0-1 14:30:15 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 613.807676] CPU: 1 PID: 32002 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 613.815739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 613.825214] Call Trace: [ 613.827823] dump_stack+0x197/0x210 [ 613.831469] dump_header+0x15e/0xa55 [ 613.835343] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 613.840469] ? ___ratelimit+0x60/0x595 [ 613.844375] ? do_raw_spin_unlock+0x181/0x270 [ 613.848898] oom_kill_process.cold+0x10/0x6ef [ 613.853428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 613.859143] ? task_will_free_mem+0x139/0x6e0 [ 613.863767] ? find_held_lock+0x35/0x130 [ 613.867858] out_of_memory+0x362/0x1330 [ 613.871863] ? lock_downgrade+0x880/0x880 [ 613.876041] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 613.881166] ? oom_killer_disable+0x280/0x280 [ 613.885795] ? find_held_lock+0x35/0x130 [ 613.890149] mem_cgroup_out_of_memory+0x1d2/0x240 [ 613.895014] ? memcg_event_wake+0x230/0x230 [ 613.899363] ? do_raw_spin_unlock+0x181/0x270 [ 613.903874] ? _raw_spin_unlock+0x2d/0x50 [ 613.908149] try_charge+0xec5/0x1490 [ 613.911889] ? lock_downgrade+0x880/0x880 [ 613.916082] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 613.920942] ? rcu_read_unlock+0x33/0x60 [ 613.925179] ? get_mem_cgroup_from_mm+0x185/0x510 [ 613.930046] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 613.936127] ? lock_downgrade+0x880/0x880 [ 613.940310] mem_cgroup_try_charge+0x259/0x6b0 [ 613.944916] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 613.949872] do_huge_pmd_wp_page+0x97e/0x3580 [ 613.954395] ? __split_huge_pmd+0x2b10/0x2b10 [ 613.958940] ? pmd_val+0x85/0x100 [ 613.962424] __handle_mm_fault+0x167b/0x3f80 [ 613.966955] ? copy_page_range+0x2030/0x2030 [ 613.971400] ? count_memcg_event_mm+0x2b1/0x4d0 [ 613.976097] handle_mm_fault+0x1b5/0x690 [ 613.980193] __do_page_fault+0x62a/0xe90 [ 613.984290] ? vmalloc_fault+0x740/0x740 [ 613.988367] ? trace_hardirqs_off_caller+0x65/0x220 [ 613.993392] ? trace_hardirqs_on_caller+0x6a/0x220 [ 613.998338] ? page_fault+0x8/0x30 [ 614.001995] do_page_fault+0x71/0x57d [ 614.005915] ? page_fault+0x8/0x30 [ 614.009477] page_fault+0x1e/0x30 [ 614.013048] RIP: 0033:0x400644 [ 614.016255] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 614.035275] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 614.040673] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 614.047962] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 14:30:15 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x6000}, 0x0) [ 614.055249] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 614.062717] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bfc8 [ 614.070144] R13: 0000000000095d29 R14: 00000000007603e0 R15: 000000000075bfd4 14:30:15 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 614.306927] 9p: Unknown uid 18446744073709551615 [ 614.557360] Task in /syz1 killed as a result of limit of /syz1 [ 614.563537] memory: usage 307200kB, limit 307200kB, failcnt 3394 [ 614.569889] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 614.576720] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 614.582866] Memory cgroup stats for /syz1: cache:28KB rss:295540KB rss_huge:260096KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87656KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186264KB [ 614.608188] Memory cgroup out of memory: Kill process 32002 (syz-executor.1) score 1225 or sacrifice child [ 614.618162] Killed process 32127 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 614.630313] oom_reaper: reaped process 32127 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 614.703672] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 614.731925] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 614.743352] CPU: 1 PID: 32002 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 614.751447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 614.760800] Call Trace: [ 614.763390] dump_stack+0x197/0x210 [ 614.767027] dump_header+0x15e/0xa55 [ 614.770743] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 614.775849] ? ___ratelimit+0x60/0x595 [ 614.779733] ? do_raw_spin_unlock+0x181/0x270 [ 614.784229] oom_kill_process.cold+0x10/0x6ef [ 614.788724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 614.794381] ? task_will_free_mem+0x139/0x6e0 [ 614.798996] ? find_held_lock+0x35/0x130 [ 614.803414] out_of_memory+0x362/0x1330 [ 614.807400] ? lock_downgrade+0x880/0x880 [ 614.811563] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 614.816725] ? oom_killer_disable+0x280/0x280 [ 614.821217] ? find_held_lock+0x35/0x130 [ 614.825362] mem_cgroup_out_of_memory+0x1d2/0x240 [ 614.830195] ? memcg_event_wake+0x230/0x230 [ 614.834524] ? do_raw_spin_unlock+0x181/0x270 [ 614.839035] ? _raw_spin_unlock+0x2d/0x50 [ 614.843404] try_charge+0xec5/0x1490 [ 614.847160] ? lock_downgrade+0x880/0x880 [ 614.851460] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 614.856292] ? rcu_read_unlock+0x33/0x60 [ 614.860362] ? get_mem_cgroup_from_mm+0x185/0x510 [ 614.865215] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 614.871275] ? lock_downgrade+0x880/0x880 [ 614.875428] mem_cgroup_try_charge+0x259/0x6b0 [ 614.880009] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 614.885087] do_huge_pmd_wp_page+0x97e/0x3580 [ 614.889580] ? __split_huge_pmd+0x2b10/0x2b10 [ 614.894077] ? pmd_val+0x85/0x100 [ 614.897522] __handle_mm_fault+0x167b/0x3f80 [ 614.902067] ? copy_page_range+0x2030/0x2030 [ 614.906511] ? count_memcg_event_mm+0x2b1/0x4d0 [ 614.911242] handle_mm_fault+0x1b5/0x690 [ 614.915402] __do_page_fault+0x62a/0xe90 [ 614.919454] ? vmalloc_fault+0x740/0x740 [ 614.923628] ? trace_hardirqs_off_caller+0x65/0x220 [ 614.928737] ? trace_hardirqs_on_caller+0x6a/0x220 [ 614.933683] ? page_fault+0x8/0x30 [ 614.937223] do_page_fault+0x71/0x57d [ 614.941075] ? page_fault+0x8/0x30 [ 614.944746] page_fault+0x1e/0x30 [ 614.948208] RIP: 0033:0x400644 [ 614.951402] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 614.970441] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 614.975825] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 614.983225] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 614.990490] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 14:30:16 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:16 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xc00e}, 0x0) 14:30:16 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:16 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x4b47, 0x0) 14:30:16 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x0, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 614.997881] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bfc8 [ 615.005326] R13: 0000000000095d29 R14: 00000000007603e0 R15: 000000000075bfd4 [ 615.042786] Task in /syz1 killed as a result of limit of /syz1 [ 615.068902] memory: usage 307048kB, limit 307200kB, failcnt 3424 [ 615.085514] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 615.122445] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 615.151767] Memory cgroup stats for /syz1: cache:28KB rss:295540KB rss_huge:260096KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186264KB [ 615.232997] Memory cgroup out of memory: Kill process 32002 (syz-executor.1) score 1225 or sacrifice child [ 615.252558] Killed process 32002 (syz-executor.1) total-vm:72720kB, anon-rss:18068kB, file-rss:54368kB, shmem-rss:0kB 14:30:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:17 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe200}, 0x0) 14:30:17 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:17 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x4b49, 0x0) 14:30:17 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:17 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf000}, 0x0) [ 615.767823] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:30:17 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 615.873135] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 615.933916] CPU: 1 PID: 413 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 615.941679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 615.951049] Call Trace: [ 615.953685] dump_stack+0x197/0x210 [ 615.957343] dump_header+0x15e/0xa55 [ 615.961086] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 615.966285] ? ___ratelimit+0x60/0x595 [ 615.970308] ? do_raw_spin_unlock+0x181/0x270 [ 615.974838] oom_kill_process.cold+0x10/0x6ef [ 615.979364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 615.984928] ? task_will_free_mem+0x139/0x6e0 [ 615.989445] ? find_held_lock+0x35/0x130 [ 615.993637] out_of_memory+0x362/0x1330 [ 615.997635] ? lock_downgrade+0x880/0x880 [ 616.001801] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 616.006930] ? oom_killer_disable+0x280/0x280 [ 616.011545] ? find_held_lock+0x35/0x130 [ 616.015650] mem_cgroup_out_of_memory+0x1d2/0x240 [ 616.020526] ? memcg_event_wake+0x230/0x230 [ 616.024873] ? do_raw_spin_unlock+0x181/0x270 [ 616.029386] ? _raw_spin_unlock+0x2d/0x50 [ 616.033563] try_charge+0xec5/0x1490 [ 616.037334] ? lock_downgrade+0x880/0x880 [ 616.041520] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 616.046384] ? rcu_read_unlock+0x33/0x60 [ 616.050465] ? get_mem_cgroup_from_mm+0x185/0x510 [ 616.055324] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 616.061397] ? lock_downgrade+0x880/0x880 [ 616.065568] mem_cgroup_try_charge+0x259/0x6b0 [ 616.070176] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 616.075122] do_huge_pmd_wp_page+0x97e/0x3580 [ 616.079647] ? __split_huge_pmd+0x2b10/0x2b10 [ 616.084167] ? pmd_val+0x85/0x100 [ 616.087653] __handle_mm_fault+0x167b/0x3f80 [ 616.092258] ? copy_page_range+0x2030/0x2030 [ 616.096699] ? count_memcg_event_mm+0x2b1/0x4d0 [ 616.101393] handle_mm_fault+0x1b5/0x690 [ 616.105478] __do_page_fault+0x62a/0xe90 [ 616.109573] ? vmalloc_fault+0x740/0x740 [ 616.113653] ? trace_hardirqs_off_caller+0x65/0x220 [ 616.118803] ? trace_hardirqs_on_caller+0x6a/0x220 [ 616.123749] ? page_fault+0x8/0x30 [ 616.127441] do_page_fault+0x71/0x57d [ 616.131364] ? page_fault+0x8/0x30 [ 616.134912] page_fault+0x1e/0x30 [ 616.138375] RIP: 0033:0x400644 [ 616.141699] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 616.160990] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 616.166407] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 616.173707] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 616.181097] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 616.188381] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 616.195790] R13: 00000000000964ec R14: 00000000007603e0 R15: 000000000075bf2c [ 616.611810] Task in /syz1 killed as a result of limit of /syz1 [ 616.621182] memory: usage 307148kB, limit 307200kB, failcnt 3736 [ 616.631151] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 616.641271] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 616.653561] Memory cgroup stats for /syz1: cache:28KB rss:295428KB rss_huge:260096KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87652KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 616.682490] Memory cgroup out of memory: Kill process 413 (syz-executor.1) score 1222 or sacrifice child [ 616.692800] Killed process 485 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 616.727821] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 616.744656] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 616.750922] CPU: 1 PID: 413 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 616.758658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 616.768134] Call Trace: [ 616.770750] dump_stack+0x197/0x210 [ 616.774390] dump_header+0x15e/0xa55 [ 616.778128] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 616.783240] ? ___ratelimit+0x60/0x595 [ 616.787144] ? do_raw_spin_unlock+0x181/0x270 [ 616.791666] oom_kill_process.cold+0x10/0x6ef [ 616.796189] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 616.801734] ? task_will_free_mem+0x139/0x6e0 [ 616.806360] ? find_held_lock+0x35/0x130 [ 616.810438] out_of_memory+0x362/0x1330 [ 616.814464] ? lock_downgrade+0x880/0x880 [ 616.818631] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 616.823754] ? oom_killer_disable+0x280/0x280 [ 616.828260] ? find_held_lock+0x35/0x130 [ 616.832355] mem_cgroup_out_of_memory+0x1d2/0x240 [ 616.837218] ? memcg_event_wake+0x230/0x230 [ 616.841576] ? do_raw_spin_unlock+0x181/0x270 [ 616.846081] ? _raw_spin_unlock+0x2d/0x50 [ 616.850240] try_charge+0xec5/0x1490 [ 616.853966] ? lock_downgrade+0x880/0x880 [ 616.858149] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 616.863004] ? rcu_read_unlock+0x33/0x60 [ 616.867080] ? get_mem_cgroup_from_mm+0x185/0x510 [ 616.871951] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 616.878064] ? lock_downgrade+0x880/0x880 [ 616.882256] mem_cgroup_try_charge+0x259/0x6b0 [ 616.886868] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 616.891849] do_huge_pmd_wp_page+0x97e/0x3580 [ 616.896374] ? __split_huge_pmd+0x2b10/0x2b10 [ 616.900891] ? pmd_val+0x85/0x100 [ 616.904367] __handle_mm_fault+0x167b/0x3f80 [ 616.908801] ? copy_page_range+0x2030/0x2030 [ 616.913344] ? count_memcg_event_mm+0x2b1/0x4d0 [ 616.918265] handle_mm_fault+0x1b5/0x690 [ 616.922360] __do_page_fault+0x62a/0xe90 [ 616.926543] ? vmalloc_fault+0x740/0x740 [ 616.930632] ? trace_hardirqs_off_caller+0x65/0x220 [ 616.935828] ? trace_hardirqs_on_caller+0x6a/0x220 [ 616.940789] ? page_fault+0x8/0x30 [ 616.944374] do_page_fault+0x71/0x57d [ 616.948200] ? page_fault+0x8/0x30 [ 616.951757] page_fault+0x1e/0x30 [ 616.955213] RIP: 0033:0x400644 [ 616.958425] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 616.984562] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 616.989937] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 616.998178] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 617.005472] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 617.012860] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 617.020143] R13: 00000000000964ec R14: 00000000007603e0 R15: 000000000075bf2c 14:30:18 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) 14:30:18 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x34000}, 0x0) 14:30:18 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x541b, 0x0) 14:30:18 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:18 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x5, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 617.042829] Task in /syz1 killed as a result of limit of /syz1 [ 617.096580] memory: usage 307192kB, limit 307200kB, failcnt 3752 [ 617.117700] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 617.134259] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 617.141448] Memory cgroup stats for /syz1: cache:28KB rss:295428KB rss_huge:260096KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 617.164927] Memory cgroup out of memory: Kill process 413 (syz-executor.1) score 1222 or sacrifice child [ 617.175632] Killed process 413 (syz-executor.1) total-vm:72588kB, anon-rss:17964kB, file-rss:53400kB, shmem-rss:0kB 14:30:18 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:18 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x400300}, 0x0) 14:30:19 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x5421, 0x0) 14:30:19 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf0ffff}, 0x0) 14:30:19 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:19 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x6, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 617.784139] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:30:19 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) [ 617.865122] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 617.922805] CPU: 1 PID: 1102 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 617.930646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 617.940020] Call Trace: [ 617.942639] dump_stack+0x197/0x210 [ 617.946371] dump_header+0x15e/0xa55 [ 617.950114] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 617.955362] ? ___ratelimit+0x60/0x595 [ 617.959260] ? do_raw_spin_unlock+0x181/0x270 [ 617.963793] oom_kill_process.cold+0x10/0x6ef [ 617.968306] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 617.973857] ? task_will_free_mem+0x139/0x6e0 [ 617.978371] ? find_held_lock+0x35/0x130 [ 617.982722] out_of_memory+0x362/0x1330 [ 617.986727] ? lock_downgrade+0x880/0x880 [ 617.990893] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 617.996099] ? oom_killer_disable+0x280/0x280 [ 618.000608] ? find_held_lock+0x35/0x130 [ 618.004704] mem_cgroup_out_of_memory+0x1d2/0x240 [ 618.009574] ? memcg_event_wake+0x230/0x230 [ 618.013923] ? do_raw_spin_unlock+0x181/0x270 [ 618.018438] ? _raw_spin_unlock+0x2d/0x50 [ 618.022619] try_charge+0xec5/0x1490 [ 618.026344] ? lock_downgrade+0x880/0x880 [ 618.030516] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 618.035382] ? rcu_read_unlock+0x33/0x60 [ 618.039473] ? get_mem_cgroup_from_mm+0x185/0x510 [ 618.044456] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 618.050539] ? lock_downgrade+0x880/0x880 [ 618.054708] mem_cgroup_try_charge+0x259/0x6b0 [ 618.059329] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 618.064390] do_huge_pmd_wp_page+0x97e/0x3580 [ 618.068947] ? __split_huge_pmd+0x2b10/0x2b10 [ 618.073839] ? pmd_val+0x85/0x100 [ 618.077344] __handle_mm_fault+0x167b/0x3f80 [ 618.081895] ? copy_page_range+0x2030/0x2030 [ 618.086333] ? count_memcg_event_mm+0x2b1/0x4d0 [ 618.091051] handle_mm_fault+0x1b5/0x690 [ 618.095133] __do_page_fault+0x62a/0xe90 [ 618.099222] ? vmalloc_fault+0x740/0x740 [ 618.103383] ? trace_hardirqs_off_caller+0x65/0x220 [ 618.108509] ? trace_hardirqs_on_caller+0x6a/0x220 [ 618.113499] ? page_fault+0x8/0x30 [ 618.117062] do_page_fault+0x71/0x57d [ 618.120877] ? page_fault+0x8/0x30 [ 618.124436] page_fault+0x1e/0x30 [ 618.128014] RIP: 0033:0x400644 [ 618.131221] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 618.150964] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 618.156334] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 618.163619] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 618.170905] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 618.178277] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 618.185560] R13: 0000000000096cfd R14: 00000000007603e0 R15: 000000000075bf2c [ 618.266285] Task in /syz1 killed as a result of limit of /syz1 [ 618.272577] memory: usage 307200kB, limit 307200kB, failcnt 3950 [ 618.286313] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 618.302127] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 618.313055] Memory cgroup stats for /syz1: cache:28KB rss:295448KB rss_huge:253952KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87652KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB 14:30:20 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) [ 618.393865] Memory cgroup out of memory: Kill process 1102 (syz-executor.1) score 1223 or sacrifice child 14:30:20 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x7, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:20 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x5450, 0x0) 14:30:20 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) 14:30:20 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) [ 618.446524] Killed process 1268 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 618.510049] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 618.573316] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 618.595305] CPU: 0 PID: 1102 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 618.603151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 618.612520] Call Trace: [ 618.615144] dump_stack+0x197/0x210 [ 618.618794] dump_header+0x15e/0xa55 [ 618.622548] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 618.627871] ? ___ratelimit+0x60/0x595 [ 618.631771] ? do_raw_spin_unlock+0x181/0x270 [ 618.636325] oom_kill_process.cold+0x10/0x6ef [ 618.640837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 618.646379] ? task_will_free_mem+0x139/0x6e0 [ 618.650915] ? find_held_lock+0x35/0x130 [ 618.655006] out_of_memory+0x362/0x1330 [ 618.659006] ? lock_downgrade+0x880/0x880 [ 618.663175] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 618.668298] ? oom_killer_disable+0x280/0x280 [ 618.672809] ? find_held_lock+0x35/0x130 [ 618.676926] mem_cgroup_out_of_memory+0x1d2/0x240 [ 618.681784] ? memcg_event_wake+0x230/0x230 [ 618.686158] ? do_raw_spin_unlock+0x181/0x270 [ 618.690675] ? _raw_spin_unlock+0x2d/0x50 [ 618.694841] try_charge+0xec5/0x1490 [ 618.698574] ? lock_downgrade+0x880/0x880 [ 618.703823] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 618.708798] ? rcu_read_unlock+0x33/0x60 [ 618.712875] ? get_mem_cgroup_from_mm+0x185/0x510 [ 618.717742] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 618.723821] ? lock_downgrade+0x880/0x880 [ 618.727995] mem_cgroup_try_charge+0x259/0x6b0 [ 618.732601] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 618.737572] do_huge_pmd_wp_page+0x97e/0x3580 [ 618.742104] ? __split_huge_pmd+0x2b10/0x2b10 [ 618.746621] ? pmd_val+0x85/0x100 [ 618.750126] __handle_mm_fault+0x167b/0x3f80 [ 618.754565] ? copy_page_range+0x2030/0x2030 [ 618.759019] ? count_memcg_event_mm+0x2b1/0x4d0 [ 618.763705] handle_mm_fault+0x1b5/0x690 [ 618.767792] __do_page_fault+0x62a/0xe90 [ 618.771872] ? vmalloc_fault+0x740/0x740 [ 618.775965] ? trace_hardirqs_off_caller+0x65/0x220 [ 618.781061] ? trace_hardirqs_on_caller+0x6a/0x220 [ 618.786022] ? page_fault+0x8/0x30 [ 618.789586] do_page_fault+0x71/0x57d [ 618.793402] ? page_fault+0x8/0x30 [ 618.796967] page_fault+0x1e/0x30 [ 618.800429] RIP: 0033:0x400644 [ 618.803637] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 618.822571] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 618.828041] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 618.835334] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 618.842621] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 618.850042] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 618.857326] R13: 0000000000096cfd R14: 00000000007603e0 R15: 000000000075bf2c [ 619.190438] Task in /syz1 killed as a result of limit of /syz1 [ 619.199008] memory: usage 307196kB, limit 307200kB, failcnt 3985 [ 619.205375] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 619.219522] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 619.225846] Memory cgroup stats for /syz1: cache:28KB rss:295448KB rss_huge:253952KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 619.254195] Memory cgroup out of memory: Kill process 1102 (syz-executor.1) score 1223 or sacrifice child [ 619.264595] Killed process 1102 (syz-executor.1) total-vm:72588kB, anon-rss:18152kB, file-rss:53400kB, shmem-rss:0kB 14:30:21 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x3000000}, 0x0) 14:30:21 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x5451, 0x0) 14:30:21 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) 14:30:21 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x9, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:21 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 14:30:21 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0xffffffffffffffff, r0) tkill(r0, 0x9) [ 619.898996] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 620.012564] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 620.089291] CPU: 0 PID: 1988 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 620.097137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.106508] Call Trace: [ 620.109141] dump_stack+0x197/0x210 [ 620.112799] dump_header+0x15e/0xa55 [ 620.116533] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 620.121666] ? ___ratelimit+0x60/0x595 [ 620.125573] ? do_raw_spin_unlock+0x181/0x270 [ 620.130098] oom_kill_process.cold+0x10/0x6ef [ 620.134628] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.140192] ? task_will_free_mem+0x139/0x6e0 [ 620.144714] ? find_held_lock+0x35/0x130 [ 620.148808] out_of_memory+0x362/0x1330 [ 620.152801] ? lock_downgrade+0x880/0x880 [ 620.156973] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 620.162117] ? oom_killer_disable+0x280/0x280 [ 620.166638] ? find_held_lock+0x35/0x130 [ 620.170733] mem_cgroup_out_of_memory+0x1d2/0x240 [ 620.175716] ? memcg_event_wake+0x230/0x230 [ 620.180130] ? do_raw_spin_unlock+0x181/0x270 [ 620.184648] ? _raw_spin_unlock+0x2d/0x50 [ 620.188832] try_charge+0xec5/0x1490 [ 620.192592] ? lock_downgrade+0x880/0x880 [ 620.196769] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 620.201641] ? rcu_read_unlock+0x33/0x60 [ 620.205733] ? get_mem_cgroup_from_mm+0x185/0x510 [ 620.210606] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 620.216689] ? lock_downgrade+0x880/0x880 [ 620.220864] mem_cgroup_try_charge+0x259/0x6b0 [ 620.225476] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 620.230426] do_huge_pmd_wp_page+0x97e/0x3580 [ 620.235090] ? __split_huge_pmd+0x2b10/0x2b10 [ 620.239626] ? pmd_val+0x85/0x100 [ 620.243134] __handle_mm_fault+0x167b/0x3f80 [ 620.247580] ? copy_page_range+0x2030/0x2030 [ 620.252035] ? count_memcg_event_mm+0x2b1/0x4d0 [ 620.256908] handle_mm_fault+0x1b5/0x690 [ 620.261001] __do_page_fault+0x62a/0xe90 [ 620.265189] ? vmalloc_fault+0x740/0x740 [ 620.269290] ? trace_hardirqs_off_caller+0x65/0x220 [ 620.274332] ? trace_hardirqs_on_caller+0x6a/0x220 [ 620.279433] ? page_fault+0x8/0x30 [ 620.283000] do_page_fault+0x71/0x57d [ 620.286820] ? page_fault+0x8/0x30 [ 620.290380] page_fault+0x1e/0x30 [ 620.293856] RIP: 0033:0x400644 [ 620.297063] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 620.315979] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 620.321356] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 620.328638] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 14:30:21 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:21 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xa, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:21 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x5452, 0x0) 14:30:21 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(r0, 0x9) 14:30:22 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xa000000}, 0x0) [ 620.335914] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 620.343220] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 620.350507] R13: 000000000009751f R14: 00000000007603e0 R15: 000000000075bf2c [ 620.457000] Task in /syz1 killed as a result of limit of /syz1 [ 620.468320] memory: usage 307200kB, limit 307200kB, failcnt 4180 [ 620.478268] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 620.489282] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 620.500135] Memory cgroup stats for /syz1: cache:28KB rss:295432KB rss_huge:251904KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87652KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 620.604044] Memory cgroup out of memory: Kill process 1988 (syz-executor.1) score 1222 or sacrifice child [ 620.614295] Killed process 2101 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 620.684247] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 620.714314] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 620.720257] CPU: 0 PID: 1988 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 620.728107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 620.737475] Call Trace: [ 620.740089] dump_stack+0x197/0x210 [ 620.743751] dump_header+0x15e/0xa55 [ 620.747616] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 620.752758] ? ___ratelimit+0x60/0x595 [ 620.756658] ? do_raw_spin_unlock+0x181/0x270 [ 620.761183] oom_kill_process.cold+0x10/0x6ef [ 620.765702] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 620.772556] ? task_will_free_mem+0x139/0x6e0 [ 620.777061] ? find_held_lock+0x35/0x130 [ 620.781137] out_of_memory+0x362/0x1330 [ 620.785119] ? lock_downgrade+0x880/0x880 [ 620.789276] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 620.794390] ? oom_killer_disable+0x280/0x280 [ 620.798889] ? find_held_lock+0x35/0x130 [ 620.802968] mem_cgroup_out_of_memory+0x1d2/0x240 [ 620.807847] ? memcg_event_wake+0x230/0x230 [ 620.812181] ? do_raw_spin_unlock+0x181/0x270 [ 620.816688] ? _raw_spin_unlock+0x2d/0x50 [ 620.820849] try_charge+0xec5/0x1490 [ 620.824574] ? lock_downgrade+0x880/0x880 [ 620.828738] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 620.833591] ? rcu_read_unlock+0x33/0x60 [ 620.837665] ? get_mem_cgroup_from_mm+0x185/0x510 [ 620.842526] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 620.848597] ? lock_downgrade+0x880/0x880 [ 620.852765] mem_cgroup_try_charge+0x259/0x6b0 [ 620.857366] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 620.862323] do_huge_pmd_wp_page+0x97e/0x3580 [ 620.866845] ? __split_huge_pmd+0x2b10/0x2b10 [ 620.871358] ? pmd_val+0x85/0x100 [ 620.874830] __handle_mm_fault+0x167b/0x3f80 [ 620.879257] ? copy_page_range+0x2030/0x2030 [ 620.883788] ? count_memcg_event_mm+0x2b1/0x4d0 [ 620.888474] handle_mm_fault+0x1b5/0x690 [ 620.892552] __do_page_fault+0x62a/0xe90 [ 620.896630] ? vmalloc_fault+0x740/0x740 [ 620.900709] ? trace_hardirqs_off_caller+0x65/0x220 [ 620.905732] ? trace_hardirqs_on_caller+0x6a/0x220 [ 620.910709] ? page_fault+0x8/0x30 [ 620.914265] do_page_fault+0x71/0x57d [ 620.918086] ? page_fault+0x8/0x30 [ 620.921639] page_fault+0x1e/0x30 [ 620.925095] RIP: 0033:0x400644 [ 620.928303] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 620.947226] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 620.952603] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 620.959893] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 620.967184] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 620.974577] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 620.981946] R13: 000000000009751f R14: 00000000007603e0 R15: 000000000075bf2c [ 621.020664] Task in /syz1 killed as a result of limit of /syz1 [ 621.026960] memory: usage 307200kB, limit 307200kB, failcnt 4202 [ 621.033344] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 621.040800] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 621.047549] Memory cgroup stats for /syz1: cache:28KB rss:295432KB rss_huge:251904KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:87592KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 621.076373] Memory cgroup out of memory: Kill process 1988 (syz-executor.1) score 1222 or sacrifice child [ 621.096557] Killed process 1988 (syz-executor.1) total-vm:72588kB, anon-rss:17972kB, file-rss:53400kB, shmem-rss:0kB [ 621.114535] oom_reaper: reaped process 1988 (syz-executor.1), now anon-rss:18152kB, file-rss:53400kB, shmem-rss:0kB 14:30:22 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x10, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:22 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x5460, 0x0) 14:30:22 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe000000}, 0x0) 14:30:22 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:22 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(r0, 0x9) 14:30:23 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf000000}, 0x0) 14:30:23 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:23 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8901, 0x0) 14:30:23 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x14, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:23 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, 0x0) tkill(r0, 0x9) [ 621.743682] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 621.755449] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 621.761340] CPU: 0 PID: 2611 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 621.773661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.783024] Call Trace: [ 621.785637] dump_stack+0x197/0x210 [ 621.789278] dump_header+0x15e/0xa55 [ 621.793005] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 621.798135] ? ___ratelimit+0x60/0x595 [ 621.802043] ? do_raw_spin_unlock+0x181/0x270 [ 621.806912] oom_kill_process.cold+0x10/0x6ef [ 621.811435] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 621.816987] ? task_will_free_mem+0x139/0x6e0 [ 621.821492] ? find_held_lock+0x35/0x130 [ 621.825579] out_of_memory+0x362/0x1330 [ 621.829573] ? lock_downgrade+0x880/0x880 [ 621.833735] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 621.838863] ? oom_killer_disable+0x280/0x280 [ 621.843365] ? find_held_lock+0x35/0x130 [ 621.847451] mem_cgroup_out_of_memory+0x1d2/0x240 [ 621.852303] ? memcg_event_wake+0x230/0x230 [ 621.856636] ? do_raw_spin_unlock+0x181/0x270 [ 621.861157] ? _raw_spin_unlock+0x2d/0x50 [ 621.865341] try_charge+0xec5/0x1490 [ 621.869087] ? lock_downgrade+0x880/0x880 [ 621.873261] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 621.878142] ? rcu_read_unlock+0x33/0x60 [ 621.882219] ? get_mem_cgroup_from_mm+0x185/0x510 [ 621.887085] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 621.893153] ? retint_kernel+0x2d/0x2d [ 621.897063] mem_cgroup_try_charge+0x259/0x6b0 [ 621.901676] ? __sanitizer_cov_trace_pc+0x20/0x50 [ 621.906548] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 621.911499] wp_page_copy+0x430/0x16a0 [ 621.915405] ? follow_pfn+0x2a0/0x2a0 [ 621.919226] ? do_raw_spin_unlock+0x181/0x270 [ 621.923735] do_wp_page+0x57d/0x10b0 [ 621.927466] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 621.932146] ? kasan_check_write+0x14/0x20 [ 621.936391] ? do_raw_spin_lock+0xd7/0x250 [ 621.940641] __handle_mm_fault+0x2305/0x3f80 [ 621.945071] ? copy_page_range+0x2030/0x2030 [ 621.949509] ? count_memcg_event_mm+0x2b1/0x4d0 [ 621.954193] handle_mm_fault+0x1b5/0x690 [ 621.958277] __get_user_pages+0x609/0x1860 [ 621.962537] ? follow_page_mask+0x1ac0/0x1ac0 [ 621.967046] ? retint_kernel+0x2d/0x2d [ 621.970959] populate_vma_page_range+0x20d/0x2a0 [ 621.975732] __mm_populate+0x204/0x380 [ 621.979633] ? populate_vma_page_range+0x2a0/0x2a0 [ 621.984586] __x64_sys_mlockall+0x35c/0x520 [ 621.988948] do_syscall_64+0xfd/0x620 [ 621.992762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 621.997956] RIP: 0033:0x45b349 [ 622.001154] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 622.020071] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 622.027811] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 622.035222] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 622.042505] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 622.049783] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 622.057168] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 622.066297] Task in /syz1 killed as a result of limit of /syz1 [ 622.072442] memory: usage 307200kB, limit 307200kB, failcnt 4369 [ 622.078804] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.085701] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.092065] Memory cgroup stats for /syz1: cache:28KB rss:296828KB rss_huge:245760KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:88992KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186264KB [ 622.115247] Memory cgroup out of memory: Kill process 2600 (syz-executor.1) score 1226 or sacrifice child [ 622.125728] Killed process 2909 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 623.912683] oom_reaper: reaped process 2909 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:30:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x3f000000}, 0x0) 14:30:25 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8902, 0x0) 14:30:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x60000000}, 0x0) 14:30:25 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x22, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:25 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0) 14:30:26 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:26 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(0x0, 0x9) 14:30:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xc00e0000}, 0x0) 14:30:26 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8903, 0x0) 14:30:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:26 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:26 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xe2000000}, 0x0) [ 625.055325] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 625.067097] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 625.072700] CPU: 1 PID: 3624 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 625.080590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.089954] Call Trace: [ 625.092563] dump_stack+0x197/0x210 [ 625.096247] dump_header+0x15e/0xa55 [ 625.099997] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 625.105119] ? ___ratelimit+0x60/0x595 [ 625.109142] ? do_raw_spin_unlock+0x181/0x270 [ 625.113689] oom_kill_process.cold+0x10/0x6ef [ 625.118212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 625.123769] ? task_will_free_mem+0x139/0x6e0 [ 625.128391] ? find_held_lock+0x35/0x130 [ 625.132483] out_of_memory+0x362/0x1330 [ 625.136480] ? lock_downgrade+0x880/0x880 [ 625.140645] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 625.145857] ? oom_killer_disable+0x280/0x280 [ 625.150370] ? find_held_lock+0x35/0x130 [ 625.154469] mem_cgroup_out_of_memory+0x1d2/0x240 [ 625.159370] ? memcg_event_wake+0x230/0x230 [ 625.163718] ? do_raw_spin_unlock+0x181/0x270 [ 625.168237] ? _raw_spin_unlock+0x2d/0x50 [ 625.172490] try_charge+0xec5/0x1490 [ 625.176217] ? lock_downgrade+0x880/0x880 [ 625.180394] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 625.185260] ? rcu_read_unlock+0x33/0x60 [ 625.189344] ? get_mem_cgroup_from_mm+0x185/0x510 [ 625.194305] ? trace_hardirqs_on_caller+0x6a/0x220 [ 625.199267] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 625.205343] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 625.210219] mem_cgroup_try_charge+0x259/0x6b0 [ 625.214826] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 625.219785] wp_page_copy+0x430/0x16a0 [ 625.223703] ? follow_pfn+0x2a0/0x2a0 [ 625.227531] ? do_raw_spin_unlock+0x181/0x270 [ 625.232366] do_wp_page+0x57d/0x10b0 [ 625.236104] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 625.241139] ? kasan_check_write+0x14/0x20 [ 625.245470] ? do_raw_spin_lock+0xd7/0x250 [ 625.249727] __handle_mm_fault+0x2305/0x3f80 [ 625.254164] ? copy_page_range+0x2030/0x2030 [ 625.258596] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 625.263385] ? handle_mm_fault+0x1ea/0x690 [ 625.267996] handle_mm_fault+0x1b5/0x690 [ 625.272073] ? __get_user_pages+0x536/0x1860 [ 625.276514] __get_user_pages+0x609/0x1860 [ 625.280775] ? follow_page_mask+0x1ac0/0x1ac0 [ 625.285285] ? retint_kernel+0x2d/0x2d [ 625.289204] ? populate_vma_page_range+0x37/0x2a0 [ 625.294083] populate_vma_page_range+0x20d/0x2a0 [ 625.298868] __mm_populate+0x204/0x380 [ 625.302788] ? populate_vma_page_range+0x2a0/0x2a0 [ 625.307738] __x64_sys_mlockall+0x35c/0x520 [ 625.312089] do_syscall_64+0xfd/0x620 [ 625.315928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 625.321135] RIP: 0033:0x45b349 [ 625.324342] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 625.343257] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 625.350987] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 625.358269] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 625.365575] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 625.372868] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 625.380157] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 625.391213] Task in /syz1 killed as a result of limit of /syz1 [ 625.398035] memory: usage 307200kB, limit 307200kB, failcnt 5169 [ 625.404584] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 625.411771] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 625.418196] Memory cgroup stats for /syz1: cache:28KB rss:296972KB rss_huge:245760KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:89172KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186132KB [ 625.441601] Memory cgroup out of memory: Kill process 3586 (syz-executor.1) score 1226 or sacrifice child [ 625.452060] Killed process 3767 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:28 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(0x0, 0x9) 14:30:28 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8904, 0x0) 14:30:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) 14:30:28 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x60, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xfffff000}, 0x0) 14:30:28 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:28 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(0x0, 0x9) 14:30:28 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8940, 0x0) 14:30:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) 14:30:29 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:30:29 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x290, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:29 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8941, 0x0) 14:30:29 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x0) [ 627.448419] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 627.460172] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 627.466014] CPU: 0 PID: 4181 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 627.473839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.483207] Call Trace: [ 627.485807] dump_stack+0x197/0x210 [ 627.489895] dump_header+0x15e/0xa55 [ 627.493652] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 14:30:29 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xffffff9e}, 0x0) [ 627.498931] ? ___ratelimit+0x60/0x595 [ 627.502846] ? do_raw_spin_unlock+0x181/0x270 [ 627.507381] oom_kill_process.cold+0x10/0x6ef [ 627.511904] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 627.517465] ? task_will_free_mem+0x139/0x6e0 [ 627.521984] ? find_held_lock+0x35/0x130 [ 627.526153] out_of_memory+0x362/0x1330 [ 627.530151] ? lock_downgrade+0x880/0x880 [ 627.534321] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 627.539457] ? oom_killer_disable+0x280/0x280 [ 627.544156] ? find_held_lock+0x35/0x130 [ 627.548426] mem_cgroup_out_of_memory+0x1d2/0x240 [ 627.553298] ? memcg_event_wake+0x230/0x230 [ 627.557664] ? do_raw_spin_unlock+0x181/0x270 [ 627.562185] ? _raw_spin_unlock+0x2d/0x50 [ 627.566356] try_charge+0xec5/0x1490 [ 627.570098] ? lock_downgrade+0x880/0x880 [ 627.574279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 627.579149] ? rcu_read_unlock+0x33/0x60 [ 627.583672] ? get_mem_cgroup_from_mm+0x185/0x510 [ 627.588648] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 627.594737] mem_cgroup_try_charge+0x259/0x6b0 [ 627.599351] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 627.604304] wp_page_copy+0x430/0x16a0 [ 627.608216] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 627.613145] ? follow_pfn+0x2a0/0x2a0 [ 627.616968] ? do_raw_spin_unlock+0x181/0x270 [ 627.621486] do_wp_page+0x57d/0x10b0 [ 627.625225] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 627.629933] ? __handle_mm_fault+0x189a/0x3f80 [ 627.634547] __handle_mm_fault+0x2305/0x3f80 [ 627.638998] ? copy_page_range+0x2030/0x2030 [ 627.643450] ? count_memcg_event_mm+0x2b1/0x4d0 [ 627.648259] handle_mm_fault+0x1b5/0x690 [ 627.652357] __get_user_pages+0x609/0x1860 [ 627.656628] ? follow_page_mask+0x1ac0/0x1ac0 [ 627.661147] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 627.666184] ? retint_kernel+0x2d/0x2d [ 627.670093] populate_vma_page_range+0x20d/0x2a0 [ 627.674886] __mm_populate+0x204/0x380 [ 627.678809] ? populate_vma_page_range+0x2a0/0x2a0 [ 627.683772] __x64_sys_mlockall+0x35c/0x520 [ 627.688130] do_syscall_64+0xfd/0x620 [ 627.691971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.697170] RIP: 0033:0x45b349 [ 627.700388] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 627.719430] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 627.727160] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 627.734451] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 627.741863] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 627.749157] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 627.756554] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 627.764590] Task in /syz1 killed as a result of limit of /syz1 [ 627.771498] memory: usage 307200kB, limit 307200kB, failcnt 5237 [ 627.777808] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.784710] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.791230] Memory cgroup stats for /syz1: cache:28KB rss:296976KB rss_huge:245760KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:89052KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:186264KB [ 627.815460] Memory cgroup out of memory: Kill process 4176 (syz-executor.1) score 1226 or sacrifice child [ 627.825720] Killed process 4362 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 627.842996] oom_reaper: reaped process 4362 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:30:30 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2c4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:30 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x0) 14:30:30 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x894c, 0x0) 14:30:31 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:31 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) 14:30:31 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8980, 0x0) 14:30:31 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x300, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:31 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:30:31 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x0) 14:30:31 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0) 14:30:31 executing program 5 (fault-call:5 fault-nth:0): clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:31 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x37c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:31 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8981, 0x0) 14:30:31 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x2) 14:30:31 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x3) 14:30:32 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:32 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3b0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:32 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8982, 0x0) [ 630.567816] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 630.579157] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 630.584623] CPU: 1 PID: 5578 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 630.592457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 630.601836] Call Trace: [ 630.604454] dump_stack+0x197/0x210 [ 630.608119] dump_header+0x15e/0xa55 [ 630.611871] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 630.616997] ? ___ratelimit+0x60/0x595 [ 630.620898] ? do_raw_spin_unlock+0x181/0x270 [ 630.625553] oom_kill_process.cold+0x10/0x6ef [ 630.630076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.635665] ? task_will_free_mem+0x139/0x6e0 [ 630.640190] ? find_held_lock+0x35/0x130 [ 630.644283] out_of_memory+0x362/0x1330 [ 630.648286] ? lock_downgrade+0x880/0x880 [ 630.652575] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 630.657727] ? oom_killer_disable+0x280/0x280 [ 630.662257] ? find_held_lock+0x35/0x130 [ 630.666383] mem_cgroup_out_of_memory+0x1d2/0x240 [ 630.671239] ? memcg_event_wake+0x230/0x230 [ 630.675588] ? do_raw_spin_unlock+0x181/0x270 [ 630.680298] ? _raw_spin_unlock+0x2d/0x50 [ 630.684473] try_charge+0xec5/0x1490 [ 630.688208] ? lock_downgrade+0x880/0x880 [ 630.692375] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 630.697240] ? rcu_read_unlock+0x33/0x60 [ 630.701320] ? get_mem_cgroup_from_mm+0x185/0x510 [ 630.706188] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 630.712266] ? mark_held_locks+0x100/0x100 [ 630.716529] mem_cgroup_try_charge+0x259/0x6b0 [ 630.721138] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 630.726093] __handle_mm_fault+0x1e50/0x3f80 [ 630.730525] ? copy_page_range+0x2030/0x2030 [ 630.734975] ? count_memcg_event_mm+0x2b1/0x4d0 [ 630.739676] handle_mm_fault+0x1b5/0x690 [ 630.743775] __get_user_pages+0x609/0x1860 [ 630.748045] ? follow_page_mask+0x1ac0/0x1ac0 [ 630.752582] ? lock_acquire+0x16f/0x3f0 [ 630.756667] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 630.763362] populate_vma_page_range+0x20d/0x2a0 [ 630.768155] __mm_populate+0x204/0x380 [ 630.772078] ? populate_vma_page_range+0x2a0/0x2a0 [ 630.779989] __x64_sys_mlockall+0x35c/0x520 [ 630.784335] do_syscall_64+0xfd/0x620 [ 630.788159] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 630.793357] RIP: 0033:0x45b349 [ 630.796561] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 630.815473] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 630.823194] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 630.830642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 630.837926] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 630.845200] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 630.852484] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 630.860074] Task in /syz1 killed as a result of limit of /syz1 [ 630.866078] memory: usage 307200kB, limit 307200kB, failcnt 5270 [ 630.872300] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.879138] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.885282] Memory cgroup stats for /syz1: cache:28KB rss:296996KB rss_huge:245760KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:105788KB active_anon:21768KB inactive_file:0KB active_file:0KB unevictable:169604KB [ 630.907382] Memory cgroup out of memory: Kill process 22516 (syz-executor.1) score 1163 or sacrifice child 14:30:32 executing program 0: socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:30:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x4) 14:30:32 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3c0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:32 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xa) [ 630.917274] Killed process 22516 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 630.984172] oom_reaper: reaped process 22516 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:30:32 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3f8, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:32 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = getpid() ptrace(0x8, r1) ptrace(0x4206, r0) r2 = syz_open_procfs(r1, &(0x7f0000000000)='cpuset\x00') epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000040)={0x8000000a}) tkill(r0, 0x9) 14:30:32 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x8983, 0x0) 14:30:33 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe) 14:30:33 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) [ 631.748768] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 631.760075] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 631.765626] CPU: 1 PID: 6215 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 631.773434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.782806] Call Trace: [ 631.785540] dump_stack+0x197/0x210 [ 631.789197] dump_header+0x15e/0xa55 [ 631.792946] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 631.798086] ? ___ratelimit+0x60/0x595 [ 631.802009] ? do_raw_spin_unlock+0x181/0x270 [ 631.806535] oom_kill_process.cold+0x10/0x6ef [ 631.811060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.816633] ? task_will_free_mem+0x139/0x6e0 [ 631.821153] ? find_held_lock+0x35/0x130 [ 631.825250] out_of_memory+0x362/0x1330 [ 631.829252] ? lock_downgrade+0x880/0x880 [ 631.833566] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 631.838722] ? oom_killer_disable+0x280/0x280 [ 631.843249] ? find_held_lock+0x35/0x130 [ 631.847351] mem_cgroup_out_of_memory+0x1d2/0x240 [ 631.852312] ? memcg_event_wake+0x230/0x230 [ 631.856671] ? do_raw_spin_unlock+0x181/0x270 [ 631.861196] ? _raw_spin_unlock+0x2d/0x50 [ 631.865377] try_charge+0xec5/0x1490 [ 631.869208] ? lock_downgrade+0x880/0x880 [ 631.873388] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 631.878255] ? rcu_read_unlock+0x33/0x60 [ 631.882475] ? get_mem_cgroup_from_mm+0x185/0x510 [ 631.887360] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 631.893445] ? mark_held_locks+0x100/0x100 [ 631.897753] mem_cgroup_try_charge+0x259/0x6b0 [ 631.902371] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 631.907763] __handle_mm_fault+0x1e50/0x3f80 [ 631.912201] ? copy_page_range+0x2030/0x2030 [ 631.917435] ? count_memcg_event_mm+0x2b1/0x4d0 [ 631.922133] handle_mm_fault+0x1b5/0x690 [ 631.926227] __get_user_pages+0x609/0x1860 [ 631.930539] ? follow_page_mask+0x1ac0/0x1ac0 [ 631.935168] ? lock_acquire+0x16f/0x3f0 [ 631.939177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 631.944836] populate_vma_page_range+0x20d/0x2a0 [ 631.950411] __mm_populate+0x204/0x380 [ 631.954348] ? populate_vma_page_range+0x2a0/0x2a0 [ 631.959321] __x64_sys_mlockall+0x35c/0x520 [ 631.963672] do_syscall_64+0xfd/0x620 [ 631.967505] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.972708] RIP: 0033:0x45b349 [ 631.975917] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 631.994942] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 632.002893] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 632.010191] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 632.017478] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 632.026427] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 632.033720] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 632.041408] Task in /syz1 killed as a result of limit of /syz1 [ 632.047477] memory: usage 307200kB, limit 307200kB, failcnt 5402 [ 632.053644] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.061049] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.067311] Memory cgroup stats for /syz1: cache:28KB rss:297180KB rss_huge:239616KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:122172KB active_anon:21768KB inactive_file:0KB active_file:0KB unevictable:153280KB [ 632.089566] Memory cgroup out of memory: Kill process 23525 (syz-executor.1) score 1163 or sacrifice child [ 632.099515] Killed process 23525 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:30:33 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x89a0, 0x0) 14:30:33 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:33 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3fa, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:33 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25GDTEFACILITIES(r2, 0x89ea, &(0x7f0000000000)) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf) [ 632.444896] oom_reaper: reaped process 23525 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:30:34 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x89a1, 0x0) 14:30:34 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/checkreqprot\x00', 0x204002, 0x0) setsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000140)=0x1, 0x4) ptrace(0x4206, r0) tkill(r0, 0x9) openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x200, 0x0) ftruncate(0xffffffffffffffff, 0x69) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000040)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r5, 0xc0bc5310, &(0x7f0000000180)) 14:30:34 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3fc, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x60) 14:30:34 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0xb101, 0x0) 14:30:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe2) 14:30:34 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:34 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x500, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:34 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x40047452, 0x0) 14:30:34 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf0) 14:30:34 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:34 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$FUSE_INTERRUPT(r1, &(0x7f0000000080)={0x10, 0x0, 0x5}, 0x10) r2 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r2) r3 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/checkreqprot\x00', 0x634040, 0x0) tkill(r5, 0x28) tkill(r3, 0x1f) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$TIOCOUTQ(r7, 0x5411, &(0x7f0000000100)) [ 633.233136] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 633.244560] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 633.250125] CPU: 1 PID: 6981 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 633.257935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.267298] Call Trace: [ 633.269906] dump_stack+0x197/0x210 [ 633.273545] dump_header+0x15e/0xa55 [ 633.277281] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 633.282403] ? ___ratelimit+0x60/0x595 [ 633.286385] ? do_raw_spin_unlock+0x181/0x270 [ 633.290909] oom_kill_process.cold+0x10/0x6ef [ 633.295434] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 633.301012] ? task_will_free_mem+0x139/0x6e0 [ 633.305528] ? find_held_lock+0x35/0x130 [ 633.309619] out_of_memory+0x362/0x1330 [ 633.313615] ? lock_downgrade+0x880/0x880 [ 633.317783] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 633.322906] ? oom_killer_disable+0x280/0x280 [ 633.327508] ? find_held_lock+0x35/0x130 [ 633.331602] mem_cgroup_out_of_memory+0x1d2/0x240 [ 633.336475] ? memcg_event_wake+0x230/0x230 [ 633.340837] ? do_raw_spin_unlock+0x181/0x270 [ 633.345363] ? _raw_spin_unlock+0x2d/0x50 [ 633.349544] try_charge+0xec5/0x1490 [ 633.353300] ? lock_downgrade+0x880/0x880 [ 633.357485] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 633.362453] ? rcu_read_unlock+0x33/0x60 [ 633.366517] ? get_mem_cgroup_from_mm+0x185/0x510 [ 633.371365] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 633.377450] ? mark_held_locks+0x100/0x100 [ 633.381711] mem_cgroup_try_charge+0x259/0x6b0 [ 633.386308] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 633.391249] __handle_mm_fault+0x1e50/0x3f80 [ 633.395673] ? copy_page_range+0x2030/0x2030 [ 633.400189] ? count_memcg_event_mm+0x2b1/0x4d0 [ 633.404871] handle_mm_fault+0x1b5/0x690 [ 633.408947] __get_user_pages+0x609/0x1860 [ 633.413203] ? follow_page_mask+0x1ac0/0x1ac0 [ 633.417704] ? lock_acquire+0x16f/0x3f0 [ 633.421800] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 633.427366] populate_vma_page_range+0x20d/0x2a0 [ 633.432127] __mm_populate+0x204/0x380 [ 633.436036] ? populate_vma_page_range+0x2a0/0x2a0 [ 633.441024] __x64_sys_mlockall+0x35c/0x520 [ 633.445400] do_syscall_64+0xfd/0x620 [ 633.449269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 633.454472] RIP: 0033:0x45b349 [ 633.457684] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 633.476606] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 633.484456] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 633.491759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 633.499110] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 633.506422] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 633.513896] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 633.521469] Task in /syz1 killed as a result of limit of /syz1 [ 633.528149] memory: usage 307200kB, limit 307200kB, failcnt 7217 14:30:35 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x300) [ 633.534400] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 633.541601] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 633.547907] Memory cgroup stats for /syz1: cache:28KB rss:297048KB rss_huge:237568KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:126268KB active_anon:21768KB inactive_file:4KB active_file:0KB unevictable:149176KB [ 633.570435] Memory cgroup out of memory: Kill process 23603 (syz-executor.1) score 1163 or sacrifice child [ 633.580482] Killed process 23603 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 633.621352] oom_reaper: reaped process 23603 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:30:35 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x600, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:35 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r1) setsockopt(r1, 0x8, 0x7d, &(0x7f0000000000)="4b3c3f8d7b1ba5915f66f96db539377d3d405f3e5e16133e2e7016ddfe291619d0d304dff7c7d1d47e15ce4262327bcb7a7e2726b18f5940a26c5d2fb8628c0cab331ba920e0613995cfa49822ef7cdb9aaaf7bc0dc133afd73cc8dcaa5dd6161dcb33172281bb8122dcbd4a183d40dd75bd6bcc1b5d6b7ab812b07ec5015f56760d807b29f24fde08134b6f9ef06c3803a85d6050f29d7c483f1b76935238d23e3090ced020913ad6050d0b1d49da6fbd1db1a6873e17518bcc66c3390a9b9a3b1b7266124d8570bd99b9a113044a398c945d08c2bc5fdcfdc236f537deaac03f04038775", 0xe5) tkill(r0, 0x9) 14:30:35 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x40047459, 0x0) [ 633.821237] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 633.832724] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 633.838387] CPU: 1 PID: 6981 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 633.846215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 633.855600] Call Trace: [ 633.858325] dump_stack+0x197/0x210 [ 633.861987] dump_header+0x15e/0xa55 [ 633.865722] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 633.870847] ? ___ratelimit+0x60/0x595 [ 633.874758] ? do_raw_spin_unlock+0x181/0x270 [ 633.879316] oom_kill_process.cold+0x10/0x6ef [ 633.883884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 633.889451] ? task_will_free_mem+0x139/0x6e0 [ 633.893977] ? find_held_lock+0x35/0x130 [ 633.898203] out_of_memory+0x362/0x1330 [ 633.903172] ? lock_downgrade+0x880/0x880 [ 633.907353] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 633.912485] ? oom_killer_disable+0x280/0x280 [ 633.917001] ? find_held_lock+0x35/0x130 [ 633.921205] mem_cgroup_out_of_memory+0x1d2/0x240 [ 633.926078] ? memcg_event_wake+0x230/0x230 [ 633.930428] ? do_raw_spin_unlock+0x181/0x270 [ 633.934954] ? _raw_spin_unlock+0x2d/0x50 [ 633.939133] try_charge+0xec5/0x1490 [ 633.942874] ? lock_downgrade+0x880/0x880 [ 633.947056] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 633.952103] ? rcu_read_unlock+0x33/0x60 [ 633.956185] ? get_mem_cgroup_from_mm+0x185/0x510 [ 633.961084] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 633.967182] mem_cgroup_try_charge+0x259/0x6b0 14:30:35 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) ptrace(0x4206, r1) tkill(r0, 0x9) [ 633.971798] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 633.976761] wp_page_copy+0x430/0x16a0 [ 633.980678] ? follow_pfn+0x2a0/0x2a0 [ 633.984535] ? do_raw_spin_unlock+0x181/0x270 [ 633.989064] do_wp_page+0x57d/0x10b0 [ 633.992809] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 633.997539] ? kasan_check_write+0x14/0x20 [ 634.001808] ? do_raw_spin_lock+0xd7/0x250 [ 634.006072] __handle_mm_fault+0x2305/0x3f80 [ 634.010503] ? copy_page_range+0x2030/0x2030 [ 634.014966] ? count_memcg_event_mm+0x2b1/0x4d0 14:30:35 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x40049409, 0x0) [ 634.019664] handle_mm_fault+0x1b5/0x690 [ 634.023749] __get_user_pages+0x609/0x1860 [ 634.028018] ? follow_page_mask+0x1ac0/0x1ac0 [ 634.032545] ? lock_acquire+0x16f/0x3f0 [ 634.036542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.042117] populate_vma_page_range+0x20d/0x2a0 [ 634.046901] __mm_populate+0x204/0x380 [ 634.050825] ? populate_vma_page_range+0x2a0/0x2a0 [ 634.055799] __x64_sys_mlockall+0x35c/0x520 [ 634.060203] do_syscall_64+0xfd/0x620 [ 634.064045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 634.069262] RIP: 0033:0x45b349 [ 634.072525] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 634.091451] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 634.099186] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 634.106477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 634.113769] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 634.121200] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 634.128592] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 634.136660] Task in /syz1 killed as a result of limit of /syz1 [ 634.142707] memory: usage 307048kB, limit 307200kB, failcnt 7249 [ 634.148956] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.155854] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.162087] Memory cgroup stats for /syz1: cache:28KB rss:296880KB rss_huge:235520KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113524KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 634.184225] Memory cgroup out of memory: Kill process 6980 (syz-executor.1) score 1226 or sacrifice child [ 634.194077] Killed process 7527 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 634.209013] oom_reaper: reaped process 7527 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 634.296266] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 634.336704] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 634.344538] CPU: 1 PID: 6980 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 634.352542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 634.362251] Call Trace: [ 634.364969] dump_stack+0x197/0x210 [ 634.368620] dump_header+0x15e/0xa55 [ 634.372361] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 634.377530] ? ___ratelimit+0x60/0x595 [ 634.381466] ? do_raw_spin_unlock+0x181/0x270 [ 634.385979] oom_kill_process.cold+0x10/0x6ef [ 634.390510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 634.396079] ? task_will_free_mem+0x139/0x6e0 [ 634.400600] out_of_memory+0x362/0x1330 [ 634.404610] ? lock_downgrade+0x880/0x880 [ 634.408784] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 634.413915] ? oom_killer_disable+0x280/0x280 [ 634.418555] ? find_held_lock+0x35/0x130 [ 634.422670] mem_cgroup_out_of_memory+0x1d2/0x240 [ 634.427546] ? memcg_event_wake+0x230/0x230 [ 634.431901] ? do_raw_spin_unlock+0x181/0x270 [ 634.436414] ? _raw_spin_unlock+0x2d/0x50 [ 634.440588] try_charge+0xc6e/0x1490 [ 634.449023] ? lock_downgrade+0x880/0x880 [ 634.453431] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 634.458326] ? rcu_read_unlock+0x33/0x60 [ 634.462414] ? get_mem_cgroup_from_mm+0x185/0x510 [ 634.467292] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 634.473516] ? lock_downgrade+0x880/0x880 [ 634.477688] mem_cgroup_try_charge+0x259/0x6b0 [ 634.482298] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 634.487284] do_huge_pmd_wp_page+0x97e/0x3580 [ 634.491823] ? __split_huge_pmd+0x2b10/0x2b10 [ 634.496361] ? pmd_val+0x85/0x100 [ 634.499857] __handle_mm_fault+0x167b/0x3f80 [ 634.504288] ? copy_page_range+0x2030/0x2030 [ 634.508863] ? count_memcg_event_mm+0x2b1/0x4d0 [ 634.513558] handle_mm_fault+0x1b5/0x690 [ 634.517627] __do_page_fault+0x62a/0xe90 [ 634.521706] ? vmalloc_fault+0x740/0x740 [ 634.525784] ? trace_hardirqs_off_caller+0x65/0x220 [ 634.530806] ? trace_hardirqs_on_caller+0x6a/0x220 [ 634.535783] ? page_fault+0x8/0x30 [ 634.539388] do_page_fault+0x71/0x57d [ 634.543182] ? page_fault+0x8/0x30 [ 634.546832] page_fault+0x1e/0x30 [ 634.550267] RIP: 0033:0x400644 [ 634.553462] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 634.572571] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 634.577985] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 634.585430] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000001 [ 634.592822] RBP: 0000000000760ee0 R08: 0000000000000000 R09: 0000000000000000 [ 634.600095] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 634.607377] R13: 000000000009ad10 R14: 0000000000760ee8 R15: 000000000075bf2c [ 634.615072] Task in /syz1 killed as a result of limit of /syz1 [ 634.621190] memory: usage 305532kB, limit 307200kB, failcnt 7269 [ 634.627503] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.634272] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 634.640526] Memory cgroup stats for /syz1: cache:28KB rss:295464KB rss_huge:235520KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 634.662759] Memory cgroup out of memory: Kill process 6980 (syz-executor.1) score 1226 or sacrifice child [ 634.672661] Killed process 6980 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 634.683985] oom_reaper: reaped process 6980 (syz-executor.1), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB 14:30:36 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:36 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x700, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xa00) 14:30:36 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x40086602, 0x0) 14:30:36 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4207, r0) tkill(r0, 0x9) 14:30:36 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, 0x4) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe00) 14:30:36 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x20800102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r1) fcntl$setown(r1, 0x8, r0) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xec0) 14:30:36 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x900, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:36 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x40087602, 0x0) [ 635.367998] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 635.379745] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 635.385409] CPU: 0 PID: 7916 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 635.393249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 635.402759] Call Trace: [ 635.405385] dump_stack+0x197/0x210 [ 635.409060] dump_header+0x15e/0xa55 [ 635.412814] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 635.417956] ? ___ratelimit+0x60/0x595 [ 635.421872] ? do_raw_spin_unlock+0x181/0x270 [ 635.426636] oom_kill_process.cold+0x10/0x6ef [ 635.432799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 635.438372] ? task_will_free_mem+0x139/0x6e0 [ 635.442900] ? trace_hardirqs_on_caller+0x6a/0x220 [ 635.447873] out_of_memory+0x362/0x1330 [ 635.451899] ? retint_kernel+0x2d/0x2d [ 635.455815] ? oom_killer_disable+0x280/0x280 [ 635.460363] mem_cgroup_out_of_memory+0x1d2/0x240 [ 635.465482] ? memcg_event_wake+0x230/0x230 [ 635.470454] ? do_raw_spin_unlock+0x181/0x270 [ 635.475034] ? _raw_spin_unlock+0x2d/0x50 [ 635.479299] try_charge+0xec5/0x1490 [ 635.483050] ? lock_downgrade+0x880/0x880 [ 635.487323] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 635.492239] ? rcu_read_unlock+0x33/0x60 [ 635.496332] ? get_mem_cgroup_from_mm+0x185/0x510 [ 635.501217] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 635.507338] mem_cgroup_try_charge+0x259/0x6b0 [ 635.511956] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 635.516919] wp_page_copy+0x430/0x16a0 [ 635.520846] ? follow_pfn+0x2a0/0x2a0 [ 635.524707] ? do_raw_spin_unlock+0x181/0x270 [ 635.529235] do_wp_page+0x57d/0x10b0 [ 635.532981] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 635.537680] ? kasan_check_write+0x14/0x20 [ 635.541944] ? do_raw_spin_lock+0xd7/0x250 [ 635.546222] __handle_mm_fault+0x2305/0x3f80 [ 635.550666] ? copy_page_range+0x2030/0x2030 [ 635.555111] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 635.559962] handle_mm_fault+0x1b5/0x690 [ 635.564070] __get_user_pages+0x609/0x1860 14:30:37 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 635.568349] ? follow_page_mask+0x1ac0/0x1ac0 [ 635.572880] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 635.577800] ? retint_kernel+0x2d/0x2d [ 635.581859] populate_vma_page_range+0x20d/0x2a0 [ 635.586657] __mm_populate+0x204/0x380 [ 635.590583] ? populate_vma_page_range+0x2a0/0x2a0 [ 635.595555] __x64_sys_mlockall+0x35c/0x520 [ 635.599909] do_syscall_64+0xfd/0x620 [ 635.603858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 635.609069] RIP: 0033:0x45b349 [ 635.612290] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 635.631216] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 635.638949] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 635.646240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 635.653759] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 635.662239] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 635.669542] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 635.678314] Task in /syz1 killed as a result of limit of /syz1 [ 635.684531] memory: usage 307152kB, limit 307200kB, failcnt 7384 [ 635.691941] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 635.699019] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 635.705384] Memory cgroup stats for /syz1: cache:28KB rss:297024KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113664KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 635.728480] Memory cgroup out of memory: Kill process 7842 (syz-executor.1) score 1226 or sacrifice child [ 635.738769] Killed process 8116 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 635.821990] oom_reaper: reaped process 8116 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:30:37 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf00) 14:30:37 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x4008b100, 0x0) 14:30:37 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xa00, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:37 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:37 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x3f00) 14:30:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r3, 0xc048ae65, 0x0) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f00000007c0)={0x1ce, 0x3, 0x4, 0x4000000, 0x80000001, {}, {0x1, 0x2, 0x0, 0x80, 0x9, 0x9, "66587adc"}, 0xff, 0x3, @userptr=0x8, 0x5, 0x0, r3}) timerfd_gettime(r4, &(0x7f0000000840)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r5 = getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$EVIOCGABS3F(r7, 0x8018457f, &(0x7f0000000380)=""/8) r8 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000240)={'syz'}, &(0x7f0000000300)='\a', 0x1, 0xfffffffffffffffe) r9 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000480)="3894e0aa755678642797c675ec97969c56f2bf12f6039bb83db491604e9211ccc8408e7618ea37393e03de7717926ee49759d8a25fe0ee491d33465a996e601cab82e84deffd4f43b4b8de7c4fc0f12375966fce546ed08ab352a291b7f16898f20eb89ab513fe62e97796f94ae97e59c92f1eb86a95087d0372707700c803790f74e808663977e98054589d308059a63b0534d429abbad8c75335c1bcd5f596b4ef809be3492bf40907de6a8cedbb24290c9e878204418bbe903f3ced734530", 0xc0, 0xfffffffffffffffd) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/dlm_plock\x00', 0x280000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r13 = dup(r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) getsockopt$inet6_IPV6_IPSEC_POLICY(r13, 0x29, 0x22, &(0x7f0000000880)={{{@in6=@empty, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000000680)=0xffffffd0) keyctl$dh_compute(0x17, &(0x7f0000000180)={r8, r9, r8}, &(0x7f00000000c0)=""/83, 0x3e3, &(0x7f00000001c0)={&(0x7f0000000040)={'crc32c-intel\x00\xfb\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff\x8d\x00'}, &(0x7f00000001c0)}) r14 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f00000002c0), &(0x7f0000000340)=0xc) keyctl$instantiate_iov(0x14, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="497b80c173bd3983534fbf0d417c23528ca2109a8863f21e05d01ee37847a7defb4165e117bc96ca08f86aa8c036e1dece58677ed077f82a185e21f079a8d14666a34f0d7a881db05e4a6eb3712aa979811689e0b900f0e76f4ac549c77e314e243b46e9b5b6f2b0ac8f608a7d207064751480008a30573ceb5bc3a65afd23e37f524e1f97e45abb94e25d0012d0a6903fbb66fee48a947d878c7b29a2af6419c74f0810c383f194af17c69b", 0xac}, {&(0x7f00000000c0)="0d84041ef0ed6c6fce8621c0fd81132db526d5ca13f10a024dfb9a53757d63cbded3e67b658d9c5b3d48e772d4fa9339b7195fdbeca30145eda3bad078ade3", 0x3f}, {&(0x7f0000000100)="0b0f8cc19e4abd45ae152dc65f51e78542e646aab1ef65160ae2097d623c735cb9a34f39e6bd09ad1b15b0eba6f9def4d2e1549c65c397cdb9dd2da02361512dc1973c2692b6db908b3e5e37676a2029052ba30175994db111032f161db2e4e34bae6064374ab981894b046f6340bc6232c3f75844665d", 0x77}, {&(0x7f0000000180)="9392b2e1c3347f8ae4e9b2a70b89d4966f21a4b97cf281415ecca68d3c66de221604ffeadede3f5b8877aad29adf67d067da0d8eb644", 0x36}], 0x4, r8) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r5) tkill(r5, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r16 = dup(r15) pipe2(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$sock_int(r17, 0x1, 0x28, &(0x7f0000000640)=0x401, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) ioctl$VIDIOC_G_EXT_CTRLS(r16, 0xc0205647, &(0x7f0000000540)={0x4, 0x5, 0x1, r6, 0x0, &(0x7f0000000400)={0x980902, 0x10001, [], @p_u8=&(0x7f00000003c0)=0x1f}}) read$fb(r18, &(0x7f0000000580)=""/82, 0x52) 14:30:37 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x1400, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 636.690098] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 636.701853] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 636.708166] CPU: 0 PID: 8675 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 636.715984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.725380] Call Trace: [ 636.728085] dump_stack+0x197/0x210 [ 636.732016] dump_header+0x15e/0xa55 [ 636.735751] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 636.740870] ? ___ratelimit+0x60/0x595 [ 636.744776] ? do_raw_spin_unlock+0x181/0x270 [ 636.749300] oom_kill_process.cold+0x10/0x6ef [ 636.753831] ? oom_badness+0x6c0/0x6c0 [ 636.757743] ? mem_cgroup_scan_tasks+0x1f/0x180 [ 636.762440] out_of_memory+0x362/0x1330 [ 636.766441] ? lock_downgrade+0x880/0x880 [ 636.770611] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 636.775740] ? oom_killer_disable+0x280/0x280 [ 636.780243] ? find_held_lock+0x35/0x130 [ 636.784475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 636.789339] ? memcg_event_wake+0x230/0x230 [ 636.793694] ? do_raw_spin_unlock+0x181/0x270 [ 636.798208] ? _raw_spin_unlock+0x2d/0x50 [ 636.802382] try_charge+0xec5/0x1490 [ 636.806115] ? lock_downgrade+0x880/0x880 [ 636.810389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 636.815278] ? rcu_read_unlock+0x33/0x60 [ 636.819366] ? get_mem_cgroup_from_mm+0x185/0x510 [ 636.824236] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 636.831011] ? trace_hardirqs_on_caller+0x6a/0x220 [ 636.836065] mem_cgroup_try_charge+0x259/0x6b0 [ 636.840838] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 636.845788] wp_page_copy+0x430/0x16a0 [ 636.849707] ? follow_pfn+0x2a0/0x2a0 [ 636.853617] ? do_raw_spin_unlock+0x181/0x270 [ 636.858137] do_wp_page+0x57d/0x10b0 [ 636.861875] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 636.866579] ? kasan_check_write+0x14/0x20 [ 636.870840] ? do_raw_spin_lock+0xd7/0x250 [ 636.875105] __handle_mm_fault+0x2305/0x3f80 [ 636.879542] ? copy_page_range+0x2030/0x2030 [ 636.883970] ? retint_kernel+0x2d/0x2d [ 636.887897] ? count_memcg_event_mm+0x2b1/0x4d0 [ 636.892588] handle_mm_fault+0x1b5/0x690 [ 636.896678] __get_user_pages+0x609/0x1860 [ 636.900943] ? follow_page_mask+0x1ac0/0x1ac0 [ 636.905448] ? retint_kernel+0x2d/0x2d [ 636.909556] populate_vma_page_range+0x20d/0x2a0 [ 636.914363] __mm_populate+0x204/0x380 [ 636.918266] ? populate_vma_page_range+0x2a0/0x2a0 [ 636.923234] __x64_sys_mlockall+0x35c/0x520 [ 636.927583] do_syscall_64+0xfd/0x620 [ 636.931398] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 636.936616] RIP: 0033:0x45b349 [ 636.939826] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 636.958740] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 636.966468] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 636.973754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 636.981144] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 636.988554] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 636.995841] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 637.007882] Task in /syz1 killed as a result of limit of /syz1 [ 637.014338] memory: usage 307200kB, limit 307200kB, failcnt 7785 [ 637.020718] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.027697] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.034031] Memory cgroup stats for /syz1: cache:28KB rss:297108KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113868KB active_anon:21752KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 637.057192] Memory cgroup out of memory: Kill process 8656 (syz-executor.1) score 1226 or sacrifice child [ 637.067634] Killed process 8815 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 637.779176] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 637.790731] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 637.796311] CPU: 1 PID: 8628 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 637.804121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 637.813492] Call Trace: [ 637.816102] dump_stack+0x197/0x210 [ 637.819766] dump_header+0x15e/0xa55 [ 637.823514] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 637.828641] ? ___ratelimit+0x60/0x595 [ 637.832541] ? do_raw_spin_unlock+0x181/0x270 [ 637.837056] oom_kill_process.cold+0x10/0x6ef [ 637.841592] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 637.847163] ? task_will_free_mem+0x139/0x6e0 [ 637.851701] ? find_held_lock+0x35/0x130 [ 637.855856] out_of_memory+0x362/0x1330 [ 637.860747] ? lock_downgrade+0x880/0x880 [ 637.864930] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 637.870079] ? oom_killer_disable+0x280/0x280 [ 637.874590] ? find_held_lock+0x35/0x130 [ 637.878691] mem_cgroup_out_of_memory+0x1d2/0x240 [ 637.883572] ? memcg_event_wake+0x230/0x230 [ 637.887915] ? do_raw_spin_unlock+0x181/0x270 [ 637.892437] ? _raw_spin_unlock+0x2d/0x50 [ 637.896710] try_charge+0xec5/0x1490 [ 637.900452] ? lock_downgrade+0x880/0x880 [ 637.904629] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 637.909503] ? rcu_read_unlock+0x33/0x60 [ 637.913594] ? get_mem_cgroup_from_mm+0x185/0x510 [ 637.918675] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 637.924761] mem_cgroup_try_charge+0x259/0x6b0 [ 637.929350] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 637.934323] wp_page_copy+0x430/0x16a0 [ 637.938669] ? follow_pfn+0x2a0/0x2a0 [ 637.944062] ? do_raw_spin_unlock+0x181/0x270 [ 637.948575] do_wp_page+0x57d/0x10b0 [ 637.952294] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 637.957208] ? kasan_check_write+0x14/0x20 [ 637.961534] ? do_raw_spin_lock+0xd7/0x250 [ 637.965784] __handle_mm_fault+0x2305/0x3f80 [ 637.970244] ? copy_page_range+0x2030/0x2030 [ 637.974672] ? count_memcg_event_mm+0x2b1/0x4d0 [ 637.979352] handle_mm_fault+0x1b5/0x690 [ 637.983432] __get_user_pages+0x609/0x1860 [ 637.987696] ? follow_page_mask+0x1ac0/0x1ac0 [ 637.992201] ? retint_kernel+0x2d/0x2d [ 637.996399] populate_vma_page_range+0x20d/0x2a0 [ 638.001180] __mm_populate+0x204/0x380 [ 638.005083] ? populate_vma_page_range+0x2a0/0x2a0 [ 638.010047] __x64_sys_mlockall+0x35c/0x520 [ 638.016050] do_syscall_64+0xfd/0x620 [ 638.019878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 638.025184] RIP: 0033:0x45b349 [ 638.028378] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 638.047296] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 638.055063] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 638.062353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 638.069661] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 638.076933] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 638.084234] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 638.091718] Task in /syz0 killed as a result of limit of /syz0 [ 638.098383] memory: usage 307200kB, limit 307200kB, failcnt 58 [ 638.104485] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 638.111903] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 638.118297] Memory cgroup stats for /syz0: cache:76KB rss:298020KB rss_huge:69632KB shmem:24KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:211732KB active_anon:10828KB inactive_file:12KB active_file:12KB unevictable:75544KB [ 638.141824] Memory cgroup out of memory: Kill process 8619 (syz-executor.0) score 1226 or sacrifice child [ 638.152250] Killed process 8689 (syz-executor.0) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:39 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x6000) 14:30:40 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x4020940d, 0x0) 14:30:40 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:40 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0xffffffffffffff8b, 0x0, 0x0, 0xfffffe44) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) exit(0x6) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)={0x1c, r2, 0x711, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r2, 0x8, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x6a7b171af03f2d76}, 0x20000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$IMCLEAR_L2(r6, 0x80044946, &(0x7f0000000040)=0xffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r7) fcntl$notify(r7, 0x402, 0x9) tkill(r0, 0x9) 14:30:40 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:40 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047437, 0x0) 14:30:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xc00e) 14:30:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe200) [ 639.046692] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 639.097071] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 639.103656] CPU: 0 PID: 9324 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 639.111497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 639.121000] Call Trace: [ 639.124102] dump_stack+0x197/0x210 [ 639.127751] dump_header+0x15e/0xa55 [ 639.131488] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 639.136755] ? ___ratelimit+0x60/0x595 [ 639.140762] ? do_raw_spin_unlock+0x181/0x270 [ 639.145634] oom_kill_process.cold+0x10/0x6ef [ 639.150270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 639.155836] ? task_will_free_mem+0x139/0x6e0 [ 639.160481] ? find_held_lock+0x35/0x130 [ 639.164571] out_of_memory+0x362/0x1330 [ 639.168573] ? lock_downgrade+0x880/0x880 [ 639.172743] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 639.177862] ? oom_killer_disable+0x280/0x280 [ 639.182376] ? find_held_lock+0x35/0x130 [ 639.186470] mem_cgroup_out_of_memory+0x1d2/0x240 [ 639.191427] ? memcg_event_wake+0x230/0x230 [ 639.195771] ? do_raw_spin_unlock+0x181/0x270 [ 639.200296] ? _raw_spin_unlock+0x2d/0x50 [ 639.204460] try_charge+0xec5/0x1490 [ 639.208270] ? lock_downgrade+0x880/0x880 [ 639.212463] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 639.217325] ? rcu_read_unlock+0x33/0x60 [ 639.221408] ? get_mem_cgroup_from_mm+0x185/0x510 [ 639.226296] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 639.232382] ? lock_downgrade+0x880/0x880 [ 639.236557] mem_cgroup_try_charge+0x259/0x6b0 [ 639.241293] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 639.246355] do_huge_pmd_wp_page+0x97e/0x3580 [ 639.250878] ? __split_huge_pmd+0x2b10/0x2b10 [ 639.255410] ? pmd_val+0x85/0x100 [ 639.258895] __handle_mm_fault+0x167b/0x3f80 [ 639.263335] ? copy_page_range+0x2030/0x2030 [ 639.267921] ? count_memcg_event_mm+0x2b1/0x4d0 [ 639.272787] handle_mm_fault+0x1b5/0x690 [ 639.276874] __do_page_fault+0x62a/0xe90 [ 639.280965] ? vmalloc_fault+0x740/0x740 [ 639.285049] ? trace_hardirqs_off_caller+0x65/0x220 [ 639.290215] ? trace_hardirqs_on_caller+0x6a/0x220 [ 639.295167] ? page_fault+0x8/0x30 [ 639.298813] do_page_fault+0x71/0x57d [ 639.302637] ? page_fault+0x8/0x30 [ 639.306196] page_fault+0x1e/0x30 [ 639.309663] RIP: 0033:0x400644 [ 639.312874] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 639.331805] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 639.337282] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 14:30:40 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:40 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) name_to_handle_at(r1, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x11, 0x5, "0a2ee317d9e24410a5"}, &(0x7f0000000100), 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x6, 0x408000) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8983, &(0x7f0000000040)={0x3, 'ip6tnl0\x00', {0x1f}, 0x5}) r3 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r3) tkill(r3, 0x9) 14:30:40 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80086601, 0x0) 14:30:40 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2200, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf000) [ 639.344601] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 639.351966] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 639.359394] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 639.366810] R13: 000000000009bfe5 R14: 00000000007603e0 R15: 000000000075bf2c 14:30:41 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) sched_setparam(r0, &(0x7f0000000080)=0x7) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r1 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r1) tkill(r1, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = fcntl$dupfd(r3, 0x406, 0xffffffffffffffff) r5 = gettid() tkill(r5, 0x1000000000013) syz_open_procfs(r5, &(0x7f0000000140)='net/protocols\x00') ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000000)={0x80fb, 0x1}) getsockname$tipc(r3, &(0x7f00000000c0), &(0x7f0000000100)=0x10) msgget$private(0x0, 0x114) 14:30:41 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x34000) 14:30:41 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80087601, 0x0) [ 640.458738] Task in /syz1 killed as a result of limit of /syz1 [ 640.464777] memory: usage 307200kB, limit 307200kB, failcnt 7869 [ 640.471055] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.477933] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.484178] Memory cgroup stats for /syz1: cache:28KB rss:295264KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112096KB active_anon:21752KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 640.506421] Memory cgroup out of memory: Kill process 9324 (syz-executor.1) score 1222 or sacrifice child [ 640.516592] Killed process 9480 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 640.545489] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 640.557105] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 640.562600] CPU: 1 PID: 9495 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 640.570418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.579818] Call Trace: [ 640.582426] dump_stack+0x197/0x210 [ 640.586172] dump_header+0x15e/0xa55 [ 640.589912] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 640.595032] ? ___ratelimit+0x60/0x595 [ 640.599036] ? do_raw_spin_unlock+0x181/0x270 [ 640.603555] oom_kill_process.cold+0x10/0x6ef [ 640.608085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 640.613769] ? task_will_free_mem+0x139/0x6e0 [ 640.618293] out_of_memory+0x362/0x1330 [ 640.622298] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 640.627426] ? oom_killer_disable+0x280/0x280 [ 640.632031] ? find_held_lock+0x35/0x130 [ 640.636133] mem_cgroup_out_of_memory+0x1d2/0x240 [ 640.641007] ? memcg_event_wake+0x230/0x230 [ 640.645361] ? do_raw_spin_unlock+0x181/0x270 [ 640.650084] ? _raw_spin_unlock+0x2d/0x50 [ 640.654303] try_charge+0xec5/0x1490 [ 640.658054] ? lock_downgrade+0x880/0x880 [ 640.662248] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 640.667116] ? rcu_read_unlock+0x33/0x60 [ 640.671306] ? get_mem_cgroup_from_mm+0x185/0x510 [ 640.676180] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 640.682405] mem_cgroup_try_charge+0x259/0x6b0 [ 640.687028] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 640.691991] wp_page_copy+0x430/0x16a0 [ 640.695946] ? follow_pfn+0x2a0/0x2a0 [ 640.699772] ? do_raw_spin_unlock+0x181/0x270 [ 640.704294] do_wp_page+0x57d/0x10b0 [ 640.708051] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 640.712908] ? kasan_check_write+0x14/0x20 [ 640.717183] ? do_raw_spin_lock+0xd7/0x250 [ 640.721447] __handle_mm_fault+0x2305/0x3f80 [ 640.725887] ? copy_page_range+0x2030/0x2030 [ 640.730335] ? count_memcg_event_mm+0x2b1/0x4d0 [ 640.735040] handle_mm_fault+0x1b5/0x690 [ 640.739137] __get_user_pages+0x609/0x1860 [ 640.743409] ? follow_page_mask+0x1ac0/0x1ac0 [ 640.747946] ? retint_kernel+0x2d/0x2d [ 640.751878] populate_vma_page_range+0x20d/0x2a0 [ 640.756758] __mm_populate+0x204/0x380 [ 640.760700] ? populate_vma_page_range+0x2a0/0x2a0 [ 640.765672] __x64_sys_mlockall+0x35c/0x520 [ 640.770027] do_syscall_64+0xfd/0x620 [ 640.773859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.779068] RIP: 0033:0x45b349 [ 640.782275] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 640.801309] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 640.809094] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 640.816398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 640.823690] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 640.830979] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 640.838277] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 640.848190] Task in /syz0 killed as a result of limit of /syz0 [ 640.854553] memory: usage 307164kB, limit 307200kB, failcnt 94 [ 640.860785] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.867848] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 640.874194] Memory cgroup stats for /syz0: cache:76KB rss:298028KB rss_huge:69632KB shmem:24KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:211784KB active_anon:10828KB inactive_file:4KB active_file:4KB unevictable:75540KB [ 640.896600] Memory cgroup out of memory: Kill process 9492 (syz-executor.0) score 1226 or sacrifice child [ 640.907237] Killed process 9558 (syz-executor.0) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:43 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:43 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2c00, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:43 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x400300) 14:30:43 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/psched\x00') bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000001c0)={r1, &(0x7f0000000040)="8cfa427e26ffbd262f40b0d1c7a5d943fe646557f59e9a79dd8730f2c17e5f64f104a982f528fafe3527d0891b30e207b7f3167388509d9c84000f602e8f3a749c070de09da91bc01fd8c269c48533b602cad08f18fd939089dce8ccd76d372379b53241235f39fa9b71eadac78578", &(0x7f00000000c0)=""/206}, 0x20) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:43 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0xc0045878, 0x0) 14:30:43 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:43 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf0ffff) 14:30:43 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0xc0045878, 0x0) [ 642.270259] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 642.281851] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 642.291202] CPU: 1 PID: 10125 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 642.299129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.308619] Call Trace: [ 642.311305] dump_stack+0x197/0x210 [ 642.314980] dump_header+0x15e/0xa55 [ 642.318809] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 642.323934] ? ___ratelimit+0x60/0x595 [ 642.327833] ? do_raw_spin_unlock+0x181/0x270 [ 642.332384] oom_kill_process.cold+0x10/0x6ef [ 642.336913] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.342488] ? task_will_free_mem+0x139/0x6e0 [ 642.347002] ? find_held_lock+0x35/0x130 [ 642.351094] out_of_memory+0x362/0x1330 [ 642.355115] ? lock_downgrade+0x880/0x880 [ 642.359290] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 642.364425] ? oom_killer_disable+0x280/0x280 [ 642.368936] ? find_held_lock+0x35/0x130 [ 642.373036] mem_cgroup_out_of_memory+0x1d2/0x240 [ 642.378162] ? memcg_event_wake+0x230/0x230 [ 642.382514] ? do_raw_spin_unlock+0x181/0x270 [ 642.387296] ? _raw_spin_unlock+0x2d/0x50 [ 642.391510] try_charge+0xec5/0x1490 [ 642.395252] ? lock_downgrade+0x880/0x880 [ 642.399429] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 642.404301] ? rcu_read_unlock+0x33/0x60 [ 642.408381] ? get_mem_cgroup_from_mm+0x185/0x510 [ 642.413258] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 642.419355] mem_cgroup_try_charge+0x259/0x6b0 [ 642.423968] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 642.428920] wp_page_copy+0x430/0x16a0 [ 642.432843] ? follow_pfn+0x2a0/0x2a0 [ 642.436676] ? do_raw_spin_unlock+0x181/0x270 [ 642.441198] do_wp_page+0x57d/0x10b0 [ 642.444936] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 642.449629] ? kasan_check_write+0x14/0x20 [ 642.453891] ? do_raw_spin_lock+0xd7/0x250 [ 642.458168] __handle_mm_fault+0x2305/0x3f80 [ 642.462615] ? copy_page_range+0x2030/0x2030 [ 642.467068] ? count_memcg_event_mm+0x2b1/0x4d0 [ 642.471881] handle_mm_fault+0x1b5/0x690 [ 642.475996] __get_user_pages+0x609/0x1860 [ 642.480315] ? follow_page_mask+0x1ac0/0x1ac0 [ 642.484855] ? lock_acquire+0x16f/0x3f0 [ 642.488840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.494412] populate_vma_page_range+0x20d/0x2a0 [ 642.499192] __mm_populate+0x204/0x380 [ 642.503116] ? populate_vma_page_range+0x2a0/0x2a0 [ 642.508090] __x64_sys_mlockall+0x35c/0x520 [ 642.512436] do_syscall_64+0xfd/0x620 [ 642.516257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 642.521461] RIP: 0033:0x45b349 [ 642.524678] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 642.543687] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 642.551632] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 642.558967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 642.566375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 642.573798] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 642.581093] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 642.609876] Task in /syz1 killed as a result of limit of /syz1 [ 642.652709] memory: usage 307200kB, limit 307200kB, failcnt 7915 14:30:44 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3f00, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 642.722510] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.729934] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.736592] Memory cgroup stats for /syz1: cache:28KB rss:297212KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113828KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:161684KB [ 642.759823] Memory cgroup out of memory: Kill process 10040 (syz-executor.1) score 1226 or sacrifice child 14:30:44 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x1000000) [ 642.770649] Killed process 10341 (syz-executor.1) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB [ 642.820899] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:30:44 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x6, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x4, 0x1}, 0x0, 0x0, &(0x7f00000000c0)={0x5, 0x2, 0xc74b, 0x7}, &(0x7f0000000100)=0x2, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x7}}, 0x10) r1 = getpid() socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') r6 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)={0x1c, r5, 0x711, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}]}, 0x1c}}, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r5, 0x10, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x20000001) r8 = syz_genetlink_get_family_id$nbd(&(0x7f00000002c0)='nbd\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x58, r8, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x3f}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x6}, @NBD_ATTR_SOCKETS={0xc, 0x7, 0x0, 0x1, [{0x8, 0x1, r10}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x1) ptrace(0x4206, r1) tkill(r1, 0x9) r11 = creat(&(0x7f0000000280)='./file0\x00', 0x0) r12 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r12, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r12, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r13}, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r10, 0x84, 0xa, &(0x7f0000000400)={0xff, 0x3, 0x202, 0x8e3, 0x5, 0x4, 0x5, 0x2, r13}, &(0x7f0000000440)=0x20) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000480)={r14, 0x6, 0x20}, &(0x7f00000004c0)=0xc) [ 642.876273] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 642.905976] CPU: 0 PID: 10040 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 642.913904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 642.923277] Call Trace: [ 642.925883] dump_stack+0x197/0x210 [ 642.929532] dump_header+0x15e/0xa55 [ 642.933281] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 642.938525] ? ___ratelimit+0x60/0x595 [ 642.942554] ? do_raw_spin_unlock+0x181/0x270 [ 642.947100] oom_kill_process.cold+0x10/0x6ef [ 642.951634] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 642.957192] ? task_will_free_mem+0x139/0x6e0 [ 642.961739] out_of_memory+0x362/0x1330 [ 642.965764] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 642.970883] ? oom_killer_disable+0x280/0x280 14:30:44 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0xc0189436, 0x0) [ 642.975393] ? find_held_lock+0x35/0x130 [ 642.979487] mem_cgroup_out_of_memory+0x1d2/0x240 [ 642.984351] ? memcg_event_wake+0x230/0x230 [ 642.988696] ? do_raw_spin_unlock+0x181/0x270 [ 642.993266] ? _raw_spin_unlock+0x2d/0x50 [ 642.997435] try_charge+0xc6e/0x1490 [ 643.001260] ? lock_downgrade+0x880/0x880 [ 643.005444] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 643.010306] ? rcu_read_unlock+0x33/0x60 [ 643.014388] ? get_mem_cgroup_from_mm+0x185/0x510 [ 643.019262] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 643.025545] ? __free_object+0xe2/0x1f0 [ 643.029538] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 643.034675] mem_cgroup_try_charge+0x259/0x6b0 [ 643.039298] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 643.044342] wp_page_copy+0x430/0x16a0 [ 643.048262] ? follow_pfn+0x2a0/0x2a0 [ 643.052170] ? do_raw_spin_unlock+0x181/0x270 [ 643.056690] do_wp_page+0x57d/0x10b0 [ 643.060520] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 643.065208] ? kasan_check_write+0x14/0x20 [ 643.069461] ? do_raw_spin_lock+0xd7/0x250 [ 643.073717] __handle_mm_fault+0x2305/0x3f80 [ 643.078339] ? copy_page_range+0x2030/0x2030 [ 643.082791] ? count_memcg_event_mm+0x2b1/0x4d0 [ 643.087481] handle_mm_fault+0x1b5/0x690 [ 643.091561] __do_page_fault+0x62a/0xe90 [ 643.095752] ? vmalloc_fault+0x740/0x740 [ 643.099828] ? trace_hardirqs_off_caller+0x65/0x220 [ 643.104958] ? trace_hardirqs_on_caller+0x6a/0x220 [ 643.109908] ? page_fault+0x8/0x30 [ 643.113473] do_page_fault+0x71/0x57d [ 643.117294] ? page_fault+0x8/0x30 [ 643.120859] page_fault+0x1e/0x30 [ 643.124322] RIP: 0033:0x400644 [ 643.127537] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 643.146586] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 643.151964] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 643.159248] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000001 [ 643.167336] RBP: 0000000000760ee0 R08: 0000000000000000 R09: 0000000000000000 [ 643.174617] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 643.181907] R13: 000000000009cca9 R14: 0000000000760ee8 R15: 000000000075bf2c [ 643.235834] Task in /syz1 killed as a result of limit of /syz1 [ 643.255314] memory: usage 305228kB, limit 307200kB, failcnt 7917 [ 643.276085] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 643.291289] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 643.314386] Memory cgroup stats for /syz1: cache:28KB rss:295452KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21752KB inactive_file:0KB active_file:0KB unevictable:161684KB [ 643.351674] Memory cgroup out of memory: Kill process 10040 (syz-executor.1) score 1226 or sacrifice child [ 643.368450] Killed process 10040 (syz-executor.1) total-vm:72720kB, anon-rss:18228kB, file-rss:54368kB, shmem-rss:0kB [ 643.379672] oom_reaper: reaped process 10040 (syz-executor.1), now anon-rss:18324kB, file-rss:54368kB, shmem-rss:0kB 14:30:45 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:45 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:45 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x4000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:45 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x2000000) 14:30:45 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0xc020660b, 0x0) 14:30:45 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = fcntl$getown(0xffffffffffffffff, 0x9) wait4(r0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r1 = creat(&(0x7f0000000340)='./file0\x00', 0x100) getpeername$l2tp(r1, &(0x7f0000000380)={0x2, 0x0, @dev}, &(0x7f00000003c0)=0x10) r2 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r2) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) ioctl$DRM_IOCTL_RM_MAP(r3, 0x4028641b, &(0x7f0000000040)={&(0x7f0000ffd000/0x2000)=nil, 0x1, 0x4, 0x1, &(0x7f0000ffe000/0x2000)=nil, 0x3ff}) rt_sigaction(0xf, &(0x7f0000000100)={&(0x7f0000000080)="c4e2c9a6b509000000c4c2613f6d733192000080200f3805e8ddce312fc4c229961bf30f121fd2ce65673640ad", 0x40000004, &(0x7f00000000c0)="3ec1df0636439cc482613bb1287a8a202636420f1a442597660ffe34fd090000006440d9ff0f38cb12c443456acc00470f1613460f01c1", {[0x1]}}, &(0x7f00000001c0)={&(0x7f0000000140)="42ab65c3f30faef7660fea50fe67f2420f0fc994652e6664660f55b9416b0000c401985cb8d8250ea4c4a2152f6eb30f199118010000653e640f1aafa0cf91ca", 0x0, &(0x7f0000000180)="c4e1917d6000c462ddbaefc4c23d8c09f3d218450fc7fa2e4178ad8fa918949300000000672e43c01d0f000000edf30fa7d8c4212965fa"}, 0x8, &(0x7f0000000200)) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snapshot\x00', 0x40802, 0x0) getsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000440), &(0x7f0000000480)=0x10) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000240)={0x0, 0x0, 0x1, 0x0, [], [{0x3d9a, 0x5, 0x0, 0x8, 0x3f53, 0x7fff}, {0x401, 0x3, 0xc14, 0x7, 0x3f, 0x8}], [[]]}) tkill(r2, 0x9) 14:30:45 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x3000000) [ 643.603397] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 643.615062] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 643.620695] CPU: 1 PID: 10791 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 643.630541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 643.639924] Call Trace: [ 643.642549] dump_stack+0x197/0x210 [ 643.646188] dump_header+0x15e/0xa55 [ 643.649936] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 643.655071] ? ___ratelimit+0x60/0x595 [ 643.658973] ? do_raw_spin_unlock+0x181/0x270 [ 643.663508] oom_kill_process.cold+0x10/0x6ef [ 643.668043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.673612] ? task_will_free_mem+0x139/0x6e0 [ 643.678162] ? find_held_lock+0x35/0x130 [ 643.682255] out_of_memory+0x362/0x1330 [ 643.686267] ? lock_downgrade+0x880/0x880 [ 643.690437] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 643.695675] ? oom_killer_disable+0x280/0x280 [ 643.700212] ? find_held_lock+0x35/0x130 [ 643.704342] mem_cgroup_out_of_memory+0x1d2/0x240 [ 643.718258] ? memcg_event_wake+0x230/0x230 [ 643.722623] ? do_raw_spin_unlock+0x181/0x270 [ 643.727150] ? _raw_spin_unlock+0x2d/0x50 [ 643.731316] try_charge+0xec5/0x1490 [ 643.735064] ? lock_downgrade+0x880/0x880 [ 643.739246] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 643.744485] ? rcu_read_unlock+0x33/0x60 [ 643.748577] ? get_mem_cgroup_from_mm+0x185/0x510 [ 643.753469] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 643.759639] ? mark_held_locks+0x100/0x100 [ 643.763909] mem_cgroup_try_charge+0x259/0x6b0 [ 643.768525] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 643.773498] __handle_mm_fault+0x1e50/0x3f80 [ 643.777930] ? copy_page_range+0x2030/0x2030 [ 643.782612] ? count_memcg_event_mm+0x2b1/0x4d0 [ 643.787297] handle_mm_fault+0x1b5/0x690 [ 643.791385] __get_user_pages+0x609/0x1860 [ 643.795744] ? follow_page_mask+0x1ac0/0x1ac0 [ 643.800271] ? lock_acquire+0x16f/0x3f0 [ 643.804269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 643.809834] populate_vma_page_range+0x20d/0x2a0 [ 643.814619] __mm_populate+0x204/0x380 [ 643.818530] ? populate_vma_page_range+0x2a0/0x2a0 [ 643.823619] __x64_sys_mlockall+0x35c/0x520 [ 643.827955] do_syscall_64+0xfd/0x620 [ 643.831777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 643.836980] RIP: 0033:0x45b349 [ 643.840401] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 643.859313] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 643.867307] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 643.874672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 643.882198] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 643.889477] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 643.896759] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 643.904433] Task in /syz0 killed as a result of limit of /syz0 [ 643.910549] memory: usage 307200kB, limit 307200kB, failcnt 123 [ 643.916847] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 643.923732] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 643.930347] Memory cgroup stats for /syz0: cache:76KB rss:298228KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:214060KB active_anon:10844KB inactive_file:24KB active_file:0KB unevictable:73568KB [ 643.952305] Memory cgroup out of memory: Kill process 1051 (syz-executor.0) score 1163 or sacrifice child [ 643.962163] Killed process 1051 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 644.153760] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 644.165365] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 644.171004] CPU: 0 PID: 10819 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 644.178890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 644.188331] Call Trace: [ 644.190940] dump_stack+0x197/0x210 [ 644.194586] dump_header+0x15e/0xa55 [ 644.198314] oom_kill_process.cold+0x10/0x6ef [ 644.202826] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 644.208375] ? task_will_free_mem+0x139/0x6e0 [ 644.213141] ? find_held_lock+0x35/0x130 [ 644.217828] out_of_memory+0x362/0x1330 [ 644.221895] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 644.226665] ? oom_killer_disable+0x280/0x280 [ 644.231176] ? find_held_lock+0x35/0x130 [ 644.235282] mem_cgroup_out_of_memory+0x1d2/0x240 [ 644.240161] ? memcg_event_wake+0x230/0x230 [ 644.244527] try_charge+0xec5/0x1490 [ 644.248327] ? lock_downgrade+0x880/0x880 [ 644.252621] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 644.257482] ? rcu_read_unlock+0x33/0x60 [ 644.261575] ? get_mem_cgroup_from_mm+0x185/0x510 [ 644.266431] ? trace_hardirqs_on_caller+0x6a/0x220 [ 644.271380] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 644.277454] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 644.282230] mem_cgroup_try_charge+0x259/0x6b0 [ 644.287886] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 644.292834] wp_page_copy+0x430/0x16a0 [ 644.296734] ? follow_pfn+0x2a0/0x2a0 [ 644.300553] ? do_raw_spin_unlock+0x181/0x270 [ 644.305110] do_wp_page+0x57d/0x10b0 [ 644.308841] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 644.313515] ? kasan_check_write+0x14/0x20 [ 644.317758] ? do_raw_spin_lock+0xd7/0x250 [ 644.322009] __handle_mm_fault+0x2305/0x3f80 [ 644.326431] ? copy_page_range+0x2030/0x2030 [ 644.330853] ? count_memcg_event_mm+0x2b1/0x4d0 [ 644.335911] handle_mm_fault+0x1b5/0x690 [ 644.339996] __get_user_pages+0x609/0x1860 [ 644.344301] ? follow_page_mask+0x1ac0/0x1ac0 [ 644.348817] ? retint_kernel+0x2d/0x2d [ 644.352726] populate_vma_page_range+0x20d/0x2a0 [ 644.357501] __mm_populate+0x204/0x380 [ 644.361392] ? populate_vma_page_range+0x2a0/0x2a0 [ 644.366347] __x64_sys_mlockall+0x35c/0x520 [ 644.370855] do_syscall_64+0xfd/0x620 [ 644.374686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 644.379897] RIP: 0033:0x45b349 [ 644.383103] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 644.402011] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 644.409730] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 644.416997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 644.424271] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 644.431547] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 644.438843] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 644.447087] Task in /syz1 killed as a result of limit of /syz1 [ 644.453317] memory: usage 307200kB, limit 307200kB, failcnt 7947 [ 644.459679] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 644.466618] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 644.472973] Memory cgroup stats for /syz1: cache:28KB rss:297224KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113984KB active_anon:21752KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 644.495640] Memory cgroup out of memory: Kill process 10793 (syz-executor.1) score 1226 or sacrifice child [ 644.506404] Killed process 10849 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x4000000) 14:30:47 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x6000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 645.560400] oom_reaper: reaped process 1051 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:30:47 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$pppoe(r4, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000040)={0x0, 0x5}) 14:30:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xa000000) 14:30:47 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x5a300182, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 646.063600] IPVS: ftp: loaded support on port[0] = 21 14:30:47 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:47 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x7c03, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:47 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:47 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe000000) 14:30:47 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = socket$phonet(0x23, 0x2, 0x1) ioctl$FS_IOC_MEASURE_VERITY(r6, 0xc0046686, &(0x7f0000000040)=ANY=[@ANYBLOB="000065e0658659c2041c953161"]) r7 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400202) r8 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r8, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r8, 0x80047453, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r7, 0x40405514, &(0x7f0000000100)={0x4, 0x2, 0x8, 0x4, 'syz1\x00', 0x28a8}) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x6c01, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r12 = dup(r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$BINDER_SET_CONTEXT_MGR(r12, 0x40046207, 0x0) ioctl$KVM_GET_IRQCHIP(r10, 0xc048ae65, 0x0) sendfile(r8, r10, &(0x7f0000000000)=0x100, 0x1f6d) 14:30:47 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r2, 0xc048ae65, 0x0) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000000)) [ 646.475175] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 646.488319] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 646.493772] CPU: 0 PID: 11342 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 646.501667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.511296] Call Trace: [ 646.515908] dump_stack+0x197/0x210 [ 646.519572] dump_header+0x15e/0xa55 [ 646.523311] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 646.528437] ? ___ratelimit+0x60/0x595 [ 646.532348] ? do_raw_spin_unlock+0x181/0x270 [ 646.536968] oom_kill_process.cold+0x10/0x6ef [ 646.541497] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.547076] ? task_will_free_mem+0x139/0x6e0 [ 646.551803] ? find_held_lock+0x35/0x130 [ 646.555906] out_of_memory+0x362/0x1330 [ 646.559924] ? lock_downgrade+0x880/0x880 [ 646.564096] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 646.569225] ? oom_killer_disable+0x280/0x280 [ 646.573729] ? find_held_lock+0x35/0x130 [ 646.577797] mem_cgroup_out_of_memory+0x1d2/0x240 [ 646.582657] ? memcg_event_wake+0x230/0x230 [ 646.587162] ? do_raw_spin_unlock+0x181/0x270 [ 646.591676] ? _raw_spin_unlock+0x2d/0x50 [ 646.595878] try_charge+0xec5/0x1490 [ 646.599612] ? lock_downgrade+0x880/0x880 [ 646.603796] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 646.608648] ? rcu_read_unlock+0x33/0x60 [ 646.612729] ? get_mem_cgroup_from_mm+0x185/0x510 [ 646.617599] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 646.623674] ? mark_held_locks+0x100/0x100 [ 646.627947] mem_cgroup_try_charge+0x259/0x6b0 [ 646.632566] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 646.637571] __handle_mm_fault+0x1e50/0x3f80 [ 646.642006] ? copy_page_range+0x2030/0x2030 [ 646.646650] ? count_memcg_event_mm+0x2b1/0x4d0 [ 646.651429] handle_mm_fault+0x1b5/0x690 [ 646.655528] __get_user_pages+0x609/0x1860 [ 646.659959] ? follow_page_mask+0x1ac0/0x1ac0 [ 646.664469] ? lock_acquire+0x16f/0x3f0 [ 646.668461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.674039] populate_vma_page_range+0x20d/0x2a0 [ 646.678826] __mm_populate+0x204/0x380 [ 646.682729] ? populate_vma_page_range+0x2a0/0x2a0 [ 646.687799] __x64_sys_mlockall+0x35c/0x520 [ 646.692223] do_syscall_64+0xfd/0x620 [ 646.696048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 646.701254] RIP: 0033:0x45b349 [ 646.704449] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 646.723383] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 646.731529] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 646.739024] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 646.746415] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 646.753789] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 646.761073] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 646.769742] Task in /syz0 killed as a result of limit of /syz0 [ 646.775746] memory: usage 307200kB, limit 307200kB, failcnt 4821 [ 646.781978] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 646.788850] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 646.795015] Memory cgroup stats for /syz0: cache:76KB rss:298536KB rss_huge:69632KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218156KB active_anon:10844KB inactive_file:8KB active_file:12KB unevictable:69644KB [ 646.816829] Memory cgroup out of memory: Kill process 2485 (syz-executor.0) score 1163 or sacrifice child [ 646.826625] Killed process 2485 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 646.837708] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 646.848960] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 646.854339] CPU: 1 PID: 11331 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 646.862225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 646.871763] Call Trace: [ 646.874357] dump_stack+0x197/0x210 [ 646.877983] dump_header+0x15e/0xa55 [ 646.881710] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 646.886834] ? ___ratelimit+0x60/0x595 [ 646.890732] ? do_raw_spin_unlock+0x181/0x270 [ 646.895237] oom_kill_process.cold+0x10/0x6ef [ 646.899752] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 646.905308] ? task_will_free_mem+0x139/0x6e0 [ 646.909863] out_of_memory+0x362/0x1330 [ 646.913890] ? lock_downgrade+0x880/0x880 [ 646.918057] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 646.923180] ? oom_killer_disable+0x280/0x280 [ 646.927685] ? find_held_lock+0x35/0x130 [ 646.931915] mem_cgroup_out_of_memory+0x1d2/0x240 [ 646.936779] ? memcg_event_wake+0x230/0x230 [ 646.942240] ? do_raw_spin_unlock+0x181/0x270 [ 646.947850] ? _raw_spin_unlock+0x2d/0x50 [ 646.952027] try_charge+0xec5/0x1490 [ 646.955750] ? lock_downgrade+0x880/0x880 [ 646.959914] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 646.964760] ? rcu_read_unlock+0x33/0x60 [ 646.968943] ? get_mem_cgroup_from_mm+0x185/0x510 [ 646.973812] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 646.979910] mem_cgroup_try_charge+0x259/0x6b0 [ 646.984522] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 646.989468] wp_page_copy+0x430/0x16a0 [ 646.993390] ? follow_pfn+0x2a0/0x2a0 [ 646.997225] ? do_raw_spin_unlock+0x181/0x270 [ 647.001725] do_wp_page+0x57d/0x10b0 [ 647.005443] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 647.010130] ? kasan_check_write+0x14/0x20 [ 647.014457] ? do_raw_spin_lock+0xd7/0x250 [ 647.018932] __handle_mm_fault+0x2305/0x3f80 [ 647.023363] ? copy_page_range+0x2030/0x2030 [ 647.027808] ? count_memcg_event_mm+0x2b1/0x4d0 [ 647.032491] handle_mm_fault+0x1b5/0x690 [ 647.036575] __get_user_pages+0x609/0x1860 [ 647.040878] ? follow_page_mask+0x1ac0/0x1ac0 [ 647.045391] ? lock_acquire+0x16f/0x3f0 [ 647.049363] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 647.055016] populate_vma_page_range+0x20d/0x2a0 [ 647.059798] __mm_populate+0x204/0x380 [ 647.063710] ? populate_vma_page_range+0x2a0/0x2a0 [ 647.068675] __x64_sys_mlockall+0x35c/0x520 [ 647.073123] do_syscall_64+0xfd/0x620 [ 647.076943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 647.082252] RIP: 0033:0x45b349 [ 647.085446] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 647.104493] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 647.112215] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 647.120012] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 647.127306] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 647.134588] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 647.141874] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 647.149539] Task in /syz1 killed as a result of limit of /syz1 [ 647.155552] memory: usage 307200kB, limit 307200kB, failcnt 7976 [ 647.161739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 647.168708] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 647.174908] Memory cgroup stats for /syz1: cache:28KB rss:297340KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114056KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 647.197028] Memory cgroup out of memory: Kill process 11330 (syz-executor.1) score 1226 or sacrifice child [ 647.207018] Killed process 11446 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 647.368661] oom_reaper: reaped process 2485 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:30:49 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x9002, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf000000) 14:30:49 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:49 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) fstat(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001740)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e23, 0x1f, 0x2, 0x0, 0x20, 0x87, 0x0, r1}, {0x0, 0x3, 0x0, 0x19, 0x0, 0x5, 0x6, 0xfff}, {0x2, 0x3ff, 0x3, 0x7}, 0x8747, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x4d4, 0x32}, 0x2, @in6=@mcast2, 0x0, 0x3, 0x0, 0x1, 0xff, 0x6}}, 0xe8) quotactl(0xbc0, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000040)="7e35acb9b16c1454515c9db146e56219d5450e3b5755f69ac2c88eff178b97ba9ae6f2d4105d01a526b6d93c2bbfedef80e73ebc711edbf378c317e56c779bffd4da26617512cdcca38cc347f548ec0ead2677eab7c23ae35bcf71463a7c0395dd98084ba6450e11d59a3293aaf067cfa0d4446f149c7c49ce5a6829b2bcdf4dc0147741a8712fd1e8185d3dc512eab78d5054bd6cc0a4c42e6a779e23d40eb020bd35b6") wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r2 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r2) tkill(r2, 0x9) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r4, 0xc048ae65, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000180)={0x980000, 0x6, 0x8, r4, 0x0, &(0x7f0000000140)={0x3bb, 0x4, [], @p_u8=&(0x7f0000000200)=0x70}}) setsockopt$netlink_NETLINK_NO_ENOBUFS(r5, 0x10e, 0x5, &(0x7f00000001c0)=0x4, 0x4) 14:30:49 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x8106, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f0000000040)) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r3, 0x80047453, 0x0) [ 647.986976] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 647.998344] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 648.003821] CPU: 1 PID: 11700 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 648.011734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 648.021105] Call Trace: [ 648.023715] dump_stack+0x197/0x210 [ 648.027384] dump_header+0x15e/0xa55 [ 648.031130] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 648.036261] ? ___ratelimit+0x60/0x595 [ 648.040196] ? do_raw_spin_unlock+0x181/0x270 [ 648.044744] oom_kill_process.cold+0x10/0x6ef [ 648.049275] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.054858] ? task_will_free_mem+0x139/0x6e0 [ 648.059386] ? find_held_lock+0x35/0x130 [ 648.063481] out_of_memory+0x362/0x1330 [ 648.067489] ? lock_downgrade+0x880/0x880 [ 648.071702] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 648.076837] ? oom_killer_disable+0x280/0x280 [ 648.081360] ? find_held_lock+0x35/0x130 [ 648.085461] mem_cgroup_out_of_memory+0x1d2/0x240 [ 648.090342] ? memcg_event_wake+0x230/0x230 [ 648.094831] ? do_raw_spin_unlock+0x181/0x270 [ 648.099430] ? _raw_spin_unlock+0x2d/0x50 [ 648.103624] try_charge+0xec5/0x1490 [ 648.107367] ? lock_downgrade+0x880/0x880 [ 648.111546] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 648.116414] ? rcu_read_unlock+0x33/0x60 [ 648.120499] ? get_mem_cgroup_from_mm+0x185/0x510 [ 648.125406] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 648.131742] mem_cgroup_try_charge+0x259/0x6b0 [ 648.136367] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 648.141332] wp_page_copy+0x430/0x16a0 [ 648.145256] ? follow_pfn+0x2a0/0x2a0 [ 648.149284] ? do_raw_spin_unlock+0x181/0x270 [ 648.153982] do_wp_page+0x57d/0x10b0 [ 648.157737] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 648.162435] ? kasan_check_write+0x14/0x20 [ 648.166713] ? do_raw_spin_lock+0xd7/0x250 [ 648.170993] __handle_mm_fault+0x2305/0x3f80 [ 648.175443] ? copy_page_range+0x2030/0x2030 [ 648.179907] ? count_memcg_event_mm+0x2b1/0x4d0 14:30:49 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x1a) [ 648.184615] handle_mm_fault+0x1b5/0x690 [ 648.188711] __get_user_pages+0x609/0x1860 [ 648.192992] ? follow_page_mask+0x1ac0/0x1ac0 [ 648.197528] ? lock_acquire+0x16f/0x3f0 [ 648.201532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.207106] populate_vma_page_range+0x20d/0x2a0 [ 648.211900] __mm_populate+0x204/0x380 [ 648.215844] ? populate_vma_page_range+0x2a0/0x2a0 [ 648.220842] __x64_sys_mlockall+0x35c/0x520 [ 648.225197] do_syscall_64+0xfd/0x620 [ 648.229038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 648.234520] RIP: 0033:0x45b349 14:30:49 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:49 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xa087, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:49 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x3f000000) 14:30:49 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x4000, 0x0) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r4}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000180)={0x0, 0xfffffffc}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000200)={r4, 0x8, 0xc9a, 0x6698, 0x53f9, 0x61, 0x81, 0x1, {r7, @in={{0x2, 0x4e20, @broadcast}}, 0xffffffff, 0x0, 0x4, 0x8, 0xffff48b4}}, &(0x7f00000002c0)=0xb0) r8 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x3af94dd8) ioctl$TCSETSF(r8, 0x5404, &(0x7f0000000000)={0x8, 0x8, 0x3, 0x4e439b49, 0x10, "c56de6f63ea1accc675e5d8184eb685a0ce6cf"}) r9 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r9, &(0x7f0000000140)={0x18, 0x0, {0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'macsec0\x00'}}, 0xfffffffffffffd60) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f00000000c0)={0x9e0000, 0x6, 0x8, r8, 0x0, &(0x7f0000000080)={0x990a78, 0xfffffaf9, [], @p_u16=&(0x7f0000000040)=0xfffa}}) ioctl$PPPIOCGMRU(r9, 0x80047453, 0x0) [ 648.237915] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 648.257013] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 648.264755] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 648.272071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 648.279392] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 648.286714] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 648.294007] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 648.302673] Task in /syz1 killed as a result of limit of /syz1 [ 648.308801] memory: usage 307200kB, limit 307200kB, failcnt 8244 [ 648.314978] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 648.321919] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 648.328851] Memory cgroup stats for /syz1: cache:28KB rss:297252KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:115648KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:159968KB [ 648.351528] Memory cgroup out of memory: Kill process 11662 (syz-executor.1) score 1226 or sacrifice child [ 648.363617] Killed process 11730 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x60000000) [ 648.603908] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 648.615248] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 648.620858] CPU: 1 PID: 12110 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 648.628764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 648.638152] Call Trace: [ 648.640755] dump_stack+0x197/0x210 [ 648.644402] dump_header+0x15e/0xa55 [ 648.648150] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 648.653260] ? ___ratelimit+0x60/0x595 [ 648.657261] ? do_raw_spin_unlock+0x181/0x270 [ 648.661796] oom_kill_process.cold+0x10/0x6ef [ 648.666499] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.672183] ? task_will_free_mem+0x139/0x6e0 [ 648.676707] ? find_held_lock+0x35/0x130 [ 648.680821] out_of_memory+0x362/0x1330 [ 648.684948] ? lock_downgrade+0x880/0x880 [ 648.689112] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 648.694247] ? oom_killer_disable+0x280/0x280 [ 648.698880] ? find_held_lock+0x35/0x130 [ 648.703068] mem_cgroup_out_of_memory+0x1d2/0x240 [ 648.708044] ? memcg_event_wake+0x230/0x230 [ 648.712406] ? do_raw_spin_unlock+0x181/0x270 [ 648.717028] ? _raw_spin_unlock+0x2d/0x50 [ 648.721188] try_charge+0xec5/0x1490 [ 648.725680] ? lock_downgrade+0x880/0x880 [ 648.729851] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 648.734724] ? rcu_read_unlock+0x33/0x60 [ 648.738813] ? get_mem_cgroup_from_mm+0x185/0x510 [ 648.745595] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 648.751696] ? mark_held_locks+0x100/0x100 [ 648.755961] mem_cgroup_try_charge+0x259/0x6b0 [ 648.760683] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 648.765625] __handle_mm_fault+0x1e50/0x3f80 [ 648.770093] ? copy_page_range+0x2030/0x2030 [ 648.774536] ? count_memcg_event_mm+0x2b1/0x4d0 [ 648.779226] handle_mm_fault+0x1b5/0x690 [ 648.783334] __get_user_pages+0x609/0x1860 [ 648.787586] ? follow_page_mask+0x1ac0/0x1ac0 [ 648.792100] ? lock_acquire+0x16f/0x3f0 [ 648.796085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 648.801661] populate_vma_page_range+0x20d/0x2a0 [ 648.806437] __mm_populate+0x204/0x380 [ 648.810347] ? populate_vma_page_range+0x2a0/0x2a0 [ 648.815334] __x64_sys_mlockall+0x35c/0x520 [ 648.819670] do_syscall_64+0xfd/0x620 [ 648.823482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 648.828674] RIP: 0033:0x45b349 [ 648.831875] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 648.851531] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 648.859267] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 648.866545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 648.873831] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 648.881120] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 648.888397] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 648.896046] Task in /syz0 killed as a result of limit of /syz0 14:30:50 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xb003, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 648.902384] memory: usage 307200kB, limit 307200kB, failcnt 5446 [ 648.908647] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 648.915535] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 648.921762] Memory cgroup stats for /syz0: cache:76KB rss:298584KB rss_huge:67584KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:220216KB active_anon:10832KB inactive_file:16KB active_file:0KB unevictable:67600KB [ 648.943860] Memory cgroup out of memory: Kill process 10343 (syz-executor.0) score 1163 or sacrifice child [ 648.954118] Killed process 10343 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:30:50 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0xc0b01, 0x0) ioctl$FS_IOC_FIEMAP(r4, 0xc020660b, &(0x7f0000000180)={0x2, 0x6, 0x7, 0x76b, 0xa, [{0x2, 0x4, 0x3, [], 0xa83}, {0x7, 0x1, 0x1, [], 0x100}, {0x8000000000000000, 0x5, 0x400, [], 0x2}, {0x6, 0x3ff, 0x3ff, [], 0x100}, {0x1, 0x20, 0x40, [], 0x2089}, {0x0, 0x9, 0xbb49, [], 0x1084}, {0x0, 0x9, 0x7, [], 0x200a}, {0x81, 0xfff, 0x2, [], 0x4}, {0x11c, 0x6, 0x8, [], 0x8a}, {0x900000000000000, 0x6, 0x100000000, [], 0x2208}]}) r5 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f0000000000)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x6, @dev={[], 0x18}}, 0x52, {0x2, 0x4e24, @remote}, 'veth0_virt_wifi\x00'}) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 649.056001] oom_reaper: reaped process 10343 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:30:50 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x9effffff) 14:30:51 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:51 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x3) 14:30:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xc00e0000) 14:30:51 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000080)={@empty, @rand_addr=0xfffff37e, r2}, 0xc) r3 = socket$pppoe(0x18, 0x1, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4800) connect$pppoe(r4, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) connect$pppoe(r6, &(0x7f00000000c0)={0x18, 0x0, {0x4, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r3, 0x80047453, 0x0) 14:30:51 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:51 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xc003, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:51 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() syz_open_procfs(r0, &(0x7f0000000000)='net/wireless\x00') wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r1 = getpid() socket$inet6(0xa, 0x80000, 0x0) ptrace(0x4206, r1) tkill(r1, 0x9) 14:30:51 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe2000000) [ 649.798599] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 649.840738] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 649.886066] CPU: 1 PID: 12629 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 649.894002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 649.903507] Call Trace: [ 649.906130] dump_stack+0x197/0x210 [ 649.909796] dump_header+0x15e/0xa55 [ 649.913545] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 649.918708] ? ___ratelimit+0x60/0x595 [ 649.922618] ? do_raw_spin_unlock+0x181/0x270 [ 649.927146] oom_kill_process.cold+0x10/0x6ef [ 649.931678] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 649.937248] ? task_will_free_mem+0x139/0x6e0 [ 649.941760] ? find_held_lock+0x35/0x130 [ 649.945858] out_of_memory+0x362/0x1330 [ 649.949863] ? lock_downgrade+0x880/0x880 [ 649.954042] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 649.959419] ? oom_killer_disable+0x280/0x280 [ 649.963938] ? find_held_lock+0x35/0x130 [ 649.968035] mem_cgroup_out_of_memory+0x1d2/0x240 [ 649.973376] ? memcg_event_wake+0x230/0x230 [ 649.977749] ? do_raw_spin_unlock+0x181/0x270 [ 649.982296] ? _raw_spin_unlock+0x2d/0x50 [ 649.986469] try_charge+0xec5/0x1490 [ 649.990197] ? lock_downgrade+0x880/0x880 [ 649.994420] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 649.999315] ? rcu_read_unlock+0x33/0x60 [ 650.003517] ? get_mem_cgroup_from_mm+0x185/0x510 [ 650.008403] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 650.014999] ? lock_downgrade+0x880/0x880 [ 650.019196] mem_cgroup_try_charge+0x259/0x6b0 [ 650.023815] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 650.028800] do_huge_pmd_wp_page+0x97e/0x3580 [ 650.033336] ? __split_huge_pmd+0x2b10/0x2b10 [ 650.037901] ? pmd_val+0x85/0x100 [ 650.041449] __handle_mm_fault+0x167b/0x3f80 [ 650.045902] ? copy_page_range+0x2030/0x2030 [ 650.050360] ? count_memcg_event_mm+0x2b1/0x4d0 [ 650.055068] handle_mm_fault+0x1b5/0x690 [ 650.059154] __do_page_fault+0x62a/0xe90 [ 650.063235] ? vmalloc_fault+0x740/0x740 [ 650.067451] ? trace_hardirqs_off_caller+0x65/0x220 [ 650.072889] ? trace_hardirqs_on_caller+0x6a/0x220 [ 650.077843] ? page_fault+0x8/0x30 [ 650.081406] do_page_fault+0x71/0x57d [ 650.085236] ? page_fault+0x8/0x30 [ 650.088964] page_fault+0x1e/0x30 [ 650.092427] RIP: 0033:0x400644 [ 650.095653] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 650.114841] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 650.120229] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 650.127523] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 650.134917] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 650.142250] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 650.149541] R13: 000000000009e9f9 R14: 00000000007603e0 R15: 000000000075bf2c 14:30:51 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xc402, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:51 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_ENUMAUDOUT(r4, 0xc0345642, &(0x7f0000000000)={0xfc, "8f375537997838fc27da1e80e91162abbc7b18a60d0f20451e54896d99f9bd6b", 0x6}) 14:30:51 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000003cc0)={&(0x7f0000000800)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000002c00)=[{&(0x7f0000000880)=""/110, 0x6e}, {&(0x7f0000000900)=""/6, 0x6}, {&(0x7f0000000940)=""/156, 0x9c}, {&(0x7f0000000a00)=""/106, 0x6a}, {&(0x7f0000000a80)=""/37, 0x25}, {&(0x7f0000000ac0)=""/8, 0x8}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f0000001b00)=""/4096, 0x1000}, {&(0x7f0000002b00)=""/225, 0xe1}], 0x9, &(0x7f0000002cc0)=""/4096, 0x1000}, 0x21) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, &(0x7f0000000000)=0x6, 0x4) getsockopt$inet_tcp_int(r1, 0x6, 0x7, &(0x7f0000003d00), &(0x7f0000003d40)=0x4) ptrace(0x4206, r0) tkill(r0, 0x9) 14:30:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf0ffffff) [ 650.387074] Task in /syz1 killed as a result of limit of /syz1 [ 650.393108] memory: usage 307200kB, limit 307200kB, failcnt 8291 [ 650.515641] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 650.527013] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 650.533580] Memory cgroup stats for /syz1: cache:28KB rss:295292KB rss_huge:229376KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112096KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161556KB [ 650.562450] Memory cgroup out of memory: Kill process 12629 (syz-executor.1) score 1222 or sacrifice child [ 650.655852] Killed process 12663 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:52 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000), 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:52 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xfffff000) 14:30:52 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xedc0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:52 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x1, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:30:52 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_SET_XSAVE(r1, 0x5000aea5, &(0x7f0000000000)={[0xbc5, 0x3, 0x9, 0x8, 0x0, 0x6, 0x0, 0x0, 0x2, 0x2, 0x9, 0x5, 0x9, 0x401, 0x4, 0xfffffff7, 0x2, 0x6fc7, 0xffffd939, 0x1, 0xcb, 0x6, 0x3, 0x5, 0x8, 0x8, 0x3, 0x6, 0x251a0577, 0x2, 0x1, 0x200, 0x8, 0x3ff, 0x9, 0x9dc, 0x7, 0x9, 0x4, 0x7, 0x1, 0x2, 0x6, 0x0, 0x7fff, 0x80000000, 0x1000, 0x80000000, 0xaa, 0x3, 0x4, 0x8, 0x0, 0x10000, 0x3, 0xa14, 0x67a, 0x6, 0x3, 0x81, 0x2, 0x8cde, 0x3, 0xfff, 0x1, 0x1, 0x2, 0x5, 0x7, 0x0, 0x9, 0x10001, 0xd710, 0x9, 0x9, 0x0, 0x8, 0x20, 0x8, 0xcaa, 0x81, 0x0, 0x5, 0x0, 0x9d6, 0xfffffffc, 0x8, 0x6, 0x3ff, 0x4, 0xfffffe01, 0x1a5b, 0x4, 0x1000, 0xd9, 0x7fffffff, 0x1, 0x4, 0x7, 0x2, 0x1, 0x2, 0x80000000, 0x1000, 0xc1, 0xefbb, 0x4, 0x20, 0x5, 0x7fff, 0x8, 0x80, 0x7, 0x8001, 0x7ff, 0xfffffff9, 0x100, 0x1ff, 0x0, 0xd957, 0x212c7964, 0x401, 0x45, 0x7f, 0xffff, 0x2, 0x6, 0x9, 0x1482f539, 0x20, 0x2, 0xffffffff, 0x20, 0x6, 0x7, 0x1, 0x9fc, 0x1, 0x6, 0x20, 0x1, 0xff, 0x4f, 0x101, 0x6, 0x79c908e4, 0x3, 0x7, 0x2, 0x1, 0x3, 0x9, 0x3, 0x8001, 0x0, 0x3, 0x8, 0xc89, 0x2, 0x4, 0x2, 0xfffffffb, 0x101, 0x2, 0xffffff80, 0x5, 0x3, 0x3ff, 0x20, 0x7, 0x80, 0x8001, 0x671, 0x81, 0x3, 0x8, 0x8000, 0x80000000, 0x2, 0x1b9c, 0x41, 0x2, 0x5, 0x100, 0x3, 0x2, 0x1, 0x1, 0x1, 0xfffffffb, 0x8, 0x8, 0x9d, 0x10001, 0x10000, 0x3, 0x6, 0x4fab, 0x6, 0x400, 0x2, 0xffffffa8, 0x8, 0x10000, 0x9, 0x7, 0xcb27, 0x6, 0xe72, 0x80000001, 0x81, 0x5, 0x7, 0x5, 0xfffffc01, 0x4, 0xe8, 0x0, 0x6, 0x9, 0x8000, 0x48, 0x7ff, 0x3, 0x6, 0x4, 0x1, 0x0, 0x9, 0x8, 0x3ff, 0x8f, 0x40, 0x8, 0x80000000, 0x100, 0x80000000, 0xfacf, 0x9, 0xcc, 0x34ea5f7a, 0x3, 0x1ffe0, 0x6, 0x2, 0xdb, 0x800, 0x9, 0x7fffffff, 0x3ff, 0x8, 0x10001, 0x0, 0x3ff, 0x9, 0x5, 0x2, 0x0, 0x1, 0x4, 0x1000, 0xffffffc1, 0x1, 0xfffffff9, 0x4, 0x1, 0xe10, 0x0, 0xffffff01, 0x1, 0xeb8, 0x409b41c, 0x8, 0x88e, 0x6, 0x7, 0x5, 0x80, 0x40, 0x3f, 0xffff, 0x8, 0x71, 0x8, 0xff, 0x3b3e, 0x100, 0x6a40, 0x4, 0x6, 0x7fff, 0x81, 0x2, 0x7fffffff, 0xffffffff, 0x101, 0x1000, 0x40, 0x28, 0xc84, 0xfff, 0x3, 0x2, 0xab, 0x1, 0x6, 0xffff849a, 0xd0, 0xf000, 0xfff, 0x4, 0xffff7fff, 0x40, 0x8, 0xe385, 0x0, 0x3b, 0x2, 0x1, 0x8, 0x0, 0x4, 0x401, 0x7fffffff, 0x2ce, 0x3, 0x360, 0x2, 0x802, 0x9, 0x8, 0x0, 0x6978cba0, 0x0, 0x8001, 0x3, 0x7f, 0x0, 0x55, 0x20, 0x3, 0x4, 0x5, 0x8000, 0x3, 0xff, 0x8, 0x8c9, 0x8000, 0x8, 0x2, 0x800, 0x7f, 0x5, 0xd4e, 0x7, 0xb0c6, 0x80, 0x75, 0x8, 0x2, 0x13, 0x1, 0x0, 0x8000, 0x7fff, 0x8000, 0x4, 0x0, 0x80000001, 0x9, 0x5d1, 0x80000001, 0x7, 0xc2, 0x2, 0x1, 0x401, 0x819, 0x1, 0x3, 0xc885, 0x2, 0x3, 0xbde1, 0x6, 0x209, 0x33, 0x9, 0xaad8, 0xf4, 0x1000, 0x2, 0x5, 0x4, 0x6, 0x4, 0x2, 0x4bb, 0xf2c, 0x81, 0x8bfc, 0x10001, 0xfff, 0x2, 0x8001, 0x0, 0x4, 0xfffff85b, 0x9, 0xfffffffe, 0x7fff, 0xffff, 0x1fe00, 0xffffff7f, 0x3, 0x9, 0x8, 0x7, 0x4b, 0xfffffffc, 0x2, 0x67, 0x3, 0xffff, 0x7f, 0xdfae, 0x8, 0x6, 0x4, 0x2, 0x3f, 0x7fffffff, 0xfffffffa, 0x9, 0x28, 0xe7, 0x200, 0x101, 0xfffffffc, 0xc43, 0x5, 0x3f, 0x1, 0x8000, 0x0, 0x85, 0xffff, 0x8, 0x5, 0xad06ff4, 0x6, 0x3, 0xdf, 0xe78, 0x5, 0x7f, 0xb, 0x3ff, 0x6, 0x7, 0x355, 0xd70, 0xfffffff7, 0x10d, 0x789, 0x2660, 0x1, 0x2, 0x7f, 0xe, 0x8, 0x3f, 0x7fff, 0x259, 0x80c1, 0x11, 0x1, 0x4, 0x1, 0x5f, 0x7f, 0x4, 0x5, 0x7ff, 0x10000, 0xc65, 0x28d, 0x8, 0x7fff, 0xf34280e3, 0x5, 0x5, 0x20, 0x7f, 0x9, 0x8, 0x7, 0x8, 0x9079, 0x1, 0x6, 0x3, 0x7d5b, 0x4, 0x9, 0x5cc, 0x80, 0x1, 0x3, 0x7, 0x8, 0x3, 0x80, 0x6, 0x2, 0x3, 0x2, 0x2, 0x9, 0x4, 0xdd52, 0x800, 0x80000001, 0xffffffc1, 0x7, 0x1, 0x5, 0x2, 0x0, 0x7, 0x800, 0x8, 0x7fff, 0x6, 0x7, 0x80, 0x1, 0x1ff, 0x80, 0x7, 0x8, 0xa9a, 0x0, 0x0, 0xffff, 0x4, 0xf5, 0x7fffffff, 0x4, 0x9, 0x4, 0x2bd9, 0x1, 0x3, 0xd83e, 0x3, 0x2, 0x90e3, 0x7ff, 0x0, 0x51, 0x40, 0x7fff, 0x51, 0x0, 0x1, 0x4, 0x6, 0xbff9, 0x3, 0x3a3, 0x534, 0x5, 0x80000001, 0x47b, 0x0, 0x2, 0x9, 0x3f, 0xffffffff, 0x8001, 0xffffffff, 0x10001, 0x2, 0x2, 0x3, 0x0, 0x80000000, 0x401, 0xff, 0x44358df6, 0x1, 0xd6, 0xffff7fff, 0x1, 0x0, 0x80000001, 0x800, 0x0, 0x8600, 0x3, 0x8, 0x141, 0x80, 0x63, 0xffffffff, 0x8, 0x400, 0x0, 0x8, 0x858a, 0x1ea, 0x25a, 0x6, 0x1f, 0x1, 0xa000, 0x7863, 0x4, 0x271f, 0x9, 0x2, 0x10001, 0x5, 0x3f, 0x80000001, 0x5, 0x30000000, 0x0, 0x7, 0x7f, 0x8, 0x2, 0x9, 0x7, 0xce, 0x7, 0x1, 0x2, 0x4, 0xdb33, 0xa79, 0x9, 0x8, 0x10001, 0x1, 0x2, 0xfffffff9, 0xfffffff7, 0x9, 0x5e6, 0x80000001, 0x0, 0x9, 0x80000000, 0x3, 0x2, 0x8000, 0x81, 0x5, 0x401, 0x8, 0x401, 0x554, 0x7, 0x0, 0x3, 0x0, 0x7ff, 0xb0, 0x800, 0x1f, 0x6, 0xfffffffd, 0x7fff, 0xac1a, 0x7, 0x9, 0x5, 0x6, 0x6218, 0x4, 0x1, 0x1, 0x401, 0x3ff, 0xd0, 0xfffffeff, 0xffffff00, 0x10001, 0x1f, 0x9, 0x9, 0x3, 0x7240000, 0x4, 0x80, 0x7f, 0x10000000, 0x3f, 0x88af, 0x0, 0xe62, 0x7ff, 0x8, 0xebb9, 0x3, 0x401, 0x1ff, 0x1, 0x4, 0xeb, 0xffffffff, 0x1, 0x80000001, 0x8, 0x8, 0x0, 0x1ab, 0x0, 0x7fff, 0x3, 0x4, 0x0, 0x7f, 0x6, 0xef0a, 0x6, 0x0, 0x40473078, 0x9, 0x5, 0x800, 0xffff, 0xff, 0x3, 0x7, 0x5, 0x0, 0xffffff00, 0xe0, 0x10000, 0xdd, 0x73, 0x6, 0xffff60ba, 0x2, 0xb5f0, 0x9, 0xe67, 0x5, 0x2aecceaf, 0x8, 0xf4, 0x1, 0x59e7eee2, 0x2, 0x8, 0x6, 0x4, 0x400, 0x2000, 0x400, 0x554cb271, 0x3ff, 0x800, 0x80000000, 0x7fffffff, 0x3, 0x0, 0x9, 0x59, 0x5, 0x2, 0x9, 0x6bf, 0x6, 0xfffffffd, 0xeae, 0x40, 0x101, 0x3, 0x20, 0x2, 0x6, 0x8, 0x40, 0x8, 0xbfe, 0x7f, 0x7ff, 0x8, 0x2, 0x2, 0x3, 0x0, 0x1, 0x9, 0x6, 0x6, 0x7ff, 0x2, 0x8000, 0x8, 0x9, 0x3, 0xffffffff, 0x401, 0xfffffffc, 0x1, 0xfffffffb, 0xf6f, 0x100, 0x6, 0x9, 0x4, 0xb189, 0x6, 0x4, 0x9, 0x1, 0x67, 0x7, 0xffffffe1, 0x3, 0x7f, 0xe86, 0x6, 0x2, 0x9f1c, 0x4, 0xffffffff, 0x7c, 0x40, 0x2, 0x2, 0x152e, 0x10000, 0x7fff, 0x5, 0x0, 0x1, 0x1, 0x1, 0x1, 0x7, 0xffffffff, 0x9, 0x0, 0x3, 0x1, 0xffff, 0x800, 0xc64, 0xd886, 0x0, 0xfff, 0x8, 0xf14, 0x7, 0x1, 0x7, 0x582a, 0x0, 0x4, 0x8001, 0x4, 0x40, 0x400, 0x8000, 0x1, 0x40, 0x8, 0x20, 0x7, 0x7, 0xd68e, 0x9ae, 0xcf3a, 0xc4, 0x8, 0x8, 0x0, 0x4, 0x5, 0x9, 0x2, 0x9, 0x5b, 0x5, 0x0, 0x5, 0x7, 0x5, 0x2287, 0x7ff, 0xfffffff7, 0x7, 0xd8, 0x40, 0x4, 0x10001, 0x4, 0x3e6, 0xffffffff, 0x2, 0x6, 0x80000000, 0x1, 0x0, 0x7f, 0x9, 0xffff, 0x7, 0x7ff, 0xfa, 0x8, 0xfffffff9, 0x4, 0x3, 0x3ff, 0x80000, 0x3, 0x9, 0x10001, 0x2, 0xac6, 0x0, 0x7, 0x1, 0x0, 0x2, 0x1f, 0x1f, 0x3f, 0x4, 0xddfa, 0x7, 0x2, 0x8001, 0x4, 0x3f, 0x7ff, 0x4, 0x0, 0x40, 0x10000, 0x6, 0x60, 0x0, 0x10001, 0x0, 0x8, 0x10000, 0x2d6, 0x9, 0x7, 0xffff6557, 0x12000000, 0x0, 0x1f, 0xfffffff8, 0x6, 0x1, 0x4, 0xd647, 0x7, 0x1, 0xce, 0x5, 0x1f6fa6d0, 0x0, 0x8000, 0x3, 0x8, 0x7, 0x2, 0x101, 0x2, 0x2, 0x4, 0x5, 0x6, 0xff, 0x7ff, 0x100, 0x800, 0x1, 0x8001, 0x3, 0x9, 0x2, 0x3, 0x0, 0x101, 0x8, 0x1ff, 0x4, 0xf3a0, 0x1, 0x1, 0x2, 0x400, 0xf568, 0x80, 0xfffffffe, 0x3830, 0xbd, 0x2, 0x9, 0x4, 0x8510, 0x7f, 0x5, 0x800, 0x2, 0x9, 0x2dea, 0x4, 0x1, 0x725, 0x822a, 0x9]}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r2 = getpid() socket$inet6(0xa, 0x0, 0x0) getpid() ptrace(0x4206, r2) tkill(r2, 0x9) 14:30:52 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xffffff7f) 14:30:53 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xf803, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 651.446652] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 651.457997] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 651.463434] CPU: 1 PID: 13455 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 651.471325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 651.480693] Call Trace: [ 651.483313] dump_stack+0x197/0x210 [ 651.487092] dump_header+0x15e/0xa55 [ 651.490826] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 651.496082] ? ___ratelimit+0x60/0x595 [ 651.500002] ? do_raw_spin_unlock+0x181/0x270 [ 651.504535] oom_kill_process.cold+0x10/0x6ef [ 651.509060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.514636] ? task_will_free_mem+0x139/0x6e0 [ 651.519182] ? find_held_lock+0x35/0x130 [ 651.523302] out_of_memory+0x362/0x1330 [ 651.527405] ? lock_downgrade+0x880/0x880 [ 651.531581] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 651.536801] ? oom_killer_disable+0x280/0x280 [ 651.541326] ? find_held_lock+0x35/0x130 [ 651.545429] mem_cgroup_out_of_memory+0x1d2/0x240 [ 651.550285] ? memcg_event_wake+0x230/0x230 [ 651.554628] ? do_raw_spin_unlock+0x181/0x270 [ 651.559167] ? _raw_spin_unlock+0x2d/0x50 [ 651.563355] try_charge+0xec5/0x1490 [ 651.567095] ? lock_downgrade+0x880/0x880 [ 651.571400] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 651.576386] ? rcu_read_unlock+0x33/0x60 [ 651.580604] ? get_mem_cgroup_from_mm+0x185/0x510 [ 651.585600] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 651.591700] mem_cgroup_try_charge+0x259/0x6b0 [ 651.596327] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 651.601353] wp_page_copy+0x430/0x16a0 [ 651.605548] ? follow_pfn+0x2a0/0x2a0 [ 651.609489] ? do_raw_spin_unlock+0x181/0x270 [ 651.614012] do_wp_page+0x57d/0x10b0 [ 651.617769] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 651.622468] ? kasan_check_write+0x14/0x20 [ 651.626735] ? do_raw_spin_lock+0xd7/0x250 [ 651.630999] __handle_mm_fault+0x2305/0x3f80 [ 651.635442] ? copy_page_range+0x2030/0x2030 [ 651.639901] ? count_memcg_event_mm+0x2b1/0x4d0 [ 651.644596] handle_mm_fault+0x1b5/0x690 [ 651.648682] __get_user_pages+0x609/0x1860 [ 651.652960] ? follow_page_mask+0x1ac0/0x1ac0 [ 651.657486] ? lock_acquire+0x16f/0x3f0 [ 651.661478] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 651.667269] populate_vma_page_range+0x20d/0x2a0 [ 651.672065] __mm_populate+0x204/0x380 [ 651.675975] ? populate_vma_page_range+0x2a0/0x2a0 [ 651.680946] __x64_sys_mlockall+0x35c/0x520 [ 651.685381] do_syscall_64+0xfd/0x620 [ 651.689328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 651.694539] RIP: 0033:0x45b349 [ 651.697754] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 651.716670] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 651.724407] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 651.731892] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 651.739176] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 651.746732] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 651.754033] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 651.761666] Task in /syz1 killed as a result of limit of /syz1 [ 651.767738] memory: usage 307200kB, limit 307200kB, failcnt 8318 [ 651.773900] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 651.781561] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:30:53 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) prctl$PR_CAP_AMBIENT(0x2f, 0x3, 0x4) [ 651.787895] Memory cgroup stats for /syz1: cache:28KB rss:297288KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114100KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 651.810147] Memory cgroup out of memory: Kill process 13319 (syz-executor.1) score 1226 or sacrifice child [ 651.820072] Killed process 13592 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 651.858740] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:30:53 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$can_raw(0x1d, 0x3, 0x1) r6 = socket(0x11, 0x800000003, 0x0) bind(r6, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$can_raw(r5, &(0x7f0000000340)={&(0x7f0000000280)={0x1d, r7}, 0x10, &(0x7f0000000300)={&(0x7f00000002c0)=@can={{}, 0x0, 0x0, 0x0, 0x0, "b84cd4aa685b2944"}, 0x10}}, 0x0) ioctl$sock_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @isdn={0x22, 0xf8, 0x3, 0x80, 0x4f}, @can={0x1d, r7}, @phonet={0x23, 0x3, 0xff, 0x2}, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0x7, 0xf566}) r9 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) fstat(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f0000001740)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e23, 0x1f, 0x2, 0x0, 0x20, 0x87, 0x0, r10}, {0x0, 0x3, 0x0, 0x19, 0x0, 0x5, 0x6, 0xfff}, {0x2, 0x3ff, 0x3, 0x7}, 0x8747, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x4d4, 0x32}, 0x2, @in6=@mcast2, 0x0, 0x3, 0x0, 0x1, 0xff, 0x6}}, 0xe8) setsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000180)={{{@in6=@remote, @in6=@mcast2, 0x0, 0x7, 0x4e22, 0x5, 0xa, 0x0, 0x0, 0x3a, r8, r10}, {0x32, 0x7fffffff, 0x9, 0x5, 0x7fffffff, 0x5f8, 0x5, 0xffff}, {0x9, 0x7, 0x80, 0x2}, 0x57, 0x6e6bc0, 0x1, 0x1, 0x2, 0x2}, {{@in=@broadcast, 0x4d4, 0x3c}, 0x2, @in=@local, 0x3503, 0x4, 0x3, 0x20, 0x6, 0x200000, 0x4}}, 0xe8) 14:30:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xffffff9e) [ 651.970400] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 652.003707] CPU: 1 PID: 13319 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 652.011651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 652.021018] Call Trace: [ 652.023632] dump_stack+0x197/0x210 [ 652.027313] dump_header+0x15e/0xa55 [ 652.031052] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 652.036317] ? ___ratelimit+0x60/0x595 [ 652.040230] ? do_raw_spin_unlock+0x181/0x270 [ 652.044750] oom_kill_process.cold+0x10/0x6ef [ 652.049269] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 652.055651] ? task_will_free_mem+0x139/0x6e0 [ 652.060208] out_of_memory+0x362/0x1330 [ 652.064204] ? lock_downgrade+0x880/0x880 [ 652.068368] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 652.073490] ? oom_killer_disable+0x280/0x280 [ 652.078040] ? find_held_lock+0x35/0x130 [ 652.082249] mem_cgroup_out_of_memory+0x1d2/0x240 [ 652.087119] ? memcg_event_wake+0x230/0x230 [ 652.091465] ? do_raw_spin_unlock+0x181/0x270 [ 652.095985] ? _raw_spin_unlock+0x2d/0x50 [ 652.100154] try_charge+0xc6e/0x1490 [ 652.103895] ? lock_downgrade+0x880/0x880 [ 652.108077] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 652.112938] ? rcu_read_unlock+0x33/0x60 14:30:53 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xfffffff0) [ 652.117017] ? get_mem_cgroup_from_mm+0x185/0x510 [ 652.121886] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 652.127964] ? __free_object+0xe2/0x1f0 [ 652.131978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 652.137114] mem_cgroup_try_charge+0x259/0x6b0 [ 652.141730] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 652.146700] wp_page_copy+0x430/0x16a0 [ 652.150763] ? follow_pfn+0x2a0/0x2a0 [ 652.154678] ? do_raw_spin_unlock+0x181/0x270 [ 652.159200] do_wp_page+0x57d/0x10b0 [ 652.162948] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 652.167643] ? kasan_check_write+0x14/0x20 [ 652.172678] ? do_raw_spin_lock+0xd7/0x250 [ 652.176941] __handle_mm_fault+0x2305/0x3f80 [ 652.181389] ? copy_page_range+0x2030/0x2030 [ 652.185838] ? count_memcg_event_mm+0x2b1/0x4d0 [ 652.190544] handle_mm_fault+0x1b5/0x690 [ 652.194629] __do_page_fault+0x62a/0xe90 [ 652.198710] ? vmalloc_fault+0x740/0x740 [ 652.202789] ? trace_hardirqs_off_caller+0x65/0x220 [ 652.207825] ? trace_hardirqs_on_caller+0x6a/0x220 [ 652.212765] ? page_fault+0x8/0x30 [ 652.216407] do_page_fault+0x71/0x57d [ 652.220226] ? page_fault+0x8/0x30 [ 652.223780] page_fault+0x1e/0x30 [ 652.227238] RIP: 0033:0x400644 [ 652.230442] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 652.249605] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 652.254989] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 652.262282] RDX: 0000000000000000 RSI: 0000000020d06000 RDI: 0000000000000000 [ 652.269571] RBP: 0000000000760ee0 R08: 0000000000000000 R09: 0000000000000000 [ 652.276853] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bf20 [ 652.284140] R13: 000000000009f1e4 R14: 0000000000760ee8 R15: 000000000075bf2c [ 652.297561] Task in /syz1 killed as a result of limit of /syz1 [ 652.303581] memory: usage 304952kB, limit 307200kB, failcnt 8327 [ 652.315990] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 652.332427] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 652.367435] Memory cgroup stats for /syz1: cache:28KB rss:295316KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 652.447604] Memory cgroup out of memory: Kill process 13319 (syz-executor.1) score 1226 or sacrifice child [ 652.464673] Killed process 13319 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB 14:30:54 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000), 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:54 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x3a200000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0], 0x2, 0x3ff}) 14:30:54 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x40030000000000) 14:30:54 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:54 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xfa03, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:54 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xfc03, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:54 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf0ffffffffffff) [ 653.058232] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 653.069561] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 653.075048] CPU: 1 PID: 14023 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 653.082957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.092350] Call Trace: [ 653.094963] dump_stack+0x197/0x210 [ 653.098643] dump_header+0x15e/0xa55 [ 653.102385] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 653.107510] ? ___ratelimit+0x60/0x595 [ 653.111433] ? do_raw_spin_unlock+0x181/0x270 [ 653.115959] oom_kill_process.cold+0x10/0x6ef [ 653.120480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.126026] ? task_will_free_mem+0x139/0x6e0 [ 653.130944] ? find_held_lock+0x35/0x130 [ 653.135175] out_of_memory+0x362/0x1330 [ 653.139171] ? lock_downgrade+0x880/0x880 [ 653.143330] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 653.148466] ? oom_killer_disable+0x280/0x280 [ 653.152972] ? find_held_lock+0x35/0x130 [ 653.157071] mem_cgroup_out_of_memory+0x1d2/0x240 [ 653.162056] ? memcg_event_wake+0x230/0x230 [ 653.166402] ? do_raw_spin_unlock+0x181/0x270 [ 653.171014] ? _raw_spin_unlock+0x2d/0x50 [ 653.175178] try_charge+0xec5/0x1490 [ 653.178939] ? lock_downgrade+0x880/0x880 [ 653.183147] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 653.188010] ? rcu_read_unlock+0x33/0x60 [ 653.192218] ? get_mem_cgroup_from_mm+0x185/0x510 [ 653.197211] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 653.203306] mem_cgroup_try_charge+0x259/0x6b0 [ 653.207926] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 653.212893] wp_page_copy+0x430/0x16a0 [ 653.216813] ? follow_pfn+0x2a0/0x2a0 [ 653.220645] ? do_raw_spin_unlock+0x181/0x270 [ 653.225170] do_wp_page+0x57d/0x10b0 [ 653.228910] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 653.233668] ? kasan_check_write+0x14/0x20 [ 653.237920] ? do_raw_spin_lock+0xd7/0x250 [ 653.242199] __handle_mm_fault+0x2305/0x3f80 [ 653.246726] ? copy_page_range+0x2030/0x2030 [ 653.251174] ? count_memcg_event_mm+0x2b1/0x4d0 [ 653.255875] handle_mm_fault+0x1b5/0x690 [ 653.259979] __get_user_pages+0x609/0x1860 [ 653.264253] ? follow_page_mask+0x1ac0/0x1ac0 [ 653.268792] ? lock_acquire+0x16f/0x3f0 [ 653.272801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 653.278372] populate_vma_page_range+0x20d/0x2a0 [ 653.283249] __mm_populate+0x204/0x380 [ 653.287196] ? populate_vma_page_range+0x2a0/0x2a0 [ 653.292178] __x64_sys_mlockall+0x35c/0x520 [ 653.296524] do_syscall_64+0xfd/0x620 [ 653.300553] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 653.305761] RIP: 0033:0x45b349 [ 653.309143] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 653.328063] RSP: 002b:00007fd45075dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 653.335802] RAX: ffffffffffffffda RBX: 00007fd45075e6d4 RCX: 000000000045b349 [ 653.343090] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 653.350382] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 653.357678] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 653.364965] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 653.372607] Task in /syz1 killed as a result of limit of /syz1 [ 653.378673] memory: usage 307200kB, limit 307200kB, failcnt 8348 [ 653.384846] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.391703] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.397909] Memory cgroup stats for /syz1: cache:28KB rss:297364KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113940KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161684KB [ 653.420148] Memory cgroup out of memory: Kill process 13937 (syz-executor.1) score 1226 or sacrifice child [ 653.430160] Killed process 14024 (syz-executor.1) total-vm:72720kB, anon-rss:18324kB, file-rss:34816kB, shmem-rss:0kB 14:30:55 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x420000, 0x0) ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000040)={0x2, @pix={0x6, 0x7, 0x36314d4e, 0x0, 0x0, 0xb5d, 0x5, 0x7fffffff, 0x0, 0x7, 0x2, 0x2}}) statx(0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x4000, 0x80, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$jfs(&(0x7f0000000140)='jfs\x00', &(0x7f0000000180)='./file0\x00', 0x1f, 0x1, &(0x7f0000000240)=[{&(0x7f00000001c0)="09e9faf2f37a7c0c432e89b70ffb2a8319f891ad956d370dcb1c94de225d530be613263600bbe0005ff0282179d8b00a29a9e649f5fbf8fa80b4e9686077614e0155f6c11ec1a622d96570e01c6cdf20aa6cc9", 0x53, 0x79da}], 0x3a04012, &(0x7f00000003c0)={[{@resize_size={'resize', 0x3d, 0xc32}}, {@integrity='integrity'}, {@grpquota='grpquota'}, {@integrity='integrity'}, {@integrity='integrity'}, {@discard_size={'discard', 0x3d, 0x7}}], [{@audit='audit'}, {@fowner_eq={'fowner', 0x3d, r2}}, {@subj_user={'subj_user', 0x3d, 'wlan0S!\\'}}]}) ptrace(0x4206, r0) tkill(r0, 0x38) 14:30:55 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x100000000000000) 14:30:56 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PPPIOCGMRU(r4, 0x80047453, &(0x7f0000000000)) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @remote, 'macvlan0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) ioctl$VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000080)={0xd6f, 0x6, 0x4, 0x1000000, 0x9, {0x0, 0x2710}, {0x3, 0x1, 0x0, 0x59, 0x7, 0x2, "f87080c3"}, 0x10001, 0x2, @planes=&(0x7f0000000040)={0x6, 0x2, @userptr=0x2, 0x200}, 0x5, 0x0, 0xffffffffffffffff}) ioctl$RTC_PLL_GET(r5, 0x80207011, &(0x7f0000000100)) 14:30:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x200000000000000) 14:30:56 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x40000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:56 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000), 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:56 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept$ax25(0xffffffffffffffff, &(0x7f0000000000)={{0x3, @netrom}, [@default, @null, @null, @bcast, @rose, @default, @netrom, @netrom]}, &(0x7f0000000080)=0x48) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r3, 0xc048ae65, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000100)='/dev/snd/controlC#\x00', 0x3e00000000000000, 0x2000) fstat(r4, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001740)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e23, 0x1f, 0x2, 0x0, 0x20, 0x87, 0x0, r5}, {0x0, 0x3, 0x0, 0x19, 0x0, 0x5, 0x6, 0xfff}, {0x2, 0x3ff, 0x3, 0x7}, 0x8747, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x4d4, 0x32}, 0x2, @in6=@mcast2, 0x0, 0x3, 0x0, 0x1, 0xff, 0x6}}, 0xe8) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f00000000c0)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, r5}) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r6 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r6) tkill(r6, 0x9) 14:30:56 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) [ 654.680303] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 654.691731] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 654.697230] CPU: 1 PID: 14356 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 654.705127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.714503] Call Trace: [ 654.717113] dump_stack+0x197/0x210 [ 654.720775] dump_header+0x15e/0xa55 [ 654.724540] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 654.730351] ? ___ratelimit+0x60/0x595 [ 654.734277] ? do_raw_spin_unlock+0x181/0x270 [ 654.738798] oom_kill_process.cold+0x10/0x6ef [ 654.743331] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.748990] ? task_will_free_mem+0x139/0x6e0 [ 654.753632] ? find_held_lock+0x35/0x130 [ 654.757724] out_of_memory+0x362/0x1330 [ 654.761938] ? lock_downgrade+0x880/0x880 [ 654.766112] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 654.771353] ? oom_killer_disable+0x280/0x280 [ 654.775964] ? find_held_lock+0x35/0x130 [ 654.780121] mem_cgroup_out_of_memory+0x1d2/0x240 [ 654.785000] ? memcg_event_wake+0x230/0x230 [ 654.789367] ? do_raw_spin_unlock+0x181/0x270 [ 654.793882] ? _raw_spin_unlock+0x2d/0x50 [ 654.798055] try_charge+0xec5/0x1490 [ 654.801934] ? lock_downgrade+0x880/0x880 [ 654.806201] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 654.811062] ? rcu_read_unlock+0x33/0x60 [ 654.815145] ? get_mem_cgroup_from_mm+0x185/0x510 [ 654.820022] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 654.826110] mem_cgroup_try_charge+0x259/0x6b0 [ 654.830736] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 654.835700] wp_page_copy+0x430/0x16a0 [ 654.839749] ? follow_pfn+0x2a0/0x2a0 [ 654.843585] ? do_raw_spin_unlock+0x181/0x270 [ 654.848116] do_wp_page+0x57d/0x10b0 [ 654.851866] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 654.856655] ? kasan_check_write+0x14/0x20 [ 654.860955] ? do_raw_spin_lock+0xd7/0x250 [ 654.865321] __handle_mm_fault+0x2305/0x3f80 [ 654.869879] ? copy_page_range+0x2030/0x2030 [ 654.874322] ? count_memcg_event_mm+0x2b1/0x4d0 [ 654.879023] handle_mm_fault+0x1b5/0x690 [ 654.883125] __get_user_pages+0x609/0x1860 [ 654.887437] ? follow_page_mask+0x1ac0/0x1ac0 [ 654.892005] ? lock_acquire+0x16f/0x3f0 [ 654.896021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 654.901602] populate_vma_page_range+0x20d/0x2a0 [ 654.906389] __mm_populate+0x204/0x380 [ 654.910306] ? populate_vma_page_range+0x2a0/0x2a0 [ 654.915268] __x64_sys_mlockall+0x35c/0x520 [ 654.919727] do_syscall_64+0xfd/0x620 [ 654.923562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.928770] RIP: 0033:0x45b349 [ 654.931992] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 654.951039] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 654.958763] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 654.966054] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 654.973459] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 654.980752] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 654.988045] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 654.998631] Task in /syz1 killed as a result of limit of /syz1 [ 655.004650] memory: usage 307200kB, limit 307200kB, failcnt 8389 [ 655.010885] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.017731] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.023881] Memory cgroup stats for /syz1: cache:28KB rss:297300KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114124KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161556KB [ 655.046150] Memory cgroup out of memory: Kill process 14355 (syz-executor.1) score 1226 or sacrifice child [ 655.056334] Killed process 14375 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:30:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x300000000000000) 14:30:57 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x1fffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:57 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x1000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETAW(r3, 0x5407, &(0x7f0000000240)={0xcc3, 0xc780, 0xfffc, 0x4, 0xf, "17ac9f5bad8cc11c"}) setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000000180)=0x80000000, 0x4) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r4 = getpid() socket$inet6(0xa, 0x0, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000080)={0xa30000, 0x6, 0x40, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9c0902, 0x7f, [], @string=&(0x7f0000000000)=0x81}}) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r5, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r6, 0x4, 0x70bd2c, 0x25dfdbfe}, 0xfffffffffffffe95}, 0x1, 0x0, 0x0, 0x10}, 0x800) ptrace(0x4206, r4) tkill(r4, 0x9) 14:30:57 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x400000000000000) 14:30:57 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000040)=@assoc_value={0x0, 0x295e}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f00000000c0)=@assoc_id=r2, 0x4) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) openat$cgroup_ro(r5, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={r2, 0xc6}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r8, 0x84, 0xd, &(0x7f0000000240)=@assoc_id=r9, 0x4) r10 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000100)={0x8001, 0x3f, 0x8204, 0x800, 0x3, 0x5, 0xfffffffc, 0x1f, r2}, &(0x7f0000000180)=0x20) r12 = dup(r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1) ioctl$PPPIOCGMRU(r1, 0x80047453, 0x0) 14:30:57 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:57 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="080026bd7000fbdbdf25150000000a001a000180c200000e00000a0006000000000000ebff000a000600ffffffffffff00000c00990007000000ffffffff0c0099000600000000000000165e77c5bfd8a923dc2f085b3856e525d8f5310000000000000004c824b0457ae4cf43e874fb7e43d0aa49e6a3c288b3521f056a2a9925aa1698267b0fdd7281d7ab8f4d274b027b8f61c4d290c6fd32832cd638031d0cb04134a220a98f2d0d4f461a7af7bdc35ae1c663830ec3b75dffaa77d5944b7ca029a1a6f417cae47884978db649a4b7e3618087878360c1cbbfe495b5162e240076f29103874c62236fba41b73d5e4de9721954bbd722925d06145bc0e813ed6e2061e63d06842bd1948b39aeeaa2bc6673ea49e759d73e97dcb3c1402a79a3e310aac25794145b71270cad44f052d72e07d5864e302b9a1a7e"], 0x50}, 0x1, 0x0, 0x0, 0xc000}, 0x1) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r1 = getpid() r2 = socket$inet6(0xa, 0x0, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000080)) ptrace(0x4206, r1) tkill(r1, 0x9) 14:30:57 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x6b6b6b, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:57 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xa00000000000000) 14:30:57 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:57 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xfeffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 656.241869] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:30:57 executing program 3: r0 = socket$inet(0x2, 0xa, 0x20) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 656.363382] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 656.403937] CPU: 1 PID: 14742 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 656.411990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.421625] Call Trace: [ 656.424238] dump_stack+0x197/0x210 [ 656.428137] dump_header+0x15e/0xa55 [ 656.431879] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 656.438091] ? ___ratelimit+0x60/0x595 [ 656.442433] ? do_raw_spin_unlock+0x181/0x270 [ 656.446973] oom_kill_process.cold+0x10/0x6ef [ 656.451498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 656.457052] ? task_will_free_mem+0x139/0x6e0 [ 656.461580] ? find_held_lock+0x35/0x130 [ 656.465716] out_of_memory+0x362/0x1330 [ 656.469714] ? lock_downgrade+0x880/0x880 [ 656.473876] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 656.479097] ? oom_killer_disable+0x280/0x280 [ 656.483599] ? find_held_lock+0x35/0x130 [ 656.487685] mem_cgroup_out_of_memory+0x1d2/0x240 [ 656.492540] ? memcg_event_wake+0x230/0x230 [ 656.496875] ? do_raw_spin_unlock+0x181/0x270 [ 656.501501] ? _raw_spin_unlock+0x2d/0x50 [ 656.505674] try_charge+0xec5/0x1490 [ 656.509423] ? lock_downgrade+0x880/0x880 [ 656.513591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 656.518467] ? rcu_read_unlock+0x33/0x60 [ 656.522698] ? get_mem_cgroup_from_mm+0x185/0x510 [ 656.527559] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 656.533660] ? lock_downgrade+0x880/0x880 [ 656.537858] mem_cgroup_try_charge+0x259/0x6b0 [ 656.542486] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 656.547553] do_huge_pmd_wp_page+0x97e/0x3580 [ 656.552694] ? __split_huge_pmd+0x2b10/0x2b10 [ 656.557522] ? pmd_val+0x85/0x100 [ 656.561012] __handle_mm_fault+0x167b/0x3f80 [ 656.565559] ? copy_page_range+0x2030/0x2030 [ 656.570019] ? count_memcg_event_mm+0x2b1/0x4d0 [ 656.574725] handle_mm_fault+0x1b5/0x690 [ 656.578838] __do_page_fault+0x62a/0xe90 [ 656.582935] ? vmalloc_fault+0x740/0x740 [ 656.587025] ? trace_hardirqs_off_caller+0x65/0x220 [ 656.592067] ? trace_hardirqs_on_caller+0x6a/0x220 [ 656.597028] ? page_fault+0x8/0x30 [ 656.600605] do_page_fault+0x71/0x57d [ 656.604450] ? page_fault+0x8/0x30 [ 656.608008] page_fault+0x1e/0x30 [ 656.611587] RIP: 0033:0x400644 [ 656.614794] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 656.634232] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 656.639697] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 656.646993] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 14:30:58 executing program 5: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x5f79, 0xc0000) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000e80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000e40)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\r\x00\x00', @ANYRES16=r1, @ANYBLOB="000328bd7000fddbdf25100000000800a5000000000083047f00929191a9c72f1ef93803c73a651da9b024abed6b0c346fe5ca2005cb2a09136e68fdf2c3506eecefce1bc3996505a49823c9ef39f6e4dcd0308b6418a271960c4ee9ef2cc4432257154395b6e539f1c2776082090d2f1d22b404482cf7de23bff6972cb65b8dd83d1db1efaa6cfabc4a1d0420d577ee9df28abe4194b22a6ffac9aad13e52fb7a442513ac051059c693f79754ab0e66f3aeee038cff99d2e4d58f92e44f4661a86ac26435bb7ba37a41b2b2c6da4284f2494916cf4490ac3502c88764bdb03957c3c3af24a56a859b48e4dbaa876681608d93697c3a30091323197542ab68fd1e6d073d648ebd3b6fd9605f294e8e4b20f30887beac97d485581545d5aaffec4e830bcffd50809e7fefe5e5b19713f2c943a34f9ceeb575fb1b32fb567cb9348071605a81ca9ebbcf11a0ec29c8fc548bf9a00f5065ba0e95d1a572100ab3eda1a02a1258350569d4191a11a04d2b6ebbf7eb61c035df86dfe6d94244fa8da5bcd36c5830c15c6665ab425759f87540238d544bd6f0205f8cc0d269674345312f5430e90b2b07cc7e2ad1ec3c2f4567563b2d38001a26824003997bc32540999fa29991c0f273831bcc2e67d17c2bf922e8953c0718cb2565d1d5c60d38014e32363a9cedfe4b66328332f4227f3c707d557b9f627a7d2fc983bce059ed5810c4f79402fb775aa48c62f2511e4b8192eb04f7ab93e0b07c30efd392c0b02f3639e06e2038649d248c99a20b836d95dd5fb7bdae1c65e6736889883c3a99f88e88aadb280a45ea56a4cbc14f359935680ba8777752fe62cef8520be71e3b9209373bc21ae7f824707a79aaafa9d8a8f17e8ccd32ad53f36c9a67ababbb677d4a67f4fbb39b265389370391c6ae502ffd8a87f472235bca6fd4cea8341baa66612ff1a917e53cf5c5f7b08ac1a35d27220160e09402ae9d9dd8cc13c018007367be6c7ec2efe5541744b7631b85d0545dbb53a7e1bdb8d0964311645b1d2c0903363f9a84e67413877083d6f69c85279e41bcf57b30a028ba60fc2d0432757ab7b5a26928a573d443c2c01b118b68534bbfb2fb200295493f7a1cf4d7a065ad2afdad682c660e832bbee3a2996c0334217f83f73e64c811d226552107c934a6eda02367e25387eb81bc4d6532c3a01a591c1b1458623b4efd79bd4003fa9e9653d612e6db061039d1a858b23435ad86b2fd40c381c77fcca9c890be7f59a8c4f675895cca832df1735b804c5c42ce59468d0b4498a2509b4ea469ffe8436784af6eebe1763cc216998075bbd1fd17fef25bd000f97d9f4a8b969d229acc564bc9c22c7338ca071772b6f2deb40d446e2e5faacd3ef8cf6c34fd1ef9a7161376113127acd7a2191f36418569bd54926d2c918a8b707407d39f4842ed3e39e2b657f371a601a7386ca6e532e8693377dcd1f2e2db6942cbf514465c3cde36cb01f3ee5844bc137519640ba983c553cc5ecf1393ea6f453134e9fc94a9b0d26e516658ba1fe53cb02e44565949438706a424421cc2c95cd0b6b505792dbf1f1cb1de50b11e10cfbde0db606c0f5f4f7c318258cdbd79bbb78d6ac17beb72e565e3c0936b60fbe564a359426b9c42ecef8624ae3337793069a15afd000500a300000000009d080f008279d09058e66234749f900eec8c5cda0d8f21352d1deae7f1a10fc504414dcc727448c956905e208bbd74b2d9629e991b8a8ed6235b5e68654c58a3388fe4a8f845100098259ad0336d89f404eaba8467baf39c1d3ba270ad6accca50d204909c6104b8b7d405a8af44d54473f9f2016aa7df9b3e71a5cb4f97e33accaa78c2af8b29bd47953a0275e30c5c767005a0f25dd0950fad18d0e359b9a46cd38a4635f90d92234d365085646b8f40845d7cb902bd59c7ac44683c31147976208ab927736770914cd220a519fc5af75544b0c4fda72e30c0fa24883fe24b4d631558751a8763438ba9c5c4f637caae6373657693dc274715158b011beb5ea7621580270f947afe06c1968a2c8a20fd5a6ab3d318cda6a23ec16944ae7139679ec1928794421e75f09fb267bd4bd855c2c0a675376bbe52b25ae14e7d31cf3226bee16875d11be267f300b9009afc0d3777280f7df57fec7a9bd79249070969c0bbb79c66ac4f6d1e341f0ff7f56268726cd1e6e72ac6e42a0ccfb0c7b78c3751ad0045d8d63f450bb09d9abccbe158c6518ed5259c5ae5f36ddd1b94194de1e02d59326089611f9a1e8cd7b7f901e75911c428eb500104c94edd88f10b50c129ee91f496d3b03ca316873332465ad6b2fec185286656c8d608e595be7d08037a1a987c22cdbac11a304056bc28dfdff713e7c6c780df1d6370e675f33b8e23f7a7fa6b1ab81f430adf725cb8d1f0d7d521359cd9eee52c1c1791536a07ea8d0cbaba2f049a257360b77d20d11832b45211a6f86a54d68ad6ec84160a178e44f104ad96fb5b19f18a2c8b4bf0d82eb2efadb41cc658c38516b6d18d6040b463c56cfaa2df0d4d654fae0f762257f396c69ac947bd9bda6d570626c11fbdf9a4b53fdf452fb08057434b988d247991eed5ebc98bd3aef99ba47415eaf25f03703d6e4ad4e526357f7fc3a04aa5881e389c65951326fca79cc20bcbf7a38249d4ebe9ad252ca308d50971fe225d367e49b42b5838d4311121e16e651f176c13044e75ae4caee6aeeb02d87dc9a11bf478091b0df54cb8dd68d9ea14990f6195b26a3e49e0d35aa42d53b3f54ae0827b12817461fc29747fcb88731ba470324711618e49a9044a8031fe3dbcaa50c4ff3fd1bd7eb7d733cae56e843fbc021d6696c9aa86c07fcd9861349bb07b4ed5c5f2b7577b417222a32f07152da7374e8091c870d5c4b14057ca47ad41fd17813d0ece793f136f86b08b26b8f3bde75cbf925758225e89dc11ca0c0a6de40df812bc645cb416b1ed0333b1259916bef3acb7acb6543e5def90618ea52e1684ef6c3be8667ec7c96412af1b5655e951aff2dff45301fbc0756ac5d1e21ac3ec06eabb40bcd09550f38833e1d922c5daea6dd0f7b570310e13771dd17f0821eaf8c4d956f411e3effdd4a6624d6d7faed7778766c2cb921148eec32e663431d45e6e7b313ce7563144a5011268f7d0d9b022e110a74eeacb08fa102214710f5b12563ae4d37b2858c87a5a6939a18591f4e516aedafce5e1fd5eaab1714e415eebfbd11a11a3b6dcf9bd9ab1c396f99166ae0e7972e578282555b3fe0daeb2976d73e1d800ab05020e4ac888a944ad95fa1043a4d8c5d61a1112a3fd518cb26067e7b6902078fb9b3c04c112f2af71cadf8d5f3d7089eeeda69b6561d31a972074a71760328e56395232a7e2085ed517c9615d2acd78414545b879bd9bbf979ae2c1cbf7a33a80e6aba0fa2002ff46d04acc7e7a66463e6bd843bcc04044e008ae1b92e669fa81ee690248a0b12ffa1e884a65f92a999a022799393b76746a264b9a83535d664ddbe534d8715493d839a968e07a549a1dd47bf9d05a4b3c28e2fb9291472fbebafecf576fbe6fc258be46152fb7ad74961dd0d295685f865962facecf2a47ea5e7a93679cf39244a9e58c3faec665f12632ef7a32fbaeec0a785dee212a1de217bf3986e4fca712f833c86bb19d8351700542e00747408077787a68958361dae23db1dabd2abdd05a4ac19b83660c6f4dc18df35c3c5365d214f9e6a38ce4a8d76e7e6f0c3a25845beeeabc54595e4a10944721abe7f577e485a2f01951e8b4d400d79c119c1b259ba965eecc38dbb03293a20ffcaf36b3ed4903fcf11890253aea2285fa10ff9e3370693dc0c0fceeeaee295268c6687b940ccda3a1bbe37b488ce11bed3b3736e9d4ec1c7c9e174a6d389726f1a806a487616c8a41023f2e848ba572ae418b59509f00cc1299691ab77fd72635b99258cb2360a0f523c9906493f17734e2d6de3531da813592f5d9fca66957950328c31807540870ebadbb236ad8f08c9af27fc6bb9b3fffc87808ad20ba49a9f86eb76d0b8a024f8419aca9397f9d4a41e9c6116c5e9116707f46bcdf9b5c8c2e79fe2f454593b6940ac34b467e27a51fd24cf738c3085f15725cd0fdc4326d19e9d81bc862cb955504634c1fde10aa542ba30cde96e694f216bfcfe5127b996228ce8503911b7fecb0d74c6e986422ef5ea87eccd7633962a17f12e18687e6cd2b96bea818819ef34f53273c20d13570243d925d6e2bce6e3325c18d455bd988facfd1cc96b81420d8973118d89247f3a84c74d12deb04a7497e995ccf6132ef856b62ffbb92b37c94ea0820821fc6e7e98c76536ec59a20bc63938c2c2bb3ab56410580cc5dd493f843b5e2db41c9ea9600fdc26f3482c485cb909e63a84ad7d71b62c14e2c862e8633067d77290818bac675b421b9bafdf9afc97a0b1405aac743280b3aa2a00c665d90558f38501e7222e4bb84f45a1b8630f53ac1b023530bddc45427e4327df8891c0984a82e142be10be434136918a675698f00e658ead4a21c87472b69f6ccf8fc80c0d0a557338319479e14828c5cfe98da62f4a0755431bd78b27bef1e0b79ee915092c20b528785a9646cdafc3d5fe76f5ecbb82ae808c2354e887cb7230825982957f7f5ad967836bb62f1f0d10a2bd328d5417ea7959678ce1f0395cc8368bce1c972328db8dccb3d7b53b06b7ed83272eae52f627d9843f70f807d9c04f074a71966eae24016f19d48fbecde657b4c09ccead08e1d626a4cb037c1f3090000000800350000000000"], 0xd50}, 0x1, 0x0, 0x0, 0x10}, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r2 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r2) tkill(r2, 0x9) [ 656.654402] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 656.661695] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bfc8 [ 656.668987] R13: 00000000000a02d6 R14: 00000000007603e0 R15: 000000000075bfd4 14:30:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe00000000000000) 14:30:58 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x1000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:58 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf00000000000000) 14:30:58 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$pppoe(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x3, 0xfa00, @id_resuseaddr={&(0x7f0000000480)=0x1, r3, 0x0, 0x1, 0x4}}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200)='batadv\x00') r7 = socket$can_raw(0x1d, 0x3, 0x1) r8 = socket(0x11, 0x800000003, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r1, 0xc040563e, &(0x7f0000000380)={0x1, 0x0, 0x2, 0x4, {0x56, 0x7ed, 0x7fff, 0xfffffffb}}) bind(r8, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r8, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$can_raw(r7, &(0x7f0000000340)={&(0x7f0000000280)={0x1d, r9}, 0x10, &(0x7f0000000300)={&(0x7f00000002c0)=@can={{}, 0x0, 0x0, 0x0, 0x0, "b84cd4aa685b2944"}, 0x10}}, 0x0) r10 = socket$can_raw(0x1d, 0x3, 0x1) r11 = socket(0x11, 0x800000003, 0x0) bind(r11, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r11, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$can_raw(r10, &(0x7f0000000340)={&(0x7f0000000280)={0x1d, r12}, 0x10, &(0x7f0000000300)={&(0x7f00000002c0)=@can={{}, 0x0, 0x0, 0x0, 0x0, "b84cd4aa685b2944"}, 0x10}}, 0x0) sendmsg$BATADV_CMD_SET_MESH(r5, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x5c, r6, 0x200, 0x70bd2d, 0x25dfdbff, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x648a5d96}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r9}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r12}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8040}, 0x4090) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc]}}, r3}}, 0x48) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000000)={0x9, 0x108, 0xfa00, {r3, 0x1, "5ba1eb", "d8c99caf52333e32ba2af9a31934b890c7cd29dbc2dd4d59bac01fd646be51a46546989c75d7d6e97cbb451b1aea490cffb711d839df6c1ff4c823a4b085b99ad777e7b6496c5d11f48b0336925e8de37b7ba1c35a94d0924836ad6659e01b0335109b7954c812414971eb201b77c81fac406d61de8deabfc06fb2fa2af44c7eb3c966ca358da1c4a918e0bd3895674b63de5491ffe4bf64e54859cff259f92c8224ef5c9d7942af9931d4ebb44cdb0e1c7bbf9b8e2da440c197aa996e0b6531364497f88cf8c93226feb88d20d265a05c5c681c45950783c0e7aa398b565946729eeeaa4f4290ef1d6965bb476efb3a14d2bdd9c59549346f888ebca5f00d41"}}, 0x110) [ 657.564697] Task in /syz1 killed as a result of limit of /syz1 [ 657.577364] memory: usage 307200kB, limit 307200kB, failcnt 8398 [ 657.583762] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.601218] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.613350] Memory cgroup stats for /syz1: cache:28KB rss:295452KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112100KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 657.643077] Memory cgroup out of memory: Kill process 14742 (syz-executor.1) score 1226 or sacrifice child [ 657.653588] Killed process 14927 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 657.692410] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 657.704983] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 657.715827] CPU: 1 PID: 14742 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 657.723863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.733355] Call Trace: [ 657.736092] dump_stack+0x197/0x210 [ 657.739752] dump_header+0x15e/0xa55 [ 657.743497] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 657.748642] ? ___ratelimit+0x60/0x595 [ 657.752552] ? do_raw_spin_unlock+0x181/0x270 [ 657.757251] oom_kill_process.cold+0x10/0x6ef [ 657.761778] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 657.767338] ? task_will_free_mem+0x139/0x6e0 [ 657.771858] ? find_held_lock+0x35/0x130 [ 657.775943] out_of_memory+0x362/0x1330 [ 657.779940] ? lock_downgrade+0x880/0x880 [ 657.784251] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 657.789370] ? oom_killer_disable+0x280/0x280 [ 657.793891] ? find_held_lock+0x35/0x130 [ 657.797980] mem_cgroup_out_of_memory+0x1d2/0x240 [ 657.802834] ? memcg_event_wake+0x230/0x230 [ 657.807355] ? do_raw_spin_unlock+0x181/0x270 [ 657.811988] ? _raw_spin_unlock+0x2d/0x50 [ 657.816263] try_charge+0xec5/0x1490 [ 657.819996] ? lock_downgrade+0x880/0x880 [ 657.824435] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 657.829348] ? rcu_read_unlock+0x33/0x60 [ 657.833460] ? get_mem_cgroup_from_mm+0x185/0x510 [ 657.838492] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 657.844678] ? lock_downgrade+0x880/0x880 [ 657.848898] mem_cgroup_try_charge+0x259/0x6b0 [ 657.853493] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 657.858486] do_huge_pmd_wp_page+0x97e/0x3580 [ 657.863047] ? __split_huge_pmd+0x2b10/0x2b10 [ 657.867559] ? pmd_val+0x85/0x100 [ 657.871018] __handle_mm_fault+0x167b/0x3f80 [ 657.875583] ? copy_page_range+0x2030/0x2030 [ 657.880003] ? count_memcg_event_mm+0x2b1/0x4d0 [ 657.884740] handle_mm_fault+0x1b5/0x690 [ 657.888813] __do_page_fault+0x62a/0xe90 [ 657.892879] ? vmalloc_fault+0x740/0x740 [ 657.896931] ? trace_hardirqs_off_caller+0x65/0x220 [ 657.902067] ? trace_hardirqs_on_caller+0x6a/0x220 [ 657.906992] ? page_fault+0x8/0x30 [ 657.910576] do_page_fault+0x71/0x57d [ 657.914510] ? page_fault+0x8/0x30 [ 657.918056] page_fault+0x1e/0x30 [ 657.921516] RIP: 0033:0x400644 [ 657.924709] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d1 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 657.943849] RSP: 002b:00007fff548ace40 EFLAGS: 00010202 [ 657.949204] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 657.956527] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000000 [ 657.963805] RBP: 00000000007603d8 R08: 0000000000000000 R09: 0000000000000000 [ 657.971080] R10: 00007fff548acf50 R11: 0000000000000246 R12: 000000000075bfc8 [ 657.978347] R13: 00000000000a02d6 R14: 00000000007603e0 R15: 000000000075bfd4 [ 657.986070] Task in /syz1 killed as a result of limit of /syz1 [ 657.993200] memory: usage 307024kB, limit 307200kB, failcnt 8422 [ 657.999735] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.006571] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.012718] Memory cgroup stats for /syz1: cache:28KB rss:295452KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 658.035094] Memory cgroup out of memory: Kill process 14742 (syz-executor.1) score 1226 or sacrifice child [ 658.045019] Killed process 14742 (syz-executor.1) total-vm:72720kB, anon-rss:18208kB, file-rss:54368kB, shmem-rss:0kB [ 658.056524] oom_reaper: reaped process 14742 (syz-executor.1), now anon-rss:18252kB, file-rss:54368kB, shmem-rss:0kB 14:30:59 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:30:59 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x6a0000, 0x0) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f00000000c0)={0x0, 0xfff8}, &(0x7f0000000100)=0x8) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000280)=ANY=[@ANYRES32=r2, @ANYBLOB="4500000000005115c5078ee10600003e5d9cb583bda92aef205d02503a07df59a1eb7dc9799f976921de94455bfb84710df5fb66f88164327b9489f69c8707809457ccccf39761e3f57674dec6cf1d9ce42ae98df0b65c6008c7950621b44e23caa5dcb25827b6c7c6dc517cde76d8ef8423f11ce6f9bfe41bf852b9"], &(0x7f0000000200)=0x4d) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x41bd23e1f477cb80, 0x70, 0x4, 0x80, 0x7, 0x1, 0x0, 0x1ff, 0x8b41, 0xc, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x859, 0x4, @perf_config_ext={0xfff, 0xfffffffeffffffff}, 0x2000, 0x800, 0x1, 0x0, 0x94, 0x3}, 0x0, 0xa, r1, 0x1) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r4 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r4) tkill(r4, 0x9) 14:30:59 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x3f00000000000000) 14:30:59 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:30:59 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000000)='trusted.overlay.nlink\x00', &(0x7f0000000040)={'U-', 0xf8e}, 0x16, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r8, 0xc048ae65, 0x0) sync_file_range(r8, 0x8, 0x100000001, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r9}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000100)={r9, 0x58, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0xc64, @empty, 0x3}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e21, 0x6, @local, 0x9}, @in={0x2, 0x4e20, @empty}]}, &(0x7f0000000180)=0x10) 14:30:59 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:30:59 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x6000000000000000) 14:31:00 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_LOG_STATUS(r6, 0x5646, 0x0) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x9effffff00000000) 14:31:00 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 658.639487] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 658.651143] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 658.656877] CPU: 0 PID: 15790 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 658.664916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.674413] Call Trace: [ 658.677027] dump_stack+0x197/0x210 [ 658.680784] dump_header+0x15e/0xa55 14:31:00 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0x2000, 0x0, 0x6}) [ 658.685754] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 658.690914] ? ___ratelimit+0x60/0x595 [ 658.694832] ? do_raw_spin_unlock+0x181/0x270 [ 658.699613] oom_kill_process.cold+0x10/0x6ef [ 658.704149] out_of_memory+0x362/0x1330 [ 658.708157] ? lock_downgrade+0x880/0x880 [ 658.712423] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 658.717554] ? oom_killer_disable+0x280/0x280 [ 658.722084] ? find_held_lock+0x35/0x130 [ 658.726178] mem_cgroup_out_of_memory+0x1d2/0x240 [ 658.731050] ? memcg_event_wake+0x230/0x230 [ 658.735478] ? do_raw_spin_unlock+0x181/0x270 [ 658.740017] ? _raw_spin_unlock+0x2d/0x50 [ 658.744203] try_charge+0xec5/0x1490 [ 658.748102] ? lock_downgrade+0x880/0x880 [ 658.752294] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 658.757172] ? rcu_read_unlock+0x33/0x60 [ 658.761438] ? get_mem_cgroup_from_mm+0x185/0x510 [ 658.766406] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 658.772590] mem_cgroup_try_charge+0x259/0x6b0 [ 658.777228] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 658.782195] wp_page_copy+0x430/0x16a0 [ 658.786123] ? follow_pfn+0x2a0/0x2a0 [ 658.789966] ? do_raw_spin_unlock+0x181/0x270 [ 658.794501] do_wp_page+0x57d/0x10b0 [ 658.798244] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 658.802942] ? kasan_check_write+0x14/0x20 [ 658.807316] ? do_raw_spin_lock+0xd7/0x250 [ 658.811591] __handle_mm_fault+0x2305/0x3f80 [ 658.816080] ? copy_page_range+0x2030/0x2030 [ 658.820535] ? count_memcg_event_mm+0x2b1/0x4d0 [ 658.825415] handle_mm_fault+0x1b5/0x690 [ 658.829516] __get_user_pages+0x609/0x1860 [ 658.833795] ? follow_page_mask+0x1ac0/0x1ac0 14:31:00 executing program 3: r0 = socket$inet(0x2, 0x80000, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) pipe(&(0x7f0000000100)={0xffffffffffffffff}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r3, 0x810c5701, &(0x7f0000000180)) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) r4 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/enforce\x00', 0x2000, 0x0) fstat(r4, &(0x7f0000000300)) read$char_usb(r1, &(0x7f0000000000)=""/206, 0xce) [ 658.838328] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 658.843137] ? retint_kernel+0x2d/0x2d [ 658.847162] populate_vma_page_range+0x20d/0x2a0 [ 658.851966] __mm_populate+0x204/0x380 [ 658.855893] ? populate_vma_page_range+0x2a0/0x2a0 [ 658.860882] __x64_sys_mlockall+0x35c/0x520 [ 658.865239] do_syscall_64+0xfd/0x620 [ 658.869073] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.874285] RIP: 0033:0x45b349 [ 658.877495] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 658.896639] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 658.904394] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 658.911813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 658.919223] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 658.926603] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 658.933896] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 658.942121] Task in /syz1 killed as a result of limit of /syz1 [ 658.948711] memory: usage 307200kB, limit 307200kB, failcnt 8446 [ 658.955109] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.962175] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.968751] Memory cgroup stats for /syz1: cache:28KB rss:297220KB rss_huge:225280KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113964KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 658.992063] Memory cgroup out of memory: Kill process 15761 (syz-executor.1) score 1226 or sacrifice child [ 659.002460] Killed process 16027 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34944kB, shmem-rss:0kB [ 659.020022] oom_reaper: reaped process 16027 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:31:00 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:00 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xc00e000000000000) 14:31:00 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x4000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:00 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) inotify_init() ptrace(0x4206, r0) tkill(r0, 0x9) r1 = request_key(&(0x7f0000000040)='big_key\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='*\x00', 0xffffffffffffffff) r2 = request_key(&(0x7f0000000100)='.dead\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)='@%\x00', 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, 0x0, r2}, &(0x7f0000000200)=""/87, 0x57, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000000)=0x2, 0x4) fstat(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f0000000280)={0xf3d, 0x6, "af4890402ce99ea9a74bdb5cd3245dd112b44e148d2028988932a770de9dd5ab", 0x1ff, 0x1, 0x8001, 0x7f0a553b, 0x121}) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001740)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e23, 0x1f, 0x2, 0x20, 0x20, 0x87, 0x0, r4}, {0x0, 0x526, 0x0, 0x19, 0x0, 0x5, 0x6, 0xfff}, {0x2, 0x3ff, 0x3, 0x7}, 0x8747, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x4d4, 0x32}, 0x2, @in6=@mcast2, 0x4, 0x3, 0x0, 0x1, 0xff, 0x6}}, 0xe8) setfsuid(r4) 14:31:00 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) socket$tipc(0x1e, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0x14) dup(r2) ioctl$sock_SIOCGSKNS(r2, 0x894c, &(0x7f0000000000)=0x6) sigaltstack(&(0x7f0000fff000/0x1000)=nil, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r4, 0x80047453, 0x0) [ 659.862500] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 659.874795] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 659.880731] CPU: 0 PID: 16545 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 659.888653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.898025] Call Trace: [ 659.900641] dump_stack+0x197/0x210 [ 659.904305] dump_header+0x15e/0xa55 14:31:01 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xe200000000000000) 14:31:01 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) dup2(r1, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$sock_int(r3, 0x1, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:01 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyprintk\x00', 0x400000, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x100) 14:31:01 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x5000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 659.908256] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 659.913417] ? ___ratelimit+0x60/0x595 [ 659.917441] ? do_raw_spin_unlock+0x181/0x270 [ 659.921966] oom_kill_process.cold+0x10/0x6ef [ 659.926588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 659.932158] ? task_will_free_mem+0x139/0x6e0 [ 659.936945] ? find_held_lock+0x35/0x130 [ 659.941044] out_of_memory+0x362/0x1330 [ 659.945126] ? lock_downgrade+0x880/0x880 [ 659.949317] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 659.954566] ? oom_killer_disable+0x280/0x280 [ 659.959092] ? find_held_lock+0x35/0x130 [ 659.963192] mem_cgroup_out_of_memory+0x1d2/0x240 [ 659.968077] ? memcg_event_wake+0x230/0x230 [ 659.972436] ? do_raw_spin_unlock+0x181/0x270 [ 659.976986] ? _raw_spin_unlock+0x2d/0x50 [ 659.981198] try_charge+0xec5/0x1490 [ 659.984947] ? lock_downgrade+0x880/0x880 [ 659.989266] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 659.994147] ? rcu_read_unlock+0x33/0x60 [ 659.998245] ? get_mem_cgroup_from_mm+0x185/0x510 [ 660.003131] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 660.009237] mem_cgroup_try_charge+0x259/0x6b0 [ 660.013852] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 660.018820] wp_page_copy+0x430/0x16a0 [ 660.022877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.027665] ? follow_pfn+0x2a0/0x2a0 [ 660.031501] ? do_raw_spin_unlock+0x181/0x270 [ 660.036041] do_wp_page+0x57d/0x10b0 [ 660.039792] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 660.044497] ? __handle_mm_fault+0x22f9/0x3f80 [ 660.049123] __handle_mm_fault+0x2305/0x3f80 [ 660.053572] ? copy_page_range+0x2030/0x2030 [ 660.058021] ? retint_kernel+0x2d/0x2d 14:31:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xf0ffffff00000000) [ 660.061957] ? count_memcg_event_mm+0x2b1/0x4d0 [ 660.066664] handle_mm_fault+0x1b5/0x690 [ 660.070767] __get_user_pages+0x609/0x1860 [ 660.075066] ? follow_page_mask+0x1ac0/0x1ac0 [ 660.079592] ? retint_kernel+0x2d/0x2d [ 660.083531] populate_vma_page_range+0x20d/0x2a0 [ 660.088623] __mm_populate+0x204/0x380 [ 660.092574] ? populate_vma_page_range+0x2a0/0x2a0 [ 660.097578] __x64_sys_mlockall+0x35c/0x520 [ 660.102041] do_syscall_64+0xfd/0x620 [ 660.105933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.111167] RIP: 0033:0x45b349 [ 660.114370] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.133994] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 660.141729] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 660.149020] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 660.156313] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 660.163752] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 660.171044] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 660.188343] Task in /syz1 killed as a result of limit of /syz1 [ 660.194780] memory: usage 307200kB, limit 307200kB, failcnt 8516 [ 660.201213] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.208311] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:31:01 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) [ 660.214664] Memory cgroup stats for /syz1: cache:28KB rss:297244KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114136KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161556KB [ 660.237813] Memory cgroup out of memory: Kill process 16539 (syz-executor.1) score 1226 or sacrifice child [ 660.247971] Killed process 16767 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34944kB, shmem-rss:0kB [ 660.633847] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 660.675073] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 660.693395] CPU: 1 PID: 16962 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 660.701329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.710697] Call Trace: [ 660.713303] dump_stack+0x197/0x210 [ 660.717193] dump_header+0x15e/0xa55 [ 660.720923] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 660.726054] ? ___ratelimit+0x60/0x595 [ 660.730414] ? do_raw_spin_unlock+0x181/0x270 [ 660.734939] oom_kill_process.cold+0x10/0x6ef [ 660.741621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.747611] ? task_will_free_mem+0x139/0x6e0 [ 660.752139] ? find_held_lock+0x35/0x130 [ 660.756235] out_of_memory+0x362/0x1330 [ 660.760227] ? lock_downgrade+0x880/0x880 [ 660.764398] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 660.769642] ? oom_killer_disable+0x280/0x280 [ 660.774161] ? find_held_lock+0x35/0x130 [ 660.778260] mem_cgroup_out_of_memory+0x1d2/0x240 [ 660.783127] ? memcg_event_wake+0x230/0x230 [ 660.787480] ? do_raw_spin_unlock+0x181/0x270 [ 660.792017] ? _raw_spin_unlock+0x2d/0x50 [ 660.796184] try_charge+0xec5/0x1490 [ 660.799924] ? lock_downgrade+0x880/0x880 [ 660.804106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 660.809136] ? rcu_read_unlock+0x33/0x60 [ 660.814792] ? get_mem_cgroup_from_mm+0x185/0x510 [ 660.819675] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 660.825751] ? mark_held_locks+0x100/0x100 [ 660.830172] mem_cgroup_try_charge+0x259/0x6b0 [ 660.834787] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 660.840174] __handle_mm_fault+0x1e50/0x3f80 [ 660.844615] ? copy_page_range+0x2030/0x2030 [ 660.849072] ? count_memcg_event_mm+0x2b1/0x4d0 [ 660.853765] handle_mm_fault+0x1b5/0x690 [ 660.857868] __get_user_pages+0x609/0x1860 [ 660.862250] ? follow_page_mask+0x1ac0/0x1ac0 [ 660.866805] ? lock_acquire+0x16f/0x3f0 [ 660.870796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 660.876360] populate_vma_page_range+0x20d/0x2a0 [ 660.881329] __mm_populate+0x204/0x380 [ 660.885256] ? populate_vma_page_range+0x2a0/0x2a0 [ 660.890216] __x64_sys_mlockall+0x35c/0x520 [ 660.894552] do_syscall_64+0xfd/0x620 [ 660.898372] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.903635] RIP: 0033:0x45b349 [ 660.906841] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.925812] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 660.933516] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 660.940790] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 660.948160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 660.955516] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 660.962791] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c 14:31:02 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:02 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x6000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:02 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xffffff7f00000000) 14:31:02 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000000)=0x80000001, 0x4) [ 660.977411] Task in /syz0 killed as a result of limit of /syz0 [ 660.983436] memory: usage 307200kB, limit 307200kB, failcnt 5481 [ 660.992322] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.999440] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:31:02 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() r1 = socket$inet6(0xa, 0x0, 0x0) ptrace(0x10, r0) tkill(r0, 0x9) r2 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r4}, 0x8) r5 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r7}, 0x8) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000000)={r4, 0x8, 0x0, 0xfffd, 0x0, 0xf211, 0x0, 0x5, {r7, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x800, 0xfffffffe, 0x1, 0xfff, 0x81}}, &(0x7f00000000c0)=0xb0) [ 661.026226] Memory cgroup stats for /syz0: cache:76KB rss:298340KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222264KB active_anon:15264KB inactive_file:0KB active_file:4KB unevictable:60888KB [ 661.113030] Memory cgroup out of memory: Kill process 10995 (syz-executor.0) score 1163 or sacrifice child [ 661.140590] Killed process 10995 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 661.263659] oom_reaper: reaped process 10995 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 661.563177] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 661.574807] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 661.580455] CPU: 0 PID: 17251 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 661.588686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.598063] Call Trace: [ 661.600720] dump_stack+0x197/0x210 [ 661.604471] dump_header+0x15e/0xa55 [ 661.608228] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 661.613366] ? ___ratelimit+0x60/0x595 [ 661.617321] ? do_raw_spin_unlock+0x181/0x270 [ 661.621862] oom_kill_process.cold+0x10/0x6ef [ 661.626370] ? out_of_memory+0x14a/0x1330 [ 661.630615] out_of_memory+0x362/0x1330 [ 661.634605] ? lock_downgrade+0x880/0x880 [ 661.638909] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 661.644016] ? oom_killer_disable+0x280/0x280 [ 661.648537] ? find_held_lock+0x35/0x130 [ 661.652614] mem_cgroup_out_of_memory+0x1d2/0x240 [ 661.657464] ? memcg_event_wake+0x230/0x230 [ 661.661786] ? do_raw_spin_unlock+0x181/0x270 [ 661.666294] ? _raw_spin_unlock+0x2d/0x50 [ 661.670456] try_charge+0xec5/0x1490 [ 661.674193] ? lock_downgrade+0x880/0x880 [ 661.678367] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 661.683235] ? rcu_read_unlock+0x33/0x60 [ 661.687300] ? get_mem_cgroup_from_mm+0x185/0x510 [ 661.692165] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 661.698258] mem_cgroup_try_charge+0x259/0x6b0 [ 661.702878] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 661.707834] wp_page_copy+0x430/0x16a0 [ 661.711742] ? follow_pfn+0x2a0/0x2a0 [ 661.715544] ? do_raw_spin_unlock+0x181/0x270 [ 661.720160] do_wp_page+0x57d/0x10b0 [ 661.724001] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 661.728695] ? kasan_check_write+0x14/0x20 [ 661.732947] ? do_raw_spin_lock+0xd7/0x250 [ 661.737196] __handle_mm_fault+0x2305/0x3f80 [ 661.741621] ? copy_page_range+0x2030/0x2030 [ 661.746052] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 661.750862] handle_mm_fault+0x1b5/0x690 [ 661.755220] __get_user_pages+0x609/0x1860 [ 661.759481] ? follow_page_mask+0x1ac0/0x1ac0 [ 661.763979] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 661.768752] ? retint_kernel+0x2d/0x2d [ 661.772671] populate_vma_page_range+0x20d/0x2a0 [ 661.777465] __mm_populate+0x204/0x380 [ 661.781360] ? populate_vma_page_range+0x2a0/0x2a0 [ 661.786307] __x64_sys_mlockall+0x35c/0x520 [ 661.790656] do_syscall_64+0xfd/0x620 [ 661.794480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.799672] RIP: 0033:0x45b349 [ 661.802861] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.821769] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 661.829506] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 661.836796] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 661.844088] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 661.851374] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 661.858651] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 661.866094] Task in /syz1 killed as a result of limit of /syz1 [ 661.872218] memory: usage 307200kB, limit 307200kB, failcnt 8543 [ 661.878528] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.885502] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.891966] Memory cgroup stats for /syz1: cache:28KB rss:297236KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113940KB active_anon:21760KB inactive_file:4KB active_file:4KB unevictable:161688KB [ 661.915257] Memory cgroup out of memory: Kill process 17240 (syz-executor.1) score 1226 or sacrifice child [ 661.925873] Killed process 17505 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 662.201804] oom_reaper: reaped process 17505 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:31:03 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:03 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xffffffff00000000) 14:31:03 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x7000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:03 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet6_tcp_TLS_RX(r4, 0x6, 0x2, &(0x7f0000000080)=@gcm_256={{0x304}, "131f0c13f927c8dd", "c77a7c3da8aac9e61ed3e8b0a6333edb7d864547caa3c6f85f5021fda882f684", "334c4f95", "cc25e83aaf5e5ea8"}, 0x38) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) fstat(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000001740)={{{@in=@loopback, @in=@multicast2, 0x4e20, 0x1, 0x4e23, 0x1f, 0x2, 0x0, 0x20, 0x87, 0x0, r7}, {0x0, 0x3, 0x0, 0x19, 0x0, 0x5, 0x6, 0xfff}, {0x2, 0x3ff, 0x3, 0x7}, 0x8747, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x2a}, 0x4d4, 0x32}, 0x2, @in6=@mcast2, 0x0, 0x3, 0x0, 0x1, 0xff, 0x6}}, 0xe8) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000480)=0x0) syz_mount_image$btrfs(&(0x7f00000000c0)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x5, 0x5, &(0x7f0000000400)=[{&(0x7f0000000180)="ec1fddc65b0b64e6fbcfecc3ef2fcc9e93e3080fb3e40030c0e85c1f67491c6ac13a8ad2ff5e12599e9df478092bf1b2b7ea8b17e6b085b39471c60938175dcb85f6056dd133d288ab8bdb941a532db38316bff849440c4ce9de08be6104", 0x5e, 0x3f}, {0xffffffffffffffff, 0x0, 0x8}, {&(0x7f0000000200)="76ed8129b257b16ae6fad84984342824a54db858a35bc614163a4ff62ba165ad8ef0b1cf03d76af77cefe8ceaf315c3e97fc9ffec700baa39c1c9bece91556813cb962e19428626c2edbbb9a92fa018a5a776777c01ae17153df7c0b8e3f0f66c41679787187263ee2e39a1705afe06bfce2db6d371bcd26e96b1165c1c5c46c3f858186b4c3830a69ee4bff8304d43b08930a675f509115117b9733c25aa6f2993351969004e39f4b7ed9527da3863025521745f1", 0xb5, 0xfffffffffffffffd}, {&(0x7f00000002c0)="a5e8926ceb1f8fd4dc86f6dae8f12bdcbb1146186e1c35b817b01277d50308bc90330822ec5ed6b78db0b0fce28c5d97fefce33254c4befc73b8bcd189a19869bfcf296a8c6908199bd0835bc88c83ef1b4cf2a1b1ab611fefbb41c436c5e42e7fa85a2af378abd1631fea56cd1176fe5c79b2985784604f1eaf983c1f8a6d5ebf485472d389d03d7dec445e4613a982524c5098aad2dbe1ef20a3f9a7b603eb56bc416b7ff6", 0xa6, 0x3}, {&(0x7f0000000380)="18a0997b214e3b368347a4e1b97c9e1d33ddd60e77ab497315e55f25bffa0a08a02a3682814c12a1f0111b89970ecc57435543dddddb4e28a01d6087186e909f345fae3f974f9c631a6f6a79b589d38a5957d8c2ea51d3eb4a779513972a233ac36becb0d934e101c78e72a1016f318a4750d3", 0x73, 0x3}], 0x1, &(0x7f00000004c0)={[{@subvol={'subvol', 0x3d, 'bridge0\x00'}}, {@ssd_spread='ssd_spread'}], [{@measure='measure'}, {@dont_hash='dont_hash'}, {@euid_lt={'euid<', r7}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'bridge0\x00'}}, {@uid_gt={'uid>', r8}}, {@audit='audit'}]}) dup(r5) getsockopt$IP_VS_SO_GET_TIMEOUT(r5, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:04 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x9000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0xfffffffffffff000) [ 662.777075] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 662.811108] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 662.817649] CPU: 0 PID: 17599 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 662.825579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.834974] Call Trace: [ 662.837592] dump_stack+0x197/0x210 [ 662.841314] dump_header+0x15e/0xa55 [ 662.845099] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 662.850231] ? ___ratelimit+0x60/0x595 [ 662.854228] ? do_raw_spin_unlock+0x181/0x270 [ 662.858762] oom_kill_process.cold+0x10/0x6ef [ 662.863558] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.869123] ? task_will_free_mem+0x139/0x6e0 [ 662.873641] ? find_held_lock+0x35/0x130 [ 662.877730] out_of_memory+0x362/0x1330 [ 662.881847] ? lock_downgrade+0x880/0x880 [ 662.886021] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 662.891150] ? oom_killer_disable+0x280/0x280 [ 662.895665] ? find_held_lock+0x35/0x130 [ 662.899768] mem_cgroup_out_of_memory+0x1d2/0x240 [ 662.904633] ? memcg_event_wake+0x230/0x230 [ 662.908993] ? do_raw_spin_unlock+0x181/0x270 [ 662.913520] ? _raw_spin_unlock+0x2d/0x50 [ 662.917690] try_charge+0xec5/0x1490 [ 662.921426] ? lock_downgrade+0x880/0x880 14:31:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000180)={0x4, 0x1, 0x4, 0x8, 0x8, {0x77359400}, {0x1, 0x0, 0x0, 0x97, 0xa4, 0x8, "4a93f4fb"}, 0x5, 0x4, @fd=r3, 0x3, 0x0, r1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x2000000020) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) accept$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000080)=0x1c) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000140)={0x0, 0x1c, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x401, 0x0, 0x0, {0x0, 0x0, 0x3}, [@IPSET_ATTR_FLAGS={0x0, 0x6, 0x1, 0x0, 0xfffffbff}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x10000005) [ 662.925611] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 662.930489] ? rcu_read_unlock+0x33/0x60 [ 662.934582] ? get_mem_cgroup_from_mm+0x185/0x510 [ 662.939629] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 662.945782] ? mark_held_locks+0x100/0x100 [ 662.950050] mem_cgroup_try_charge+0x259/0x6b0 [ 662.954671] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 662.959632] __handle_mm_fault+0x1e50/0x3f80 [ 662.964057] ? copy_page_range+0x2030/0x2030 [ 662.968504] ? count_memcg_event_mm+0x2b1/0x4d0 [ 662.973331] handle_mm_fault+0x1b5/0x690 [ 662.977427] __get_user_pages+0x609/0x1860 [ 662.981695] ? follow_page_mask+0x1ac0/0x1ac0 [ 662.986215] ? lock_acquire+0x16f/0x3f0 [ 662.990232] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 662.995815] populate_vma_page_range+0x20d/0x2a0 [ 663.000596] __mm_populate+0x204/0x380 [ 663.004510] ? populate_vma_page_range+0x2a0/0x2a0 [ 663.009476] __x64_sys_mlockall+0x35c/0x520 [ 663.013823] do_syscall_64+0xfd/0x620 [ 663.017655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.023067] RIP: 0033:0x45b349 [ 663.026278] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.045215] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 663.052948] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 663.060365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 663.067777] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 663.075065] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 663.082353] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 663.109276] Task in /syz0 killed as a result of limit of /syz0 [ 663.122658] memory: usage 307188kB, limit 307200kB, failcnt 5494 [ 663.133858] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.182751] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.214348] Memory cgroup stats for /syz0: cache:76KB rss:298396KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222264KB active_anon:15276KB inactive_file:0KB active_file:4KB unevictable:60868KB 14:31:04 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:04 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xa000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:04 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r4) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="45f7a65c", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r6}, 0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000040)={0x7fff, 0x7ff, 0x8001, 0xfffffffa, 0x7, 0x87c2, 0x6, 0x9, r6}, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 14:31:04 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_G_OUTPUT(r3, 0x8004562e, &(0x7f0000000000)) r4 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r4, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r4, 0x80047453, 0x0) [ 663.301469] Memory cgroup out of memory: Kill process 11658 (syz-executor.0) score 1163 or sacrifice child [ 663.344524] Killed process 11658 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:31:05 executing program 3: r0 = socket$inet(0x2, 0x5, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000040)=0x1, 0x4) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 663.418573] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 663.524602] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 663.545378] CPU: 0 PID: 17599 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 663.553413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.562792] Call Trace: [ 663.564271] oom_reaper: reaped process 11658 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 663.565404] dump_stack+0x197/0x210 [ 663.565427] dump_header+0x15e/0xa55 [ 663.565447] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 663.588224] ? ___ratelimit+0x60/0x595 [ 663.592128] ? do_raw_spin_unlock+0x181/0x270 [ 663.596789] oom_kill_process.cold+0x10/0x6ef [ 663.601401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.606958] ? task_will_free_mem+0x139/0x6e0 [ 663.611929] ? find_held_lock+0x35/0x130 [ 663.616049] out_of_memory+0x362/0x1330 [ 663.620063] ? lock_downgrade+0x880/0x880 [ 663.624247] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 663.629378] ? oom_killer_disable+0x280/0x280 [ 663.633895] ? find_held_lock+0x35/0x130 [ 663.638170] mem_cgroup_out_of_memory+0x1d2/0x240 [ 663.643288] ? memcg_event_wake+0x230/0x230 [ 663.647640] ? do_raw_spin_unlock+0x181/0x270 [ 663.652274] ? _raw_spin_unlock+0x2d/0x50 [ 663.656448] try_charge+0xec5/0x1490 [ 663.660189] ? lock_downgrade+0x880/0x880 [ 663.664368] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 663.669232] ? rcu_read_unlock+0x33/0x60 [ 663.673311] ? get_mem_cgroup_from_mm+0x185/0x510 [ 663.678172] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 663.682956] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 663.689143] mem_cgroup_try_charge+0x259/0x6b0 [ 663.693756] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 663.698793] __handle_mm_fault+0x1e50/0x3f80 [ 663.703224] ? copy_page_range+0x2030/0x2030 [ 663.707713] ? count_memcg_event_mm+0x2b1/0x4d0 [ 663.712409] handle_mm_fault+0x1b5/0x690 [ 663.716637] __get_user_pages+0x609/0x1860 [ 663.720898] ? follow_page_mask+0x1ac0/0x1ac0 [ 663.725420] ? lock_acquire+0x16f/0x3f0 [ 663.729407] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 663.734973] populate_vma_page_range+0x20d/0x2a0 [ 663.739775] __mm_populate+0x204/0x380 [ 663.743726] ? populate_vma_page_range+0x2a0/0x2a0 [ 663.748711] __x64_sys_mlockall+0x35c/0x520 [ 663.753063] do_syscall_64+0xfd/0x620 [ 663.756890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.762277] RIP: 0033:0x45b349 [ 663.765502] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.784420] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 663.792146] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 663.799447] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 663.806819] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 663.814104] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 663.821389] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 663.830269] Task in /syz0 killed as a result of limit of /syz0 [ 663.843134] memory: usage 288688kB, limit 307200kB, failcnt 5504 [ 663.861998] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.874559] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.891502] Memory cgroup stats for /syz0: cache:76KB rss:280120KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:203936KB active_anon:15276KB inactive_file:4KB active_file:0KB unevictable:60880KB [ 663.926292] Memory cgroup out of memory: Kill process 16483 (syz-executor.0) score 1163 or sacrifice child [ 663.936374] Killed process 16483 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 664.018263] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 664.042217] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 664.061510] CPU: 1 PID: 18099 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 664.069559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.078932] Call Trace: [ 664.081677] dump_stack+0x197/0x210 [ 664.085338] dump_header+0x15e/0xa55 [ 664.089079] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 664.094217] ? ___ratelimit+0x60/0x595 [ 664.098272] ? do_raw_spin_unlock+0x181/0x270 [ 664.102819] oom_kill_process.cold+0x10/0x6ef [ 664.107341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.112903] ? task_will_free_mem+0x139/0x6e0 [ 664.117434] out_of_memory+0x362/0x1330 [ 664.121457] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 664.126572] ? oom_killer_disable+0x280/0x280 [ 664.131100] ? find_held_lock+0x35/0x130 [ 664.135187] mem_cgroup_out_of_memory+0x1d2/0x240 [ 664.140062] ? memcg_event_wake+0x230/0x230 [ 664.144419] ? do_raw_spin_unlock+0x181/0x270 [ 664.149096] ? _raw_spin_unlock+0x2d/0x50 [ 664.153627] try_charge+0xec5/0x1490 [ 664.157482] ? lock_downgrade+0x880/0x880 [ 664.161676] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 664.166539] ? rcu_read_unlock+0x33/0x60 [ 664.170620] ? get_mem_cgroup_from_mm+0x185/0x510 [ 664.175494] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 664.181582] mem_cgroup_try_charge+0x259/0x6b0 [ 664.186178] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 664.191126] wp_page_copy+0x430/0x16a0 [ 664.195055] ? follow_pfn+0x2a0/0x2a0 [ 664.198872] ? do_raw_spin_unlock+0x181/0x270 [ 664.203385] do_wp_page+0x57d/0x10b0 [ 664.207117] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 664.211808] ? kasan_check_write+0x14/0x20 [ 664.216052] ? do_raw_spin_lock+0xd7/0x250 [ 664.220319] __handle_mm_fault+0x2305/0x3f80 [ 664.224756] ? copy_page_range+0x2030/0x2030 [ 664.229215] ? count_memcg_event_mm+0x2b1/0x4d0 [ 664.233921] handle_mm_fault+0x1b5/0x690 [ 664.238012] __get_user_pages+0x609/0x1860 [ 664.242287] ? follow_page_mask+0x1ac0/0x1ac0 [ 664.246826] ? lock_acquire+0x16f/0x3f0 [ 664.250898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 664.256579] populate_vma_page_range+0x20d/0x2a0 [ 664.265732] __mm_populate+0x204/0x380 [ 664.269655] ? populate_vma_page_range+0x2a0/0x2a0 [ 664.274633] __x64_sys_mlockall+0x35c/0x520 [ 664.278982] do_syscall_64+0xfd/0x620 [ 664.282803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 664.288014] RIP: 0033:0x45b349 [ 664.291220] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 664.311498] RSP: 002b:00007fd45075dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 664.319232] RAX: ffffffffffffffda RBX: 00007fd45075e6d4 RCX: 000000000045b349 [ 664.326518] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 664.333938] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 664.341232] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 664.348528] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bfd4 [ 664.356416] Task in /syz1 killed as a result of limit of /syz1 [ 664.356446] memory: usage 307180kB, limit 307200kB, failcnt 9025 [ 664.356455] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.356463] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.356469] Memory cgroup stats for /syz1: cache:28KB rss:297236KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113936KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161688KB [ 664.356550] Memory cgroup out of memory: Kill process 17957 (syz-executor.1) score 1225 or sacrifice child [ 664.356622] Killed process 18101 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:31:06 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:06 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x10000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:06 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) fsetxattr$trusted_overlay_origin(r2, &(0x7f0000000100)='trusted.overlay.origin\x00', &(0x7f0000000180)='y\x00', 0x2, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r3, 0xc048ae65, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) fcntl$dupfd(r3, 0x406, r5) r6 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$TIOCGICOUNT(r5, 0x545d, 0x0) r7 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SNDCTL_DSP_SETFRAGMENT(r9, 0xc004500a, &(0x7f0000000040)=0x7) connect$pppoe(r7, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r7, 0x80047453, 0x0) 14:31:06 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, 0x7, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FLAGS={0x0, 0x6, 0x1, 0x0, 0x401}]}, 0xe3}}, 0x50004005) 14:31:06 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:07 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x2400) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_stats\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000080)=0xf, 0x4) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="280000000706010800000000000000000000000005000100060000000900020073797a1a000000004e82fb786f964d6e6381d603d3e40be60744e5332ca2543ff797293d302897dc24980a28db74dadbfa5b77f6aa08c934c1b1de97ffd152341d40433e6e7b58583321080f4b22deea20f6ffffffffba53f8988f52c474538d949d7a5d4b138a8a9123eedc9ea9e041bc37969b86638e863d342fc7ca0d2d516f04f7e91295f9c74db7e1c1ab7e378eeac56209e4a82b9a966e70fa3c00863e72dd4d552442d5b6e0d5c585cc4734ecc086beab41"], 0x28}}, 0x0) 14:31:07 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x14000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 665.609327] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 665.620762] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 665.626298] CPU: 1 PID: 18219 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 665.634721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.644125] Call Trace: [ 665.646812] dump_stack+0x197/0x210 [ 665.650446] dump_header+0x15e/0xa55 [ 665.654167] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 665.659275] ? ___ratelimit+0x60/0x595 [ 665.663163] ? do_raw_spin_unlock+0x181/0x270 [ 665.667671] oom_kill_process.cold+0x10/0x6ef [ 665.672170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.677747] ? task_will_free_mem+0x139/0x6e0 [ 665.682265] ? find_held_lock+0x35/0x130 [ 665.686364] out_of_memory+0x362/0x1330 [ 665.690342] ? lock_downgrade+0x880/0x880 [ 665.694488] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 665.699589] ? oom_killer_disable+0x280/0x280 [ 665.704083] ? find_held_lock+0x35/0x130 [ 665.708163] mem_cgroup_out_of_memory+0x1d2/0x240 [ 665.713016] ? memcg_event_wake+0x230/0x230 [ 665.717370] ? do_raw_spin_unlock+0x181/0x270 [ 665.721870] ? _raw_spin_unlock+0x2d/0x50 [ 665.726065] try_charge+0xec5/0x1490 [ 665.729834] ? lock_downgrade+0x880/0x880 [ 665.734189] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 665.739071] ? rcu_read_unlock+0x33/0x60 [ 665.743271] ? get_mem_cgroup_from_mm+0x185/0x510 [ 665.748148] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 665.754213] mem_cgroup_try_charge+0x259/0x6b0 [ 665.758808] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 665.763776] wp_page_copy+0x430/0x16a0 [ 665.767672] ? follow_pfn+0x2a0/0x2a0 [ 665.771502] ? do_raw_spin_unlock+0x181/0x270 [ 665.776027] do_wp_page+0x57d/0x10b0 [ 665.779907] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 665.784588] ? kasan_check_write+0x14/0x20 [ 665.788836] ? do_raw_spin_lock+0xd7/0x250 [ 665.793088] __handle_mm_fault+0x2305/0x3f80 [ 665.797531] ? copy_page_range+0x2030/0x2030 [ 665.801954] ? count_memcg_event_mm+0x2b1/0x4d0 [ 665.806668] handle_mm_fault+0x1b5/0x690 [ 665.810763] __get_user_pages+0x609/0x1860 [ 665.815005] ? follow_page_mask+0x1ac0/0x1ac0 [ 665.819724] ? lock_acquire+0x16f/0x3f0 [ 665.823697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 665.829237] populate_vma_page_range+0x20d/0x2a0 [ 665.833999] __mm_populate+0x204/0x380 [ 665.837923] ? populate_vma_page_range+0x2a0/0x2a0 [ 665.842974] __x64_sys_mlockall+0x35c/0x520 [ 665.847336] do_syscall_64+0xfd/0x620 [ 665.851143] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.856330] RIP: 0033:0x45b349 [ 665.859541] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 665.878574] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 665.886475] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 665.893758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 665.901044] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 14:31:07 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x10000) ioctl$SNDRV_PCM_IOCTL_UNLINK(r3, 0x4161, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 665.908352] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 665.915625] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 665.923135] Task in /syz1 killed as a result of limit of /syz1 [ 665.929422] memory: usage 307200kB, limit 307200kB, failcnt 9055 [ 665.935645] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.942549] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.948852] Memory cgroup stats for /syz1: cache:28KB rss:297352KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113984KB active_anon:21760KB inactive_file:4KB active_file:0KB unevictable:161688KB [ 665.971079] Memory cgroup out of memory: Kill process 18217 (syz-executor.1) score 1226 or sacrifice child [ 665.981258] Killed process 18357 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:31:07 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000080)={@fixed={[], 0x12}, 0x8}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bind$vsock_stream(r5, &(0x7f0000000100)={0x28, 0x0, 0x2710, @hyper}, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0) r6 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$BLKBSZGET(r6, 0x80081270, &(0x7f0000000180)) getgid() [ 666.061935] oom_reaper: reaped process 18357 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:31:07 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r3, 0x80047453, 0x0) 14:31:07 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x20000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:07 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000040)=0x1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) r7 = epoll_create(0x6) vmsplice(r7, &(0x7f0000000080)=[{&(0x7f0000000300)="8bb4c7b7b5a1b55353d53d6d57ea64b782d3d116b1f1595fd5e2672d447b8e9b96f0a93fdb248677b767a04b36ba1702c7e7cc913f4b03045393e3e0e1de2a1926e15de24024bf6452b9b8699cf5d39dc54b14862f56e864ccccb947c98ff487505ab828912e01ca67acc9871fc9c70c37b2c71756b36b975c173c0d51a5820cbc64088c7db537df46147797075b47619bdad72b1232fb7c78d3e53701df8dd25c9815b06086322e92f940921ab59f74423f925735dfd7c4c92c3058b484ced219823f6b42eaffa876a38b8dbd2b037119e7113313fb009e9f9ba275217aa6b8aea7cdfa889bb8ec9ea2753e53c721b896", 0xf1}], 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$P9_RSTAT(r6, &(0x7f0000000400)=ANY=[@ANYBLOB="e60000007d02000000df0040007f0000002001000000050000000000000000000011010100000200000001000000000000009e00f778142cc105031a5bbefaecf3e4f6eb7bb6f93753c9615860eae619c4b1ef7428318531ebdb6aabb9992e918bb52f86b9705f75d72c35a5c4adfd911fc994fcf58e9d847676d8012c05c793d7ccf3dd8fbe10ff59ac512f5a7c4aff62fdea7c4dfedb9b055b35f66eb94a566c4ae17e4ee35489e8306ad08ff420d324c42112dc6dd32258c491eabb1f166d4bd553ee0000000000000000000000000000090073656c665e2c4c402c050073796a3200000059bda42e0e4f5382e0d5a46517fe398c4bee08c9ac1b39fca98b45b45e01e6767e14db28756f22bada90f85816e23abc766e7ee10240b4689bec1fe41abad0be3ab166b4c5c40c6d49207cdec4e42aad761fa3a937e2700b72e45864d500db4d9f00"/341], 0xe6) [ 666.339522] 9p: Unknown uid 18446744073709551615 14:31:08 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:08 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) 14:31:08 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x22000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:08 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000040)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}}) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000000706010800000000000000000000000005000100060000000900020073797a32000000000a3c3f0eb4227d668710d7bfc68769a81bd532902e903faf10c3f43bc2122bf6ad6bedfc17bc33ca693c0852aedef112e85e19b2b1f1908ccba9e7044055c6ffa1ae4532d6c1cb9b53324a9dbc85b0c248428d7e135efd891be9a051bd7f01eda5168644de0702cd1df05893dcb0512367234de8da79d8d2b62923a439520df51d4f8eea2e67c1cdb62992196e660f7191126155d8fa2a1f9c36cb025aae5ecaf69dcfe1bbc3ff7844f12c05844fb307cc3bf291b5ecfebe7be42a4d37457687aeca23a4fe2644470d6835f32c7ec6deb0c5662e6c7b66c2c09df5ba4b1bcf8f6442f8f275c0e9d3ca6a47c6bf92197c6ae8354514dda901a53892551928030955124789c4a38b28ff1b309d1f20f0934d978d696dba00eb46cefbd58d9b2c236356745cd87b6a18fb90c27a2534c6a6b1ba1bc428a0d27ab99dc47e71ff5af4c05d5cb895d473647844b7a8b2a72bfa69b507e013eb3aa6e51e208a9a7454c0798fd6d16e53ea7fdf8fdc9a0255760d77"], 0x1}, 0x1, 0x0, 0x0, 0x80488c0}, 0x0) r3 = gettid() tkill(r3, 0x1000000000013) move_pages(r3, 0x4, &(0x7f0000000080)=[&(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil], 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) 14:31:08 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x0) 14:31:08 executing program 3: r0 = socket$inet(0x2, 0x800, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:08 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x2c000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 667.365259] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 667.377625] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 667.383347] CPU: 0 PID: 18765 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 667.391561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.401222] Call Trace: [ 667.404018] dump_stack+0x197/0x210 [ 667.407692] dump_header+0x15e/0xa55 [ 667.411501] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 667.417042] ? ___ratelimit+0x60/0x595 [ 667.421176] ? do_raw_spin_unlock+0x181/0x270 [ 667.425708] oom_kill_process.cold+0x10/0x6ef [ 667.430580] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.436433] ? task_will_free_mem+0x139/0x6e0 [ 667.441244] ? find_held_lock+0x35/0x130 [ 667.445356] out_of_memory+0x362/0x1330 [ 667.449907] ? lock_downgrade+0x880/0x880 [ 667.454643] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 667.460130] ? oom_killer_disable+0x280/0x280 [ 667.465094] ? find_held_lock+0x35/0x130 [ 667.469522] mem_cgroup_out_of_memory+0x1d2/0x240 [ 667.474767] ? memcg_event_wake+0x230/0x230 [ 667.485327] ? do_raw_spin_unlock+0x181/0x270 [ 667.490473] ? _raw_spin_unlock+0x2d/0x50 [ 667.494824] try_charge+0xec5/0x1490 [ 667.498573] ? lock_downgrade+0x880/0x880 [ 667.502767] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 667.507882] ? rcu_read_unlock+0x33/0x60 [ 667.511980] ? get_mem_cgroup_from_mm+0x185/0x510 [ 667.517077] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 667.523304] mem_cgroup_try_charge+0x259/0x6b0 [ 667.528105] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 667.533171] wp_page_copy+0x430/0x16a0 [ 667.537367] ? follow_pfn+0x2a0/0x2a0 [ 667.541250] ? do_raw_spin_unlock+0x181/0x270 [ 667.546327] do_wp_page+0x57d/0x10b0 [ 667.550495] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 667.555364] ? kasan_check_write+0x14/0x20 [ 667.559727] ? do_raw_spin_lock+0xd7/0x250 [ 667.564327] __handle_mm_fault+0x2305/0x3f80 [ 667.568781] ? copy_page_range+0x2030/0x2030 [ 667.573666] ? count_memcg_event_mm+0x2b1/0x4d0 [ 667.578375] handle_mm_fault+0x1b5/0x690 [ 667.582632] __get_user_pages+0x609/0x1860 [ 667.586915] ? follow_page_mask+0x1ac0/0x1ac0 [ 667.591440] ? retint_kernel+0x2d/0x2d [ 667.595499] populate_vma_page_range+0x20d/0x2a0 [ 667.600296] __mm_populate+0x204/0x380 [ 667.604445] ? populate_vma_page_range+0x2a0/0x2a0 [ 667.609692] __x64_sys_mlockall+0x35c/0x520 [ 667.614252] do_syscall_64+0xfd/0x620 [ 667.618235] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.623560] RIP: 0033:0x45b349 [ 667.627020] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 667.649432] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 667.657425] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 14:31:09 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x3f000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 667.664953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 667.672577] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 667.680049] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 667.687557] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 667.696913] Task in /syz1 killed as a result of limit of /syz1 [ 667.703662] memory: usage 307200kB, limit 307200kB, failcnt 9403 [ 667.711202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.718680] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.725257] Memory cgroup stats for /syz1: cache:28KB rss:297344KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113980KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 667.747969] Memory cgroup out of memory: Kill process 18764 (syz-executor.1) score 1226 or sacrifice child [ 667.758302] Killed process 18935 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 667.775853] oom_reaper: reaped process 18935 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 667.787355] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:31:09 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x1) r3 = dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x10000000003) r6 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @random="32e22004009f", 'vcan0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r6, 0x80047453, 0x0) [ 667.848647] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 667.854788] CPU: 0 PID: 18815 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 667.862813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.872189] Call Trace: [ 667.874921] dump_stack+0x197/0x210 [ 667.878727] dump_header+0x15e/0xa55 [ 667.882586] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 667.887722] ? ___ratelimit+0x60/0x595 [ 667.892003] ? do_raw_spin_unlock+0x181/0x270 [ 667.896708] oom_kill_process.cold+0x10/0x6ef [ 667.901365] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 667.907165] ? task_will_free_mem+0x139/0x6e0 [ 667.911746] out_of_memory+0x362/0x1330 [ 667.915937] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 667.921461] ? oom_killer_disable+0x280/0x280 [ 667.926321] ? find_held_lock+0x35/0x130 [ 667.930570] mem_cgroup_out_of_memory+0x1d2/0x240 [ 667.935473] ? memcg_event_wake+0x230/0x230 [ 667.940132] ? do_raw_spin_unlock+0x181/0x270 [ 667.945101] ? _raw_spin_unlock+0x2d/0x50 [ 667.949289] try_charge+0xec5/0x1490 [ 667.953290] ? lock_downgrade+0x880/0x880 [ 667.957567] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 667.962444] ? rcu_read_unlock+0x33/0x60 [ 667.966549] ? get_mem_cgroup_from_mm+0x185/0x510 [ 667.972157] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 667.978281] ? mark_held_locks+0x100/0x100 [ 667.982932] mem_cgroup_try_charge+0x259/0x6b0 [ 667.987758] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 667.993122] __handle_mm_fault+0x1e50/0x3f80 [ 667.998001] ? copy_page_range+0x2030/0x2030 [ 668.002473] ? count_memcg_event_mm+0x2b1/0x4d0 [ 668.007579] handle_mm_fault+0x1b5/0x690 [ 668.012338] __get_user_pages+0x609/0x1860 [ 668.016625] ? follow_page_mask+0x1ac0/0x1ac0 [ 668.021168] ? lock_acquire+0x16f/0x3f0 [ 668.025638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.031485] populate_vma_page_range+0x20d/0x2a0 [ 668.036283] __mm_populate+0x204/0x380 [ 668.040392] ? populate_vma_page_range+0x2a0/0x2a0 14:31:09 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x40000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 668.045750] __x64_sys_mlockall+0x35c/0x520 [ 668.050196] do_syscall_64+0xfd/0x620 [ 668.054404] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 668.059713] RIP: 0033:0x45b349 [ 668.062924] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 668.082418] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 668.091113] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 668.098632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 668.106011] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 668.113661] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 668.121049] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 668.139152] Task in /syz0 killed as a result of limit of /syz0 [ 668.157344] memory: usage 307200kB, limit 307200kB, failcnt 5519 [ 668.176726] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.202883] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:31:09 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) accept$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast2}, &(0x7f00000000c0)=0x10) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r3) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) ptrace(0x11, r4) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) [ 668.234731] Memory cgroup stats for /syz0: cache:76KB rss:298304KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222264KB active_anon:15276KB inactive_file:0KB active_file:4KB unevictable:60928KB [ 668.266409] Memory cgroup out of memory: Kill process 17562 (syz-executor.0) score 1163 or sacrifice child 14:31:09 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x60000000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 668.285821] Killed process 17562 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 668.399771] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 668.407057] oom_reaper: reaped process 17562 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 668.430397] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 668.454757] CPU: 1 PID: 18764 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 668.463166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.472820] Call Trace: [ 668.475555] dump_stack+0x197/0x210 [ 668.479222] dump_header+0x15e/0xa55 [ 668.483053] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 668.488272] ? ___ratelimit+0x60/0x595 [ 668.492191] ? do_raw_spin_unlock+0x181/0x270 [ 668.496799] oom_kill_process.cold+0x10/0x6ef [ 668.501988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.507576] ? task_will_free_mem+0x139/0x6e0 [ 668.512237] out_of_memory+0x362/0x1330 [ 668.516250] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 668.521603] ? oom_killer_disable+0x280/0x280 [ 668.526285] ? find_held_lock+0x35/0x130 [ 668.530486] mem_cgroup_out_of_memory+0x1d2/0x240 [ 668.535452] ? memcg_event_wake+0x230/0x230 [ 668.540135] ? do_raw_spin_unlock+0x181/0x270 [ 668.544761] ? _raw_spin_unlock+0x2d/0x50 [ 668.548951] try_charge+0xc6e/0x1490 [ 668.553137] ? lock_downgrade+0x880/0x880 [ 668.557607] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 668.562774] ? rcu_read_unlock+0x33/0x60 [ 668.566884] ? get_mem_cgroup_from_mm+0x185/0x510 [ 668.571764] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 668.578180] mem_cgroup_try_charge+0x259/0x6b0 [ 668.582893] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 668.588140] wp_page_copy+0x430/0x16a0 [ 668.592164] ? follow_pfn+0x2a0/0x2a0 [ 668.596165] ? do_raw_spin_unlock+0x181/0x270 [ 668.600974] do_wp_page+0x57d/0x10b0 [ 668.604972] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 668.609765] ? kasan_check_write+0x14/0x20 [ 668.614249] ? do_raw_spin_lock+0xd7/0x250 [ 668.618665] __handle_mm_fault+0x2305/0x3f80 [ 668.623120] ? copy_page_range+0x2030/0x2030 [ 668.627580] ? count_memcg_event_mm+0x2b1/0x4d0 [ 668.632622] handle_mm_fault+0x1b5/0x690 [ 668.636913] __do_page_fault+0x62a/0xe90 [ 668.641095] ? __lock_is_held+0xb6/0x140 [ 668.645660] ? vmalloc_fault+0x740/0x740 [ 668.649759] ? trace_hardirqs_off_caller+0x65/0x220 [ 668.655583] ? trace_hardirqs_on_caller+0x6a/0x220 [ 668.660551] ? page_fault+0x8/0x30 [ 668.664143] do_page_fault+0x71/0x57d [ 668.668010] ? page_fault+0x8/0x30 [ 668.671672] page_fault+0x1e/0x30 [ 668.675570] RIP: 0033:0x40f7d0 [ 668.678800] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 08 fa 4c 00 31 c0 e8 df 26 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 38 f8 4c 00 [ 668.698521] RSP: 002b:00007fff548ad030 EFLAGS: 00010202 [ 668.703913] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000414ee1 [ 668.711539] RDX: fffffffffffffff7 RSI: 0000000000000b5e RDI: 0000000000000003 [ 668.719009] RBP: 0000000000000000 R08: 00000000f9546b5d R09: 00000000f9546b61 [ 668.726556] R10: 00007fff548acf50 R11: 0000000000000000 R12: 0000000000000000 [ 668.734462] R13: 00007fff548ad060 R14: 0000000000000000 R15: 00007fff548ad070 [ 668.803044] Task in /syz1 killed as a result of limit of /syz1 [ 668.821177] memory: usage 305072kB, limit 307200kB, failcnt 9413 [ 668.842484] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.909270] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.932848] Memory cgroup stats for /syz1: cache:28KB rss:295408KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 668.962415] Memory cgroup out of memory: Kill process 18764 (syz-executor.1) score 1226 or sacrifice child [ 668.974231] Killed process 18764 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 668.986437] oom_reaper: reaped process 18764 (syz-executor.1), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB 14:31:10 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet(0x10, 0x0, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000180)={'tunl0\x00', @ifru_flags}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:10 executing program 3: socket$inet(0x2, 0x6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r0, 0x80047453, 0x0) 14:31:10 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x6b6b6b00, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 669.490122] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 669.502101] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 669.508238] CPU: 0 PID: 19740 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 669.516591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 669.526256] Call Trace: [ 669.529079] dump_stack+0x197/0x210 [ 669.533134] dump_header+0x15e/0xa55 [ 669.536867] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 669.542259] ? ___ratelimit+0x60/0x595 [ 669.546345] ? do_raw_spin_unlock+0x181/0x270 [ 669.551181] oom_kill_process.cold+0x10/0x6ef [ 669.556047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.561744] ? task_will_free_mem+0x139/0x6e0 [ 669.566270] ? find_held_lock+0x35/0x130 [ 669.570741] out_of_memory+0x362/0x1330 [ 669.574900] ? lock_downgrade+0x880/0x880 [ 669.579394] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 669.584779] ? oom_killer_disable+0x280/0x280 [ 669.589447] ? find_held_lock+0x35/0x130 [ 669.593794] mem_cgroup_out_of_memory+0x1d2/0x240 [ 669.598906] ? memcg_event_wake+0x230/0x230 [ 669.603752] ? do_raw_spin_unlock+0x181/0x270 [ 669.608352] ? _raw_spin_unlock+0x2d/0x50 [ 669.612518] try_charge+0xec5/0x1490 [ 669.616765] ? lock_downgrade+0x880/0x880 [ 669.621111] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 669.626211] ? rcu_read_unlock+0x33/0x60 [ 669.630493] ? get_mem_cgroup_from_mm+0x185/0x510 [ 669.635781] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 669.642319] ? mark_held_locks+0x100/0x100 [ 669.646755] mem_cgroup_try_charge+0x259/0x6b0 [ 669.651677] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 669.656625] __handle_mm_fault+0x1e50/0x3f80 [ 669.661260] ? copy_page_range+0x2030/0x2030 [ 669.665990] ? count_memcg_event_mm+0x2b1/0x4d0 [ 669.670876] handle_mm_fault+0x1b5/0x690 [ 669.675154] __get_user_pages+0x609/0x1860 [ 669.679528] ? follow_page_mask+0x1ac0/0x1ac0 [ 669.684052] ? lock_acquire+0x16f/0x3f0 [ 669.688438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 669.694197] populate_vma_page_range+0x20d/0x2a0 [ 669.699203] __mm_populate+0x204/0x380 [ 669.703410] ? populate_vma_page_range+0x2a0/0x2a0 [ 669.708878] __x64_sys_mlockall+0x35c/0x520 [ 669.713215] do_syscall_64+0xfd/0x620 [ 669.717124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 669.722493] RIP: 0033:0x45b349 [ 669.725907] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 669.746655] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 669.754976] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 669.763299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 669.770899] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 669.778731] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 669.786138] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 669.795648] Task in /syz0 killed as a result of limit of /syz0 [ 669.801904] memory: usage 307200kB, limit 307200kB, failcnt 5546 [ 669.808435] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 669.815447] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 669.821941] Memory cgroup stats for /syz0: cache:76KB rss:298312KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222264KB active_anon:15276KB inactive_file:0KB active_file:0KB unevictable:60928KB [ 669.844396] Memory cgroup out of memory: Kill process 18213 (syz-executor.0) score 1163 or sacrifice child [ 669.854756] Killed process 18213 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 669.890432] oom_reaper: reaped process 18213 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:31:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="280000000706010800000000000000000000000005000100060000000900020073797a320000000010b73af19d6d2d00617918cfd2b998f7097cf1e64166e1f4922438d953b0f610fc0608591b95ddb60f1e76a68bd034d057b9782938f86a76df9e5d21e0b42616e35b7e77e9443d1bb367fa1bc70512a733603f6fa9558312c6ae7f056d802e8152e62d14c040829edeb8c9497c92ffc7d6d6fa0f59c2a131136051e90f9de082cbafc3796e6d1e87ad0e85a0b841b0e17bdf5ce6273fd1"], 0x28}}, 0x0) 14:31:11 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x0) 14:31:11 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000400)={0x0, 0x0}) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000440)={0x7, 0x8, 0x4, 0x70000, 0x9, {r2, r3/1000+30000}, {0x2, 0x2, 0x2, 0xfd, 0x5, 0x0, "cbf61e63"}, 0x55, 0x1, @fd, 0x7fffffff, 0x0, 0xffffffffffffffff}) ioctl$VIDIOC_S_AUDOUT(r4, 0x40345632, &(0x7f00000004c0)={0x80, "a9a4d719e824a091acdc97f2f7a2ff1a1ed10f12ace979b29705c2ce9dd777f7", 0x1, 0x1}) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r5 = getpid() r6 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x4, 0x200000) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(0xffffffffffffffff, 0xc01064bd, &(0x7f0000000140)={&(0x7f00000000c0)="fa77df8cafae491b7e9e4d7bcb40030b9edd0e181ded119352a15fbd622a559c8bbfb828ab890054ece5b52f5f0c052bac730adb7692fa33fd1bb428b8811bf61130d353abb4e9060480e74e8ab0e1293549be86127175cdf78625d8243f3276d90d", 0x62, 0x0}) ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r6, 0xc01064ac, &(0x7f0000000280)={r7, 0xf9, &(0x7f0000000180)=""/249}) socket$inet6(0xa, 0x0, 0x0) r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$PPPIOCGDEBUG(r8, 0x80047441, &(0x7f0000000040)) r9 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r9, 0x84, 0x65, &(0x7f0000000340)=[@in6={0xa, 0x4e23, 0x1f, @dev={0xfe, 0x80, [], 0x3b}, 0x8}, @in6={0xa, 0x4e23, 0xfffffffc, @ipv4={[], [], @multicast2}, 0xd6d5}, @in6={0xa, 0x4e22, 0x6, @remote, 0x3}, @in6={0xa, 0x4e22, 0xac70, @empty, 0x1}, @in6={0xa, 0x4e24, 0xe726, @empty, 0x3ff}, @in6={0xa, 0x4e24, 0x7ff, @rand_addr="ed1fb787f6990711fd38ce11483a8bf3", 0x1000}], 0xa8) ioctl$sock_ifreq(r9, 0x8916, &(0x7f0000000300)={'ip6_vti0\x00', @ifru_names='veth1_to_team\x00'}) ptrace(0x4206, r5) tkill(r5, 0x9) 14:31:11 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x7c030000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:11 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) dup(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000040)={0x2, 0x2, 0x4, 0x40, 0x7fff, {0x77359400}, {0x1, 0x3, 0x2, 0x2, 0x5, 0x0, "50a91a72"}, 0x8, 0x3, @planes=&(0x7f0000000000)={0x45, 0x8000, @userptr=0x1, 0xffff}, 0x80}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000040)) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000200)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = fcntl$dupfd(r10, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = syz_open_pts(r8, 0x800) read(r12, &(0x7f00000000c0)=""/19, 0x8) r13 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) write$cgroup_subtree(r13, &(0x7f00000000c0)={[{0x2d, 'cpu'}, {0x2b, 'memory'}, {0x2d, 'memory'}, {0x2d, 'pids'}, {0x2b, 'pids'}, {0x2d, 'pids'}, {0x2d, 'pids'}, {0x2d, 'rdma'}]}, 0x33) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x100) r14 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r14, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r14, 0x80047453, 0x0) 14:31:11 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 14:31:11 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) eventfd(0x1f) r0 = getpid() socket$inet6(0xa, 0x3, 0xfe) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:11 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x87a00000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:12 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$FS_IOC_GETFLAGS(r3, 0x80086601, &(0x7f0000000040)) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}}, 0x0) [ 670.448496] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 670.460959] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 670.466761] CPU: 0 PID: 19924 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 670.474702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.484318] Call Trace: [ 670.487122] dump_stack+0x197/0x210 [ 670.490948] dump_header+0x15e/0xa55 [ 670.495054] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 670.500192] ? ___ratelimit+0x60/0x595 [ 670.504117] ? do_raw_spin_unlock+0x181/0x270 [ 670.508894] oom_kill_process.cold+0x10/0x6ef [ 670.513632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.519203] ? task_will_free_mem+0x139/0x6e0 [ 670.523984] ? find_held_lock+0x35/0x130 [ 670.528088] out_of_memory+0x362/0x1330 [ 670.532101] ? lock_downgrade+0x880/0x880 [ 670.536496] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 670.542301] ? oom_killer_disable+0x280/0x280 [ 670.547074] ? find_held_lock+0x35/0x130 [ 670.551475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 670.556747] ? memcg_event_wake+0x230/0x230 [ 670.561289] ? do_raw_spin_unlock+0x181/0x270 [ 670.566160] ? _raw_spin_unlock+0x2d/0x50 [ 670.570525] try_charge+0xec5/0x1490 [ 670.574404] ? lock_downgrade+0x880/0x880 [ 670.578725] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 670.583801] ? rcu_read_unlock+0x33/0x60 [ 670.588015] ? get_mem_cgroup_from_mm+0x185/0x510 [ 670.593110] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 670.599514] mem_cgroup_try_charge+0x259/0x6b0 [ 670.604579] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 670.609553] wp_page_copy+0x430/0x16a0 [ 670.613858] ? follow_pfn+0x2a0/0x2a0 [ 670.617971] ? do_raw_spin_unlock+0x181/0x270 [ 670.622901] do_wp_page+0x57d/0x10b0 [ 670.626656] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 670.631715] ? kasan_check_write+0x14/0x20 [ 670.636081] ? do_raw_spin_lock+0xd7/0x250 [ 670.640361] __handle_mm_fault+0x2305/0x3f80 [ 670.644920] ? copy_page_range+0x2030/0x2030 [ 670.649631] ? count_memcg_event_mm+0x2b1/0x4d0 [ 670.654344] handle_mm_fault+0x1b5/0x690 [ 670.658571] __get_user_pages+0x609/0x1860 [ 670.662861] ? follow_page_mask+0x1ac0/0x1ac0 [ 670.667755] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 670.672561] ? retint_kernel+0x2d/0x2d [ 670.676489] populate_vma_page_range+0x20d/0x2a0 [ 670.681401] __mm_populate+0x204/0x380 [ 670.685480] ? populate_vma_page_range+0x2a0/0x2a0 [ 670.690578] __x64_sys_mlockall+0x35c/0x520 [ 670.695011] do_syscall_64+0xfd/0x620 [ 670.699427] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 670.704916] RIP: 0033:0x45b349 [ 670.708467] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 670.727976] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 670.736061] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 670.743656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 670.751235] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 670.758641] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 670.766344] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 670.774631] Task in /syz1 killed as a result of limit of /syz1 [ 670.781784] memory: usage 307200kB, limit 307200kB, failcnt 9443 [ 670.788153] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.795589] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 670.802017] Memory cgroup stats for /syz1: cache:28KB rss:297376KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:113984KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 670.825915] Memory cgroup out of memory: Kill process 19911 (syz-executor.1) score 1226 or sacrifice child [ 670.836305] Killed process 20099 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 670.849362] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 670.861117] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 670.866589] CPU: 0 PID: 19924 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 670.874607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 670.884159] Call Trace: [ 670.886776] dump_stack+0x197/0x210 [ 670.890570] dump_header+0x15e/0xa55 [ 670.894463] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 670.900192] ? ___ratelimit+0x60/0x595 [ 670.904183] ? do_raw_spin_unlock+0x181/0x270 [ 670.909055] oom_kill_process.cold+0x10/0x6ef [ 670.913593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 670.919574] ? task_will_free_mem+0x139/0x6e0 [ 670.924103] ? find_held_lock+0x35/0x130 [ 670.928199] out_of_memory+0x362/0x1330 [ 670.932442] ? lock_downgrade+0x880/0x880 [ 670.936720] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 670.941855] ? oom_killer_disable+0x280/0x280 [ 670.946386] ? find_held_lock+0x35/0x130 14:31:12 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:12 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SIOCPNDELRESOURCE(r1, 0x89ef, &(0x7f0000000000)=0x6) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:12 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x3, 0x3f) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:12 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040)=0x101, 0x4) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) [ 670.950487] mem_cgroup_out_of_memory+0x1d2/0x240 [ 670.955576] ? memcg_event_wake+0x230/0x230 [ 670.959930] ? do_raw_spin_unlock+0x181/0x270 [ 670.964671] ? _raw_spin_unlock+0x2d/0x50 [ 670.968993] try_charge+0xec5/0x1490 [ 670.972904] ? lock_downgrade+0x880/0x880 [ 670.977291] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 670.982319] ? rcu_read_unlock+0x33/0x60 [ 670.986730] ? get_mem_cgroup_from_mm+0x185/0x510 [ 670.992400] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 670.998591] mem_cgroup_try_charge+0x259/0x6b0 [ 671.003232] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 671.008879] wp_page_copy+0x430/0x16a0 [ 671.012977] ? follow_pfn+0x2a0/0x2a0 [ 671.016940] ? do_raw_spin_unlock+0x181/0x270 [ 671.021644] do_wp_page+0x57d/0x10b0 [ 671.025508] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 671.030510] ? kasan_check_write+0x14/0x20 [ 671.035021] ? do_raw_spin_lock+0xd7/0x250 [ 671.039785] __handle_mm_fault+0x2305/0x3f80 [ 671.044722] ? copy_page_range+0x2030/0x2030 [ 671.049489] ? count_memcg_event_mm+0x2b1/0x4d0 [ 671.054517] handle_mm_fault+0x1b5/0x690 [ 671.058774] __get_user_pages+0x609/0x1860 [ 671.063301] ? follow_page_mask+0x1ac0/0x1ac0 [ 671.067966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 671.072842] ? retint_kernel+0x2d/0x2d [ 671.076782] populate_vma_page_range+0x20d/0x2a0 [ 671.081724] __mm_populate+0x204/0x380 [ 671.085700] ? populate_vma_page_range+0x2a0/0x2a0 [ 671.090824] __x64_sys_mlockall+0x35c/0x520 [ 671.095184] do_syscall_64+0xfd/0x620 [ 671.099023] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.104633] RIP: 0033:0x45b349 [ 671.107946] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.127933] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 671.136342] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 671.144042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 671.151638] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 671.159186] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 671.167780] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 671.175934] Task in /syz1 killed as a result of limit of /syz1 [ 671.181978] memory: usage 305072kB, limit 307200kB, failcnt 9457 [ 671.188277] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.195130] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.201349] Memory cgroup stats for /syz1: cache:28KB rss:295484KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 671.223676] Memory cgroup out of memory: Kill process 19911 (syz-executor.1) score 1226 or sacrifice child [ 671.235686] Killed process 19911 (syz-executor.1) total-vm:72720kB, anon-rss:18256kB, file-rss:54376kB, shmem-rss:0kB [ 671.248992] oom_reaper: reaped process 19911 (syz-executor.1), now anon-rss:18256kB, file-rss:54368kB, shmem-rss:0kB [ 671.257790] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 671.272189] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 671.278076] CPU: 1 PID: 20566 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 671.286278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.295659] Call Trace: [ 671.298316] dump_stack+0x197/0x210 [ 671.301978] dump_header+0x15e/0xa55 [ 671.305865] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 671.311226] ? ___ratelimit+0x60/0x595 [ 671.315147] ? do_raw_spin_unlock+0x181/0x270 [ 671.319939] oom_kill_process.cold+0x10/0x6ef [ 671.324575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.330144] ? task_will_free_mem+0x139/0x6e0 [ 671.334774] out_of_memory+0x362/0x1330 [ 671.338887] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 671.344270] ? oom_killer_disable+0x280/0x280 [ 671.349128] ? find_held_lock+0x35/0x130 [ 671.353267] mem_cgroup_out_of_memory+0x1d2/0x240 [ 671.358228] ? memcg_event_wake+0x230/0x230 [ 671.362754] ? do_raw_spin_unlock+0x181/0x270 [ 671.367286] ? _raw_spin_unlock+0x2d/0x50 [ 671.371553] try_charge+0xec5/0x1490 [ 671.375304] ? lock_downgrade+0x880/0x880 [ 671.379708] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 671.384598] ? rcu_read_unlock+0x33/0x60 [ 671.388694] ? get_mem_cgroup_from_mm+0x185/0x510 [ 671.393822] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 671.400193] ? mark_held_locks+0x100/0x100 [ 671.404627] mem_cgroup_try_charge+0x259/0x6b0 [ 671.409586] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 671.414658] __handle_mm_fault+0x1e50/0x3f80 [ 671.419158] ? copy_page_range+0x2030/0x2030 [ 671.424487] ? count_memcg_event_mm+0x2b1/0x4d0 [ 671.429284] handle_mm_fault+0x1b5/0x690 [ 671.433395] __get_user_pages+0x609/0x1860 [ 671.438254] ? follow_page_mask+0x1ac0/0x1ac0 [ 671.442959] ? lock_acquire+0x16f/0x3f0 [ 671.447243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.453171] populate_vma_page_range+0x20d/0x2a0 [ 671.458411] __mm_populate+0x204/0x380 [ 671.462546] ? populate_vma_page_range+0x2a0/0x2a0 [ 671.467521] __x64_sys_mlockall+0x35c/0x520 [ 671.471878] do_syscall_64+0xfd/0x620 [ 671.475715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.481216] RIP: 0033:0x45b349 14:31:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7ffff000) prctl$PR_SET_FPEXC(0xc, 0x0) 14:31:13 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x8cffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:13 executing program 2: openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/cpuinfo\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000040)={0x1f, 0x9, 0x4, 0x10, 0x9, {0x0, 0x7530}, {0x4, 0x1, 0x0, 0x20, 0x0, 0x80, "409bdef7"}, 0xffffff2f, 0x3, @fd, 0x6, 0x0, 0xffffffffffffffff}) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 14:31:13 executing program 3: r0 = socket$inet(0x2, 0x4, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = dup2(r4, r6) connect$pppoe(r7, &(0x7f0000000140)={0x18, 0x0, {0x3, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) ioctl$sock_ax25_SIOCADDRT(r6, 0x890b, &(0x7f0000000040)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x5, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) [ 671.484441] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.504078] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 671.512252] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 671.519553] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 671.527482] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 671.534995] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 671.542357] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 671.550507] Task in /syz0 killed as a result of limit of /syz0 [ 671.556591] memory: usage 307200kB, limit 307200kB, failcnt 5558 [ 671.563099] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.569939] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.576286] Memory cgroup stats for /syz0: cache:76KB rss:298372KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:222264KB active_anon:15276KB inactive_file:0KB active_file:0KB unevictable:60888KB [ 671.598233] Memory cgroup out of memory: Kill process 18757 (syz-executor.0) score 1163 or sacrifice child [ 671.608879] Killed process 18757 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 671.655414] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 671.667567] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 671.673436] CPU: 1 PID: 20566 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 671.681509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 671.691450] Call Trace: [ 671.694073] dump_stack+0x197/0x210 [ 671.697737] dump_header+0x15e/0xa55 [ 671.701689] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 671.707048] ? ___ratelimit+0x60/0x595 [ 671.711144] ? do_raw_spin_unlock+0x181/0x270 [ 671.716027] oom_kill_process.cold+0x10/0x6ef [ 671.721039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.726967] ? task_will_free_mem+0x139/0x6e0 [ 671.731586] ? find_held_lock+0x35/0x130 [ 671.735945] out_of_memory+0x362/0x1330 [ 671.739959] ? lock_downgrade+0x880/0x880 [ 671.744583] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 671.750706] ? oom_killer_disable+0x280/0x280 [ 671.755242] ? find_held_lock+0x35/0x130 [ 671.759637] mem_cgroup_out_of_memory+0x1d2/0x240 [ 671.764997] ? memcg_event_wake+0x230/0x230 [ 671.769770] ? do_raw_spin_unlock+0x181/0x270 [ 671.774845] ? _raw_spin_unlock+0x2d/0x50 [ 671.779156] try_charge+0xec5/0x1490 [ 671.782918] ? lock_downgrade+0x880/0x880 [ 671.787474] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 671.789946] oom_reaper: reaped process 18757 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 671.792868] ? rcu_read_unlock+0x33/0x60 [ 671.792887] ? get_mem_cgroup_from_mm+0x185/0x510 [ 671.792908] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 671.819308] ? mark_held_locks+0x100/0x100 [ 671.823684] mem_cgroup_try_charge+0x259/0x6b0 [ 671.828658] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 671.833718] __handle_mm_fault+0x1e50/0x3f80 [ 671.838288] ? copy_page_range+0x2030/0x2030 [ 671.842837] ? count_memcg_event_mm+0x2b1/0x4d0 [ 671.849761] handle_mm_fault+0x1b5/0x690 [ 671.854073] __get_user_pages+0x609/0x1860 [ 671.858654] ? follow_page_mask+0x1ac0/0x1ac0 [ 671.863575] ? lock_acquire+0x16f/0x3f0 [ 671.867579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 671.873367] populate_vma_page_range+0x20d/0x2a0 [ 671.879240] __mm_populate+0x204/0x380 [ 671.883549] ? populate_vma_page_range+0x2a0/0x2a0 [ 671.888846] __x64_sys_mlockall+0x35c/0x520 [ 671.893353] do_syscall_64+0xfd/0x620 [ 671.897265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 671.902790] RIP: 0033:0x45b349 [ 671.906004] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 671.926287] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 671.934295] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 671.941688] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 671.949151] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 671.956599] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 671.964014] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 671.971705] Task in /syz0 killed as a result of limit of /syz0 [ 671.978300] memory: usage 294896kB, limit 307200kB, failcnt 5577 [ 671.984663] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.991861] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 671.998499] Memory cgroup stats for /syz0: cache:76KB rss:286048KB rss_huge:71680KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:203936KB active_anon:15276KB inactive_file:0KB active_file:0KB unevictable:66932KB [ 672.020317] Memory cgroup out of memory: Kill process 19699 (syz-executor.0) score 1163 or sacrifice child [ 672.031096] Killed process 19699 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB 14:31:13 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f00000045c0)=0x2d4) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmmsg$inet6(r4, &(0x7f000000ac40)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)="35a54895310b3ed843088b2d4bbf2f651199243253edbe9f89ae6fe5", 0x1c}, {&(0x7f0000000140)="59cce102212e00ff5cd809bbf752190528fbdc75a7cfa9a29edb39c365a7436c565bebfbd7226762873d03c561f05ade1be619f2777fb7de1fb06400467b42d18ffcca806aad6c35b2ccb388450261d6ab5985af3ad5bda8c4d805b59a44700f469a95f3749cceab99a25a55fa1e53b8f7bc1b14220b8797910c1fd5a96d8ef5b57308525544c545390eb069531867ac22bbd8ee552362d7d5f2db2797ca75af2beb7d46fd6497632fc1af302b20b9895a4e33cccc4c8f8f2ed7b474f0877a05de2f569761722ccddfd85f2b", 0xcc}, {&(0x7f0000000240)="8f6f63e2655148f7f0df2b4ac608d2c9f5b9e2573a45f150d6f6b252f892a74616040081355c24c7377943e15e0ba8f1b128e8faf1c447192bd95031637c8051d7f932e45e2fefbc2da421ec46b5ab074d5a3ccec6bce439ff904b99c4860e033f01126e7095e4f9e11b96329b2c5202cead542c2775f53155425f9ba70d2b4595f1c2392ac178402edd02e97047d758119c60d22cfd4ab2e3ac8f361ce0c4cf2e29f43bcb94f7480ace76576c0f981cca9f", 0xb2}, {&(0x7f0000000300)="87860777a996fa9a4341e35d4a074840c168cd763c13266cbb32d66ce4cca36b72d47c0ebb135cb57e52686bc6440e4258f16e170bf538d7ac7b5a21996d9c27644879f262", 0x45}, {&(0x7f0000000380)="131f16083a93bb953513fa088c9940bd8310b36c73df5f0c1a987c7b3488e7028ce8464bf73ea17427566e2f2af87d2cf52a2cf1f173b642fb9292823cd79b669fcebc609e6f843d68d51f2c4d802c6e452b3b1b30e3d5c0490c1791d4394ded9914e0c78dadf9a269dff191a328c5afb340901f75a75b03a2", 0x79}], 0x5, &(0x7f0000000480)=[@rthdr={{0x28, 0x29, 0x39, {0x32, 0x2, 0x0, 0x9, 0x0, [@dev={0xfe, 0x80, [], 0x3e}]}}}, @rthdrdstopts={{0x1020, 0x29, 0x37, {0xff, 0x201, [], [@pad1, @enc_lim={0x4, 0x1, 0x4}, @generic={0x7, 0x1000, "d57afca7ed51bfe5529cc42330258915ef13edfb59d048d13bb85d6a7737b1b811bec53e6427270d9641158613735a1487b2ed2d9d8042ef9c6c6f1c0981c5697bdd412f7d41e6c0c8f7f9ef61ae065c3782df269c07ba664b32f5003352deb481bf32ece00aff82c19ee7a115cb7c43e610d9fa5933173c0394d6ebbdd5284cceb52f7c6f526d10b07fcd0198713675859ed9beb99df1d929a94cafb3863f243f828e8a21c059f04c8bee19d39a90f506e5b094a2ff04acabcd42f8baaa7e1249260840fcf6bc1f0056c0630a99aae4e73e94bab5e744f6205756fa57941ff6ddb72869d89c1506822d08d89dab50db383da6948d8e2110544b013e20f1d14631f44a15ef1bbdf32d728ccaae38bedb3f925f36a77e9c58a9d9aac7623238f88685f7e7dd74667b6d670b6039248cdde086b4f793a786c3b5a46c5b1b0435933e482a2d5c7b832b60e344c72ea6e198967928f31229d01ddda9bbc81d8ba34127cc7928316a7e11d25bca11cbd27125fa08463a6489a1fa1d05e0cbff5fd3c483a779a77095463ea9bec7ac57a1a2cbb74089ac8a2a65cac62ed1356d5eb544b7de8f47d6c59329b0d625a7d04cf3dc4ba4cb077d84ad4f6a60ab04220e2e4b8a3cf9aa9d2e99446a2eddf5642e8ade1f63be85bc317fa4218c3e07af01d84b590e9502e9dfe0c222168183eb4807d638d84abaec1474b06d21fbc5393b1ad518a012c6c0db0e4e7e99763d5951d5a7067a0061a6c3550be1c7876d923be5b87ea97150c84ba661075d193ae6d8d994fc28271ab9029888db54538ec81a6b063c5be969c772985544a2ec64fb7dd7faed970aa2ca6363400c224422493b1fb71392211544d10f23b9a1cceceea7a1935415c8d3f87a3cbaca30c642497c8b82e3bf47aa618c97383b338bf33e59735b7770d51627b385e2ab18dbd02d1d0a1da9f97006ed70eb2ec1bf1e33e473baedc796052c4f902cdf5ca6d658faaf01759c7e91ac127c066eee5102c0d09e51155c643652deb46b9cd941199acb8c7a58934fdf2ed829423023ee8ed678e6775eea32cd4fa0dab9096b6fc6350a2a6d4759c7636c7b4605c03c5b3bcf60c93121bbc935b4c5c488ba1bc19131e8d8631ecd0ebbfd5863e35561a12b92073c20cdf6126327380c41c7b95e5771cf06ceb64c2492ffb6cf091bb6e42df13919f5a343e3ef77f7e982eca045e00d55cdc308ef38adfabd885791b398ecf35a07175e4973c8c993e12ab9fc64692f1e279f27194cfda5475ff5a922d690ff66d65a6c0998b6da51e74f4cdca88ea7f774ecb2a4a29e3192aadee5c6efe009770fb6a097d1ed8330be8ec9d77d883bbe87b4e2ba40bf3697cda1fe3a27b8a12b6bd4fc7de2b8f536b3762373ce1d011fa363d4bdd50ba7e824f2145aa0ed713b6e5832991dfc69583df3085ff523fb352e2a2e3c7a7aa41533046ae090179782fe07b9ec25cee0f028966f21e75f5ddd8f15bb5db474d2e35e09f2e8f9b7f66072b683818c94772fd70804e29fa9da94df8879dc8c154d0719ce64dd3be143bad7dc078e96df7f142b7f763cb2a9662d54ee0e4456a9b052063701861783395e2a74c983f09954bd139338593b067f2f40bf9608bbc3901439433116169f4f07f7bb9b4f4066b7a8e0e8d1fe76645819d1dc97c7f3017e4dea3d93eec90c8a25ce6fda49ae446895f5ebea080b12294496c6ca33b9e732553fe1476ba46977e25f1a09f88213b7b1d3876c2f0069021eb7eeb8bcc58c1981cdebb157ffc15c5b93fedb4593ec335a6d079d2d36711b8e468b012c0a24e9da446cb5c87d28076eef1cf2c541a6c93441126111b6e911468373a3377dd1e15cf79784c123a830fc2ea47120940752874efae33302938383dbcb4ad260ba6ca171072cf2707521c00b3d72acaadcb528c0233ad3a470ec6e281f35cef1025bc519ecbcd2778109305e76aad77a0b6e75dac053c318496b11c24942d83eedf1b7a068f4da84ce0dbb4f0db6a86ce3fc9d5601fd8f6e876e55d6ae07c0e2401d86b1fb9eb52b679e720f74207ab76af868d0d6ded9ced66257e8d65f12f6a802f1ec879f83f5fe6c315cf5103dfb827b137ff8ddacd4d3879e82873455f5275b17a77da942bf00cfd87823f75073a0de01d119c85ae6a7b9d04845a27de3c47ede3853ce8d0e3fe82a45e623d2198d54a7680e433250b8e68f23d2d63284783d97d6404d88c958157c1b7ff185ef730794d31b0a53de24c7d3600362472b3bf076796355842173cff1dc0e6568ceca13aa947a6621166caa50eb3a7aec274ef1e82d2b03caea3bf2ea75e10b5a9dd2f3845b880da432d55f98451ad45f4b4deecd7fcda84c7a0ea9dec745cacf6db61dc9c0a54b94835e63ec44c9ea43beb9ea166bbade3871b1414632de3c9da0615448062838505f9294f3611db9772367bcff9fd15cf55c07358dccb25a4fac4a66158425e0db89742eacf0f2fdcb018c97b557b00ff34b24db7f591ed774bcadd03b00787b1fa71819a0b50febea52f1edc83e6508916770cc8840228e51c14c5a74ca235bd99f37847ff00f1adcba4be29489b079e79bc89b46aa2ccb59463c29111e436f4df1cb77cd6ad33cb61209f5d58085720a153a805bd23b48f5335f965e7e17918bf53d02157ddd3a708db8a558164a42e3491ddb9a6ddd00bb93f08332fb8e3cb9b4fb81765d1919892c7e2eeb1be049304c62d28e3db73a68669dd43dc76201abdffd9284aa12182b8ada578fd1ec98bc09a51f6e2ab776941f73e2ab39a58e82a95d1f6a6567ad2ea0fb276e34c2fbb0d269c2f2690bf5338291dd97bff294743fc819f7d60e8b993d9e02077e79ff64a996307dbaa79b6aaefd29edb655407d7bba7ab22d61deb9b5d93382379f2ea687468a2815d589a2554b59bd9f1c3ed768c9c7b45f9f3585fac43e46fb69a650d70c69e175004c155e355f628c665c4dbb23661ecede82c180a254d18ec8862f4dc1a4f0f06224af56f10ac6ef49df58b1cf0bc8a075b82cbab23ecfb14ca49fcbde6747fca0b054fde2600e665a7c939c30adfe6d43108433d0885a7248160512c9789cf64e9e09fc3413010726342855143632919ffe66a456144ea11de6231eafee6e92107ae6f69d84ec09370dae28b4f50aa9a5a39de3105c0fd63c7078be9c47954b71c24a00947f82f741662d853101080c3d6a4180715e5c64683f0f83e8a7e13ca1def84f5a68c2acca0d83c30c837447a4ea5923991394a8948db22fbd00ac9069ff7e1b0a2239aa6ff08e391b39eb46ce4cad0a114af98ffb129bdf9d579467b9efe2d060dac26bdb4430c505b959d372cc4da2f6eab7139b5aa87297a2c03ca5533e6e50de544a09e82d47676259ffdb4d76a143b9492bf7da46c97d574beb2fc67a79142608f20d2544d7505e5856167c6a9fe076e9bedf41175b3876572b389d56c15de2a69de19608d18997e2703205b112f109948679304962d56f086dda9532c53ab4936533a9dc6020c46c4ccd80079f9bf69a364b1b56cc034f63e7a960378e6642579d12f624744013a5ae64faeec92f7f9a634172b39057c03fbf47a6d0df54af26be66131e0d166d51f354cc68d2a7ea39ae44861728e27bae2bbd3909cd06444d3a371737104f2766133d989f7a427857fba61fc2f7fb0ea3f73c01cf3ee7a909ec24705264f8942ea2f2522c81d268593c6b40eec6f58373016edd7b4bcce4a00c5319d562ec49cf211a5f0818a1d215f378b06f74d290772f897ea2c1fa0159666acf43109132b6eb20b5c03eb75b2272995efd514031d359a22cdb9fff4303501b2dfd3ac1564435adf91ef8152e706f2311e4c97579874494e15ba21db8f8dd66d2e1186d9d107e25074fe4040a66df0ad274bbc868c10cfc217ee900a95cf4b3deb8867902bca7f82e940816c0b5a0b41808eeecdd0af34d6df722dc3186c09769c7c7c68952dfbead4a27f4a25144a48931cdfb8400616e3bc2065794f471bcf3afcc1eec2453cf5b1c1929151a89aaafd6d458e472d7d5889933f9c5709962d4a5f4f9041be1617d82419d430e712b33f33b0bd9d1cf80eba287e99515234aee03fa4a69cb18ebc800145f618c359a0648926398da3920997a133adb7d85e307ea8badbed7467c3788b40bf491547906aee068259970da038521197ac7fdb6ca23030a99044626f0cfd18ab6569faac39f95dc8292ea89eb676fd66a787a5751584b2bce7963910a829f5c66e4f0b8ac9b5f70b98840449f80640b0cfd73044fa9c51921bed78967c05e60e9673b36ca39f0fdd02df4444eeff2eabd5d9736bce99285cf4d3cf8fe80e92b70b800f1e1cb9d37cff62c74f17385dc870884ed81e9529267d0cde176db5efcf1cb3f8d12bfb31b81d4cdb406e9825c81b32d7fcf2416e7fd93d7d1c451c8b39428b10b1564fcb438c46287325cd6f0c40274844a4009a85ccd269ce9be4a7123445aaa6217e575f8958851f5950758ac9bc34dd11697b9c9ab17d1c013bc8c91d624a4a6fee59951b513474b76705d15e1b5c5cb6aa77596c88cc30785588a72b6323ea49118877e9b7323a13b9bb62ac2aab880268bdfaca4ad4991030942ec5ef12bc7c52adca3fd03e234cb7da0b5cd4ebffbbd2c9127a5a9f505de38bf2d7e97d102a0e9f6ed7b61046506c0a1633a83693405fb474206daee624705215a2d81a81a865e0c0d13e11e54a19da1244d1ed2d2f9393b474d1c33c3d6779043661257623cb2ba5474cdef5f60db0758e67e1e469938b5d728ccfb480f00431121674588bd10f3f1f1e045c9e62ef93955c01ad3dd2b860617820fd25a51794208a6feb6183c8ea9be3b615fef15de6595004d592e35d2994c64e36d0ebf1c7335467323a66e7c2ca181a06af40d81fc2a39f8499af7eab5321690c98c13b36b860ce9b906758046664877658e6fed9f960121419fdb815296863b24b69afc42605cb001128923b9e5c446c3a53ee4bf7142f9155273e9b3e97a3a6be8d772320a46556edb25512b9780ad7a27f8b2872b3561f405aa83fa33a151d3379176f802e54608c9e27dd92c8fc656d11e6f9ad484d20066b22d8671a5eca1f3fe04851406cb6e3169f2c48892bcb428e1838db66b61002756d3792bfd34b0bec0c56f941d4958379709e2cc6d1beb3af9bda1a958242e1a43df402ee9dfc5b2129eb13a46a1e67114fb7d338b74835836d881c6f628e709aba45f779fb13cbeeb06aaa522130d0c49b7a767006bcdf06b40d0a0b515973a8e6b0f047345f133a7a1a9ad364e5d464f30ae17ba49eda07dd7b6e00b572ac3afd24e6c033135af009232fa4063382714d416dbe77bd12b0f479806ad2ec799cc53cfd1b7855a7f31d0bbe416e8f7fbecc49ec631c5b0db45ec53e7d011bf1551bc19b75a8732d3b16a69b969daf20d8d281f6e56438d6eedbb39a2bb656d94a98e21877621c95f130ace8cff4c972b42552a8953d9b81f94b3d1d4d401889ac390986d7d989aece80e0224886d01ea1e434edb30633b706023fff2fd514f547eda0fbdbbcf63f05c53ea225172ab8d2751f3224d3e80635436eccf0d199a1fac5c4999674f4afae8793e941d59649ac4ff192c66ff1117c544ed29c469ad46c221e07462487acd337c6238e63dd3a82d805cf0493c2c1f2ce1f66ac70a2c89cd554731278da33f1abfe05cdec26f6751589089ce63214a8e662832489a916ef9ae207bbe558a9048827dde7ad1d53516f8f45171227967012dfbf4dd5f83efe5a1f7b557fa52"}]}}}, @dstopts={{0x60, 0x29, 0x37, {0x33, 0x8, [], [@generic={0x0, 0x16, "a1c151016adbaa79cd8edfbfa5a97bf9286b301c9652"}, @calipso={0x7, 0x18, {0x2, 0x4, 0x2, 0x5, [0x6, 0x80]}}, @hao={0xc9, 0x10, @remote}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x7fffffff}}, @pktinfo={{0x24, 0x29, 0x32, {@dev={0xfe, 0x80, [], 0xc}}}}, @dstopts_2292={{0x90, 0x29, 0x4, {0x0, 0xe, [], [@generic={0x4, 0x58, "26e439061b31d258069e8311a18260f6286ff452d85dbaadc2990eee317e68da4bf29b7b4a041270e4db551b782b7e7530aaf51e81ba6e3d2b176016bed2dd35d80a721da0444fa4ee4d8f4d83738ad525ba5c155817886e"}, @enc_lim={0x4, 0x1, 0x1f}, @hao={0xc9, 0x10, @empty}, @ra={0x5, 0x2, 0x6}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x8}}, @tclass={{0x14, 0x29, 0x43, 0x4cc2544e}}], 0x11a8}}, {{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f0000001640)="0a210c51380c4a4655a6db26a11521e68c45f5d1182332f3120b63a125fd679763552108aada31433aa6d21f93b9b1fe459bd09c45917fb7fc4cc7", 0x3b}, {&(0x7f0000001680)="25946570", 0x4}, {&(0x7f00000016c0)="4c41cd13d28ea2a5baa7217ba6086f0336c9c41a56444a88342c6c28b9f7d8ffb792f87c108ccfb3bc6f6a759a077ce5ae8e29e9582e6a06a6839f4dcb71fe0829a212788a00d58d86cd34ba72878820fae24aa79bc4c0f4df7dc04d70b48d2e8228bc8c7e1ab3e5371573c70dc63239af1ff424160e95aade6173f008603a809ab918f7089ffdbd195b7a9b861ef5dc27d65bc1711e1e5f62a91df33edfc775f7772c08a280687b91fc8450724375abae2855a6cd279ccee3f023efa4ce53562fa330e9608f1925dd362f4d22e6503e61d0b4f39b68fd061578696159797233500a70c7bb38e3fe1546a4c3838202ff15a23c", 0xf3}, {&(0x7f00000017c0)="2866c5e03fa184b5907da26f4127649e20976ed289b5b0fe7c5c2694db5f82cb3dc32179fcac0cee8bece1b19a994f6c3d3fdaa64ee58fba25d4f494f27c6bf52ec668146abd3a2ab8ef458017421eeec68d69d644b5ee8dc2ff73044d8c4619e0953330482de3deb7a4b64d9fc29e542735db", 0x73}, {&(0x7f0000001840)="55b487093f073d5b969310f28afcd435569f8df152d862d1d203fcbdc2f95a3383a8cf73b820368ba476b874ad465f14686d761cc161dd77f3447725fde5babe759ed6f0e5ecc905665d2d2a15a0ebb6cfdb1ec09e49a4a0aadf9881a9380c9b1b2243840025c1b2a3cecd443d3e4ced1fff1b2949d4ee5438ea0deb54a5c6edd4e44e98eead", 0x86}], 0x5, &(0x7f0000001980)=[@hopopts_2292={{0x40, 0x29, 0x36, {0x3a, 0x4, [], [@padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @pad1, @hao={0xc9, 0x10, @mcast1}]}}}, @rthdr={{0x28, 0x29, 0x39, {0x0, 0x2, 0x0, 0x7f, 0x0, [@ipv4={[], [], @empty}]}}}, @rthdr={{0x78, 0x29, 0x39, {0x84, 0xc, 0x2, 0x1, 0x0, [@loopback, @rand_addr="0542a1dd06ae1fd5c3a5fdf1923aa771", @mcast2, @mcast1, @empty, @loopback]}}}, @tclass={{0x14, 0x29, 0x43, 0x2}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x33, 0x1, [], [@enc_lim={0x4, 0x1, 0xf7}, @jumbo={0xc2, 0x4, 0x2}, @ra={0x5, 0x2, 0x5}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x80}}], 0x138}}, {{&(0x7f0000001ac0)={0xa, 0x4e20, 0x6, @remote, 0x4}, 0x1c, &(0x7f0000001e40)=[{&(0x7f0000001b00)="707e2eb33f9c38844ee86547cd62f4726f3cd3843b7f7cc2ba003d09a341624626a481b0f816cb98c18c7a043f41e101d29bf08d71fe0c08783bb33857a2be322b7302cd5819a1784720194265408867f87d0214cde0926ebaae3f8976e31d2814fc55a3de3d181dca51a18be6a0b7dad30c15dc43ffa496607357496f95729804cd9c5a460f1bb5c24946be388fca36c8d778ed104792c61ddf4d17a1a15d5a2ef3cef281ba8510969d5b962d26f7f80090134099595b6084eb38af82cb4e695ebb141157b9909c7edee1efa8814b358d2709977a", 0xd5}, {&(0x7f0000001c00)="930c76f14ec7b708debc1e5412b9b025e1032abd429d3cb4ebb3497ea7a31ca09aeb58abe0143800b8ddc140c39f0814b7624428b601af2c652ba302a8d48eb4ef43162cb0e1cdb2ac99f5c2cabc97bee0a9c6cb7379851835b3678123fc6357deda6d0f376f890fe4b0539444bf9dcea6cd62e81304594488dffa0c0d5f56fd0fdb300bcc6115bdbe980af366a6436440bdabfd4c6f3d51acbcccc95cfe74a4c2410a15392dff", 0xa7}, {&(0x7f0000001cc0)="83329ea4dc1c89a4ea7d47554f300ea3a38d3f32d9201b1f7770d3d87a8105a4f5388c59eb3270fd77cec0d9adf976513653f2a67b37b4646aa0d36c73e41700ac", 0x41}, {&(0x7f0000001d40)="47af996ff9240327913b3e430aadff04d8597bc28573358dd7de37cf8827d39bf3f958dcca272bb952dc847a0d34a839eebd6652531a84ec7ae676edebd225148c9fdb4258aa8fe8197aa295e3705f9963ae12a9f47fcf280b5433fd90a409e0a427027acdfda4173bd34083093f", 0x6e}, {&(0x7f0000001dc0)="fcc8067d917f71b439e4583476c264148372c799084b8b1b784537924102bf2693d58faabe4a5adacac3b6933aa845e4a5e57522fe6dc0d384", 0x39}, {&(0x7f0000001e00)="4572e268feca4508e3aec0922118aea399657ec74e3eaeb664f52e6dc4", 0x1d}], 0x6, &(0x7f0000001ec0)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @dstopts={{0x148, 0x29, 0x37, {0x88, 0x26, [], [@padn={0x1, 0x1, [0x0]}, @pad1, @pad1, @ra={0x5, 0x2, 0x2}, @generic={0x3f, 0xfe, "08b8c2191fc7a6e1b087edb2de02c2f6cbf515900bc4468956f051408b4647f12ddcef3b2f04a723f0b968b976c09609da9d50bc1bba9aa3c181be02ffc39fb5afbd986f656111d8a5f36bc9891380cf536d8eee2e4a845ac2e881417ce47b77892e842b8074118a14f1da76dd517836b7a73a29ef36e28df3989c001a5d997b3c940b474b873834796c1bc55c201a8f5ed81bf8e1ed1afff2c4bf2ebb26a0ed2dd6db1adf04ae6eca737a1c848cd355077756e00ad3def51ab861c0f9873ff567b93b0f37f9d3e8fba2d2df3a73801eef54e8020aa149a82c4a3bc7c3c6ec175daf91c1437f75109e4b7cb9e02a1282bac613b4ce785423ba26f046794a"}, @enc_lim, @calipso={0x7, 0x18, {0x1, 0x4, 0x4, 0x553, [0x7, 0xccf]}}, @padn={0x1, 0x1, [0x0]}, @pad1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x101}}, @dontfrag={{0x14, 0x29, 0x3e, 0x4}}], 0x190}}, {{&(0x7f0000002080)={0xa, 0x4e21, 0x2, @mcast1, 0x7}, 0x1c, &(0x7f0000003100)=[{&(0x7f00000020c0)="1a3255967d80c944abe84af25a98d20e5074b444768389d206a65f356a65ffe9c463bcedb460fc7b23c5b9f273300d818338f50107198fbb4064a73f0249b1a41367ce29d7f99569036467a63a45e014fea198d41739a4959d938155e79f546c530c48aba9a29c8ed8fffcefa67ee0f1c775026236ff2f693978d7ef44b9e687e9998889cb4dba3d860bc31bb35efb4eb6f946e91b0eb303272e86b03b06695025bdc9ad7cfdab444bd471f5d6c7f23daaa79707d458704a15fcc9d2db614ee4cd78704b21440dc6edd9c6c33fa2c3311e70aeee114b138f284e6e02d25be9872bdcec82145425dcec867579aa3ae1c3ccdcc244ac12bfba58699125426ea2cb284f8d0745834adfaca90dbd2fb77c0a1bf7e4b1d6f07ed1fc6e0269ba017a82953d269347397955c71b366bfab1ef55d916a44833fc522a581301e8f61b53fe3becf26bc19e2369589121c2f99dec7325d16acded77ae45269cd3cd074b1e8608696a21e89808f7022c82afa06cf91755d44dc58f241926bd5d2b7d64b809f5e2a1ebe0b3ae35e61174a2c7262646d9208599a3e764c8f7d191520ea3eb9375bbd1bea30a359e12dc4326689e55065b14e4eb84d31dead81b27ee50fa8436bdb024c31b94a8ad77c26bdcd3a6b957699c2e386ad26139748028e8fdbd138bbfd3f14fe961926a03e4105078a41b0315d166a3af49006b828c7d48b8f9204b800e4995a26ebf957a816c1d5f9e96915df11996075155dde9fd2a040b9bebb4ee4b4935abcad5fb87cd1cd75feec3650730699b17c3f6b83bea192f3b1b803883c10294e49fbb85c68ad3a81a338467626b3caafb1290d9d0d13414b7fecf5706a67a68e74db7bb592d718e2e65d95a6efabdaee1a5726a0f9d6262ed159f55be7a11c202258ca03dec764f9eae723a8d2ed7a3f3fa4269764bb8b3a410d7cb5940eeaf709c7ccdcc5b39378d548300911653a6d5dcaeca3ca65d990d07f3c259685d8f952770abc2d8181794cfdb75fd33b386f91ac412e6f0995b218d8c41400225b804b88d9ebf8043449c5cb86241b91adb6af7159691316ac18b7e0d6c28d39a1420adf444b757fd731e80eb5df627a5516afbde0aab764a3ef8c1ec7a5fd56264b74b5f1ccac3c3ee44ad5f1cd35efa3747f6de6524d53b1fa9bbd74a90e31decaf6be8d3a5c25f92d975fc44055f834741f75f76dd2f1bf9ea89d65090b1f843f07e5d708579dff1446f7bda73fd8a2c3fd7cc89b8c730db4930df5cf0ac2151f61a1ec7322bd4cd5c9e04f42fd41e59f5fe78b6f851ee5e46ba02707579204365921dacc2076c7bac42fc4bf12aaabc9de84bc1f4692f073fd8720909fb80748e6ee5a6cc68290c397a000a172eb6221fb94096681f03957c4dd8d0589e1e933aa850aa235a92608148d36561c69cc89f6980847051d252e787ef2d1d1377bee5a0962872d558d360e18569800cbf1fe73d97cd60df454d6ea3b6a90d1aebc1e513a956cc16531ee5b21855178e0ecc371985d49df3acc1ab58381ef0c4aee399d960e2493425b3c3c5bfed1cf787cc35b0d66b5f220a188cf9c17d524ef526b5018ddaf7494d7b97811a3342a948ff95455c476daf7eea8d2f236925bc3335f714d25356d49f90c90c95e68d59483814ecd259b24c5a0fe8ddd787b5316903f9b1833e40ccf90891cb2164dbb2241c55f56bed7df61c23797c9903f16c93920954a3a5ef66f85e6c1933e104c7aa621a01d8f5432eca1621d8cfbe8529f0b848ab597e83df6fa244ee8765ff3041128e7c11c7f6db0e377159132da650750d641b364de0aa885fa66b88814470b94d9a946ad2cecf6e66da53a3ded1de9c544657e95aa678f6da1c4a19b3dcc1a1e5dba9259046667275ab71f359583c461284c4b74454e137481e64bb7ad70a9f19dbaf6ff213b4f6b132d031e7c0b60ba77a2af48ec25c9628997857b7a4f89f6022940b38504288463d83fb7a08a40e004bf562270a319dc297ec4cf6c81ff47a2cd579f62991f4494ba15725caaa45f7a4fdbf781c11df3385e521dde73979abfa5928616e5cc5e491671bb116d4f5149bb265f0665de86193f4560d017b98d269d6dd5b6d1f41418e4c75238e2618a07c38c80b2017fb26b526cdfe93a383e5b7c06252cf713db65c465ffddf1f73a6a4ab28d3ce6257bb796da50558510c12f5b0dc2bb610b1c7381975917cc4e548bb803a373af7dba7e0da5eba0c8700bb0d87ee527aaa0e7227f51b7152fb55db8d2c5448ebd8c6f4bd7fd7541ff405e57c0549289627331fd00d92d88d4fc885b971d7e1c86c875792b739b2f47fd5f2e511f8556d08aa05cc4f2164d28fba8573cbead84ea4606df855d9130817714519d0c9ff1bb7f3491bd00a3cbb77028e538db7c32b4e45b80e0a8f731d51777ba77a691f9a262a6b2d4662742cdd602eac873320abbbd75c65ac9a5d5b5fd48b5af7fad39fe4477690b65e7bca34b18fe63c2a34300caf0a4d2433037dd65f2d8c4f927a577a27e4048dad8230fca77c973bffa31ec87acf827eab3baf043cc99c1099a6caeb86d03713719671ebe316679855cc92ae6f1de06cfb7a582726ff4994757d65050efd80b099e4e3fc40486767057131ea4d5261af5a1aa2940ee3589ff34a24f90f374dd1ac7ea495026a01b35329d21e87da8b598fd649479d63192443a6b036d261ab35960b9091d41c4ace6c9fcd64e2c74fe503fe267375952f995b303ec1190cdfebaf324f4f2af50ad1151ee0520011add64ae2465b90de3ec27fcb7722ff788940f24f2928f9f1a69c092c7b314fc3e384fe066dcc3e82c2b8bf8462340114e06127a302695f1f80bd1e05053da7df62dcad279bbfafdd65603353c62555faaca449fdaec3cd032b4cc7ae8c36aeacc9256b95bca9a7a1d6bf9d6dffe3ad0c379e2fc10fa519d77c0200ff03b34d19c48d20721209bd4cec45f4c2ebd3f0fe6a568f89a071c7a33812a09595612cc3234dae2c8866e2f809cab9d4e26fa1aa99c0ad3a3a163bb28e8173c2ad7bb589a5f2d604cfb1a7f71adede0a3a83e6bff401ea0c9b2f8f59e3535b7e9d8cdeb33c0aefa293904ce1a33820e649dbd60abc6b5756f97b4f02c284e2460905b5d78bb740ce275535a6fb53f9ab451472d01f3fafd8320fe04a4f15a44837ff799230c3f2e6cfff1bde039ff1763426371b1305e9d0962752b24dad900e28c3a1fa6aba742fbb73af79f04abc3abcf987c2af6d18689e9e4d026a1d235ea20bdd64053b17674e253f757e946b62d5b7a2dbf32b9997721cd8542909df4929d74012b9d2fc8a20e43073cf76d5a0e44b29ddcf2309eaa7c399a489167a24cf9ade3d229d5a0d5f009e54f3ca8cf70fbd463051d1d0df292fe37934086dd89d5c3e232845fb5c3e76dfd7c228273eae334cec9c178947f0b3c70f906faa70b8a9a1c62bef7b4333c12fd9ee58d1c184ac895f63d5eed39fd3d9b448a8a952d0972e38ba1785f9ea075ea8a1b5ce0740193d02a83835e56329bf36594e7dcbc9cceefe2aaf15f91fd072fa6e93bc557e0a6124c7c6ce8378a31b65ad6f3ebfda16ed870016030f440bbd814ba9ddcecf42cf81e519ecc47fe569ba4a05689c8cbc0a3499fa505fc32f7c8bc5eae89a81a18466a4f78b41904717e51287c1e794247a8560f1320664b19f9a0ce98d417d2aeb2073e076fef48003b130ee7bdbdd8b2a8cba7d4aa5a956a0fe04bc6a404924958ae26c9a08d02c03c9a1ba79192ebe690f55bc678d89d0d1b939d1756cbb4a6976c157060b02574e5bdac3272bf1fb4c117abd8a9b51aeffb35485329644a8a70b1dbb781cb4fb6567eb8eee6723b070adad1202763a81cce27e027d8cc17141c8f86751c00f26baed2914787b83f5a3e2f57e3d04960b20d9153858b84eb08ce2ff14bbb128ae2a554dca125ae15dbd9d2eb7696114c585be9ece56889bb121aaf2586cfc8a940e7f052ef0e7d385195b3826e81319b48c650e43b0aeb0ff8d2a7448d2826ea479cca16a32209afa33b42997de5b40ab261a8403fef50dcb408d8a4ac1c82eb663ed479cf8b6051f2456dbe8103172a4f9f3fbed2838d4644edaf9d3e5e843f7590a1b271a0c4c27899bc6fad3e92d0fa2825e0c1d4fd0d0995d3bef54daa96125fac3181a9e43fc5d2248bee227ef32cb1dd2af630c761bd91c3484a7315eea5289caceaa013123e6caa877c8d71c534f58327886fd2469e0c17f7df12ba51efb00ebecda1be90095690df4c49037eefe7d15515326afcfe23ffa7fc62db75d1ab149c0a91162f076b8d27a58ef73578818ae1f8c96066bbd21731d8a0835ed79ce674720261fc9e9dbc178515704e93cb035d43531011188c1946d0c4c3cd8ebe5b38c0f7a7b9ffdb7d98a41f153e19ee85f5dbfb12bfb1ffb7bf71a56ff5c11d38ac2c3d80cfb5341a48d5906d4eb38ae96256bc8f8d5a00a6fc7ad8f17db5e43f9648ab5f4df99e8d54933a918c0831ff404c29badd08d2d92513c633144f5b4091ff4b1734b56fa4f6df6b98b48fc31e4505a97c92f1dd102bebdd7a7f3e4fc0b4e8b4198a0a793997f295188ffe95745340ff326c6aec936427f9904201cf013ac92b4bc8e79367de60a7bfb77d834d160589665527657c11400c6e7854ad8403d7c4421fce15cfc841a17dcb7116f367c56edba0afb94734a960cead8be73a69c86af4676196a337593c58901d0f8d1e4d4e1986092e2421338607ebed666c5ad50b826a4f47d40d172a2575db2001e0c445d2b0882fdcc943b6aa07d37ecb272b8a10ee9994eb2e4592e1b851ab0a2e04b5e8a2da54599118ae49ae36a3edc870d3f4d1130d83158dbc644a3416d86aa133ab481090d31a7cca24d918d248926255c96e185b6c471ad7c0f575f79b80714027db4d8e0441136246fee3643cedd065fb6ee85f8b913f02f7ba1e7e0e933865fa6e77aa1677f686d49e109047f60405b1baf6174c4092bada9a6a27afd31fb628555ebb426d2c0b4dc20729b4cecff9c92c374be15a33bf0f9b2a21d88a349f260fa1915e1a4b579022f40dc3ee07d8710a1d4a30b3c21b35f3931f1ec2c9aaa18273798e825a039e38401bce4abffbde12ec99fd706a36f4f7c3bebb718d3008808e4eefc06ff2a00720ffbc0c71ea64ea1c054772483aec12895e50b3f08be0dcc0a0c6b3dec8e1c955381f7c2066a28730967bdeb698ecdd7939f1312b80f50d5d3c5463da4179f2f89f5f995258edab239e29772992083ec7aed8248d85058b5dd00aedfc7acd9202be93c7be021fdd0f57d6e9d170b0fa89dcd693aa5ff3457f9f5c067a2070bdae4e04473e87a3e3fcf50eb9a28802ecc01fe0842fcee2ca8ddf4c6006c5cf29e5bab9af1e36faddb503b211c8b4bfdd85256eca783c9cbb094777cd27be3e3ddafad6b13e4e193088eb3950af63e78eb8686104ed4a44ebe6a0ae68bd625d37c2a449d7ee15639915db57ff2a09cb0bbb9d31c3d42650f57858ab4d7cc8af49a547c28345df4fc6965e172171edbe212e2457716b5d8b04935349e0e316d87809c3c8292ee4f3426363e81ff03768fed8e2465cba49fcaba564b7bf54ce74da33d594d64cbdfb445531396b8e0fc755130a7013ef350965caf0577d3dd3a9dbad82d5f3beae639f1048fe4070ee331f3d0cdc987da6a4fa3168f8ef882b1ee7ae77a54777af311652f2a4d9b2de6ab4c476b8b58ae9dfc484d00f7b73c7611bbf18a252e9f92d0b15ea265737d7bb4511814b3aef3602386bc944c5741fb3a", 0x1000}, {&(0x7f00000030c0)="33f2063ab751a84e8a6d02f784cbbd98e0f1738ac80ea9f632fd783f2082f006e6", 0x21}], 0x2, &(0x7f0000003140)=[@dstopts_2292={{0x38, 0x29, 0x4, {0xa6, 0x4, [], [@jumbo={0xc2, 0x4, 0x33}, @calipso={0x7, 0x18, {0x3, 0x4, 0x84, 0x1ff, [0x6, 0x9]}}]}}}, @rthdrdstopts={{0x58, 0x29, 0x37, {0x87, 0x7, [], [@ra={0x5, 0x2, 0x1000}, @padn={0x1, 0x2, [0x0, 0x0]}, @calipso={0x7, 0x30, {0x2, 0xa, 0xff, 0x0, [0x401, 0xff, 0x14a, 0x909, 0x80000001]}}]}}}, @tclass={{0x14, 0x29, 0x43, 0x7}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x10001}}, @rthdr={{0x38, 0x29, 0x39, {0xff, 0x4, 0x2, 0x40, 0x0, [@rand_addr="c890d0f202de580bd47af7875088821a", @loopback]}}}, @tclass={{0x14, 0x29, 0x43, 0x5}}, @hopopts_2292={{0x1058, 0x29, 0x36, {0x2f, 0x207, [], [@hao={0xc9, 0x10, @loopback}, @pad1, @generic={0x20, 0x1000, "7391d7c0638ca874d3fd7ef748adb10d812d20569ce03b559094d0f13119032b32636251a3d700855bd9f23b91b14668b52c740dd169ab020cc96cb2ca985e94915b7da60c2180f948e240d59831a4f92e806f2a1e2822911859078e43fc6067a0138ba4550f7943ac42e6a685bdfb936daad3aba3ec4423f00453b9c67ec914517c66080c91a9ff6ffb9aec85e48fd4cc47e6950dd1fd0f064a747699d3223e1104bee9a2b464c6b012ca98dd531f0d051ea95936b804b829ce1561bd4d7aa5673772c5f351cac50724f9958c288b4f365b69081fff6f22765ab72e1ee9827f6ed046251806aada94346fbcbc35a387c9c6dfd4f3c5db675e57ec3a0f1cf8c12f48ee281f46dc437ef5007de5ff3ba2b850cb757a3bb907afbde4b8e94c3d9514901052496dae04dd6afe1f9548a99224b41451cc8b5155fdd5cc03a0c1db9404e3131f5a19d5375bbb6668fa1898554cced28f62fdaca627e7751086f7d40a6dacfc247c373cd5400cb92b15ff90acbee10ec5d87130ad36b37d9ef72d0c850070a1587661852515638f1cc76f74fb12cabc868afc98905119ebef9cb813a3e704c7b30b05f873a8e7b1209bdf57aa7eb8817b0bfab923e38ae7f31cf4ee4efdcce4e7f0ee96242a4f8c05763d9400cdf8587de8e272f1bba5ea731b7969fc10f8ec10c09188d840b3612d9bdd08e6a1a7b741b6c1797a401dba3d511662f6a52f62435d83bb4c88c3abd4d3436c125812295cad6d364b636337f3d49627659e39ef2ea81a20256fa8b597fce7bc0b66aabb89d8be363ed5cf6cdd78a11c2389ab049dd3e685dd6283a095e8cb384386b7b029549b5ad6e74143b69f25fd0ce7248e351b0a717fa3a5debebe380456378e029804b78dcd6910feeb44182bc30f2133b29cd9f78c8628ef0e4f3e96c2b2747d72c2216492ee81155ab4250405579071c8a80bf5e07291ee832041b24223562fe6db2d9611ccb076f41dfb46f7bd095dd68a843d6666c9306cb117875cf8d17787d4351186287d0952833f52e57d3401640f91e1e2ec55926f57aa4e3644f68dfae2bea18f23b429fa01bd1c1aea5f9059f51b882a8d0bb69890712467144f8998fc623be41b9e2468214de8d44acad71dad78323e6f5cf9c31b60e55dc107420f2e173d968026d7d3817f672bdbadcfd3908299cb73458c28121c28e6ea6980f863ae4ee4354ebeb0b2e08d678c74e0d06f30dfd9cce8bf29b6dac8b55cb2990870d512203d885dc80afcce18e648e04b06b2bc6a3768309433eeaa4f772472ff3dee2ef462532c90d02bd29aa6c594d88c9758bf4d55ea10724d7b51d3291fd3c554b11cc7e8a2757af54b1fee207aab1e1803d71e86db8bf4aea705d9cccf3648bb32741ae367289abe9d87cc992aeee95a5a27eab89ad1c1f73b64b039ba8b61a72132fbd7442e286b4e353a0ca999ffdb314976d4d5c4d959689bd26cda9b54af3e6bb475ffd38c7ebf2234f9377a8792866634a7a39ba5b54db6cda248bf00206aede45acf143d855cf655ae1803a0b6f07d49e15472b18a6508d292ef869509fdd9e92d82de3f7512ce154cacde7c1efad7a8e02291f31ff2e579b5d18e3da67b423d03db94bfdd4066ef4ce1422390fa81c9f3205aafc70735c2a1d2b80a3df0913aa446a835501134fb7cc245e5c3cc907802e9145b086e585157efe874e66e4001910b89356f596275615e3bde37d455c2a6a661ae7e4b83aef0b97f63abe56de81c7120a41f71b7260c7e6c0f3f48b99d09f1b66630814ffc490ced0f4dec49a800124ef7c6fd92f421016397568794c4ea5b6570daad718c6af285c796ecfdf9edc9f2c0205025a4304265209116a434e5e1b1ea13dbb7f3ac810baf9919afe43df927dbf79bcbeace075751e102574376c927bf8cbba1ece3a8fac14145133273dc5530cea4506862ece5a11d338be59fc6134f63dd271e9ee5a840b7021576cc4844dfdcf43cb051d37e0770e5eb9f36c7f7f4a53a016e315b0f5a61277aa8a1c7a2d916f2e2e29275623ba40863d7c7cc59c55e36fc9d7b7525f334a801de36b39cf4e86ffacd32275f1953bf3a29c0bac164fe25b5150f6acf10f05811de206eb15d7c9631cc8f3cbf3120161cd619b1a50e4e6fe9db990bbc5a3d34aa0dc99ac2e138cb271490229884680c3a9f9311849b7217d0bb14f4c7b749734f7c665fd55bbbfa9c920716109dcb6e0b84d478bea167252af174678a21520630879b0d7c6f879ba7501e9a6a660ac004677e0ebb1f165c4b04a55a68ff7314fd2f88a5f2920dc1f6ad967ca8d5f28abce80738b6ae986977bc43fe4095e088e800e47253920e85122055186d3ac71e36bd1968eef92d92c1dff811d39f715ec9456e4b047c519b90af8734fbc64adf715cfc14782c3f1fc575d2180a6c387ef1915aa50cced72c4b49495af144ee0c51e101c7a6bbe7cee9b09ec065059596fc3d0454799ea4651402f6518d5f0b722204fe7b1e7864b159d39e4747fc21b251c01dc2e6f520836a669ddff18026ceacadf6def5ca50911d7e0479967ef2a90dcbaa1c47f3f4d58d321a4fd2fe8b9e36f522c70e53a63fa88d4b8679bc83395628f6f51cde121e4c3670e076ca6a0ca33a795273adf1d697f15c0baab8535468047acc06821ca9506c0508f1bf8607d8e78aee15cc407f4e609f1c443fc2f083aab2faf8d7ffbe0ea8ffa91fd2ab85bccde1955d666dc679bea261c80653770274b64143e595f87d8fe65063b5a1c9a1400f960a9137f288735882f53d0b5d11e439524447d090882862b7ba27a0c46391576df46facfe4aea2ef19aa94704821d2945a683af237e3b841dc7d5ea80353305fb491fd9a6d3455d06abee87851ac3cba055346b4794eb480083eb048589188d7687442c1c21e6dbc3d3262827ade26093d2de3a4b5e4fa66392e93e2dd2ce866c804518aaea9c9ce960c3569d7c5764d3258aead80b37c90ab799d3a00f6fd99b036b4dfcfae6422d3bb4fe14196cd43b33ac7818eb2813f59013c58df3fc16fe687899ec656561cdbf3b33d6843f476049d1c6dd115576b0ba0fadcd745822709b60fc2ab0820f8acb72d8dc0d58db5d05e502141697580dc7d3c757df808372605a41e1fc22ea4f4fd6ca9ff82ae6012918522d9f1ff00158e8c8c846191cef01ddb0484dcb26a34d9baf88c44803aa0003f4be1fa0039c2c62c77ec19c85173fd3167002774c57bc3833b4c6a47f0a789aba6a565b7a59ccf6cdf8e217d744cc945431bd6604536dbc69f617e3be9a455e7177656b40cc07c1327908aeaa074ebaad23fcfd0f0b68287f3b6bd723000b25aa2dade1ed2a496b3578a17bd2824c893c43acaa7f1107d94c24612d31c09123efb76298c534ad6282aac1104aca06833d9697f0a1a97383bcd2589e185df25d4e271f7fb534cb4bd969cca70755b3ef116f6a5cdbef6d3d4803f56a4d3f4eae7e496121638554357e7b1786aa4e0bf7bb990573a303c51b27305c594d89f47c03924d022bdb0ed6dea3878318fbce6a97a18d3f3b34401ad84b72f81315c6019bbff04d754675f8206c56a6de61116ec96e7cc101cca27fd9c9f278ddc9fdd4cb9300e9c7b00d5e01d4f4d63a8a9baf8c43ddafdd7096d854dfdd1b6a1c8b9d25dc591f1ebe7a0d80cc876f51b309f15dbb62945cdb764ec6b49732f3508afede2b5e801ad6e053a8b56f70d36c1fe4cc7e730ae89919d0f1503c6d1b27b7b8d1d02ef5ab02fc0c5fd53defa3b804be3f109d3e5b985ad5892f8d22a31da940ce9ce53d533492b2b08fa1df0a99a20b0839c3bb6815f722e856c1317b2ce09dc81da73467938940de5873ce0650ab9bab792fa34e9e3a534a97e8ebc2ddfa830fa7c1196834168aa81a2c7257b5028e6969f8afcfeb1641ac62e2cfe361cd9547a8f604f0f544ede84da49568af75c32b4c42ffd740b84ed52dc43104e4461383e006d5cfc99f69d7b84976ea3d233fb6c8b6ea381786d7fefaffdad764a2eedd2c62ceb035585ea19af8f90b6cf93ce573a780c36b5a2a9644158b1a52b7feaf7d5c6630893d3dcd88501d4a3324a06fe0a2abd8d60f13086f59ee7a4b06da4f23daed63b58fe7c8d36813b2e8bc0be98f37324818bf650276b9fc89e8177536a57bde0a635a8c4f92de3729f2d85663ca99f548bc5c12ed1b66c4df15bf4d38b51ab1e5b1812c9b8ad293b3c7b61ce174c726456e6cd5653f85a48e98749a530d11f4d7fb01bcfe0ba733b6c8613819a79763c2dcb7d35d01b844cf4a1350b588e9ade39b36f0ab7909e9249651df05b105d2f45e338df1deb7f1d5b65ef40c8c6da5842c7636caecb46e800fdb01ad8954a9d994e4c69933119700dfba27d204cae2c646ed657a867d17d6a6ce398f6b6c9d03f05031aa13920c0fd26d94fcd5c01dc638647a97edeaf3ec2cc0806c2b3f5e32d3091607bf002de64708f0346fca6a5be53511e8fc45947816fb931d2cd2b75efa8de3c6a5eed22f3e86e2e743af55f1c3263f3289e50baf92d975319839d8b981b22040e6c5d288b3f0b681c24bb3cc291005c75c8c3931fffa8cccabbf034bfe82727cd7f7eeba6b8087ed0f697229417accaba32e285d9356b4abf04b6d8d31d08aec8b2e4b515f0930d5ffe4eb97548e6863fee0c3de72551b89794352c2dabd1f476caa8415053419fcace56c657d9f11e564acbe428052096d3c30bb44be80c0ceb2d8764c7b92eba96ea2bcdeef1e8de1c5a6694c026d2391cab39acddd889ac75d556079a43b15e2856f5d9247de387e4fa9fbbc849599e03ed4985d7e8639a85b1feed7323f446073010e28d13ce0cf5136eb6b0a87beb9ea5a0281e2bd340be7d71cf91b04d8c07ffb83edb6592f7dbe9ff93f297b6c558fc372c04beebc834715005d669188f28dfe6961f6be7fa891040f05ac546097246e238adb3c1874214b078538d949afa69923b8dae54a45e4ebaad777766a172442b18be8a77c42649fb81175098c5926cf56d1e7be201dcbc3573d29b56dfb6ef42da7f4677c83c9c3bfd89ec08ed0a42b2904430659a919ff5e4ccb21158ec4d32adad25304506b093b56b71ba5167f3008b6457b7ecc75e68f3fadb3ac9241d2649995c37c8e9a0a76b35f5223ac7a77963504ce3414d1477af7ca8340c7e75763bbc5d4cf1736417eb21a78a2264ee459c5d3b550265cca9ffdb234edcdb51cdaa20c97d614e1e836ca253159c283cd20496f4738ba89ffaec3c75593432c1cfe733ee8044210cbaecbadbd774216ac8aaa25c685aa6e3a012c1ee7feb431eb303c6a0dc63fa9bfea570d9d88cf618eca09c0ed2514b9b6c41d80ccf676825ef71e46beacf034b71be85d595eadc6793375b128da06286f4f4aebea3b2492ff88d78307ff06e39d4b0b2edf372f4622c057b7f92ed90f03f5bed32a8c398fa7762886b68331a108bac9cd530e25f736fd6c549effa87f9466cfac6bc69662ecbd3a87d0680afac037ee48dd88ab772c69b928fd267a6e5de9e9087adc9df0cc3a71f32315a0be565d7f2ce480ecac54bde15ad7ba33c3f484fe0423e6de5709291845938303ffd3161a909ddd5c7072facac19a789cbb4a35383849c323751d9afdd1090f950fe97853fedd3819b389af4651776753ec0b873261469eb516ae0a08315f6ee0c95d12336c624871b6401301794bdd1775942af5decb56732a6310acc6f4f90cecd6afdf21598c7671054bae77753b6b902ef74463c9afee71383a7f636eac221b28cdb6dc74dcc923fc"}, @generic={0x5, 0xb, "f2a2f85f8e775c9e6aad9c"}, @ra, @hao={0xc9, 0x10, @ipv4={[], [], @multicast2}}]}}}, @tclass={{0x14, 0x29, 0x43, 0xa11e}}], 0x1180}}, {{&(0x7f00000042c0)={0xa, 0x4e22, 0x0, @remote, 0x1f}, 0x1c, &(0x7f00000043c0)=[{&(0x7f0000004300)="bea5f8a7ee33cd51fe61a4b5d9f79fa5d45e20a481f03e2e3687a9964b80c919d17e784ccc2fa01ca328a0427244c0d72e8f355f27253cff4b3b19aa3a650f5fbf6f94c460f8e98e12c3ce3d2f1f2ed40b908e3d2813a731fd948b5cf53d9b0c539ecb051de0dd89e143d73fa420711645751a218e9e946abda1ab046ded9a7073debd8286cbaa685bc4685930fd8e90e22099505fbeffac5f5027388eda404aac7ff4ffae820c9b997635b59db992707989977cb84b363e", 0xb8}], 0x1, &(0x7f0000004400)=[@flowinfo={{0x14, 0x29, 0xb, 0x6b}}, @rthdr={{0xa8, 0x29, 0x39, {0x32, 0x12, 0x2, 0x0, 0x0, [@initdev={0xfe, 0x88, [], 0x0, 0x0}, @dev={0xfe, 0x80, [], 0x11}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @mcast2, @mcast2, @mcast2, @mcast2, @dev={0xfe, 0x80, [], 0x3a}, @initdev={0xfe, 0x88, [], 0x1, 0x0}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x20}}, @hopopts={{0x20, 0x29, 0x36, {0x32, 0x0, [], [@pad1, @pad1]}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x6}}], 0x110}}, {{&(0x7f0000004540)={0xa, 0x4e23, 0x9, @mcast1, 0x7}, 0x1c, &(0x7f0000005840)=[{&(0x7f0000004580)="5be6707caf67697bbd43832d3407a6b9a3cff7a7e0409d52cd994640fcce5ab9217d5ba157e8a74b988e348db5b89770901b060f67fae5", 0x37}, {&(0x7f00000045c0)}, {&(0x7f0000004600)="a6dc373a080d28572b50742ef89f4cd55451921869c1c591e2c4f6c388b9724085859ec182eb6245b5a06f895ba4bb12ec1a0834e49899ea5c03f8db487e890395be6c84ee98536dce504342b6cb00fecfa457bd715ceaa1902274a50314bfb4c9e1776f50c14ee64bdf4ec956b2166a74b8ed7aeb297cec5c883cfb153a6283c6d1feb5c8556386040462dc7a491c4a25525f177c97063b8d5669e61b81e1ba0ff332a04d5e04a3de81544c6d27445d88b9c47411bcbab838848ac7fd905bc6a0a2a87d6186268c69a48e8890502930649ab9168d26a7e7e2cf133da357540e98", 0xe1}, {&(0x7f0000004700)="7fa8306ccca655107292ed2e309cacb78222117a4e884c20f6afd80fa5f7c6a618c49d5ae7c3ffdb53f5928e1146f9da62a94f9a9bec28a2bd2dff74fa9151dd54836bfff7f223b5331d7dd2396f14b18551289265e4757b19e9e2e325944c06c970f48e28f7104b791484a7e472474dc8c5d7f78d3f6788b8d1ec8e9d640e145f1d60588e2b93e783c197457f7449d233b81a7fe3d97031eaef02762874644dca12610ac69dd2e97b093a1106d26c982cfd0b00409774dc6611c6d5965c9159bb7f72120027514c466169f9d56c10868ceb382db293d58d18fb8487b6d8af0e24a6a5189024ecfe3587493fefa68bdc875b14b9e9fa6f602f9f0beb6184d3ed531ac58c188e6b31b0b1452c176ce660ef46bd8ec5b894e6521f8a9c0002b509e4c4fef79a69e948ab4fff56a09a2bb4b0cafb6e350f02413388f110fc49a2df4adf59b70416a96c25eb62061bb43521d5fb63ac9c4abfbdfc731a4c2cf391910c26a81139b17c04afa79e9b7b9525670dd9d7ef7432cd8d913bf62a831cac505bf01c0348016e5f2805a641e0307d78d624af421c84ef1ca1f5021dcb1e35ccbe95fed0205362cbd6a502ef9131a949e563fcbe0ebe781b67040dcfcf72565a307f6bd95083da2ba767109579ee1a03b5a620033574cc5561051632da4ddc6148dad1840d015c2c402f65f83fa4529a37a19302a0cc1f0138980a0f10ed5c5332ebe219be4bd7eaa94cea313dc09c4f855a5552e3817586b2916c5520490d33bff4e99b0f1a05020e977c1355c476c7c69e7c377b2430e6d807169ff948188d3ad6566412c39893925db956abb5603006f2c63b8617534cc37af9fa56f913b5c906683053f25b3250eaa24ae9d8ab13b31ea1f79985d173b388b64492413c3d2caa34bfb2730e218324ca07717df60ffaaa8ab8ef71a32b8c2779a1d3320ed2fb4224a6343f3a22391ec73c8cdfcfba1de72864b495ce7cb5b8882783dd3772b9daf225b61e09f22febacf24116c01e200777f819b80c92fc93f5adfa8802792016feae2fc85c5017f94b95a624200f1a6259b55d7d32461b43a68e6da4f11dad99ab599f73b59b0b73a910e17d8688513deb22b133273efb6f21818dcf1a57cef76d557a35cebbe81c8b41c231d0991ef8229b2ee5a81dfe921e33eb04d39a6d6bb70c5b6823666d2247054584259fe84f903f5f8224c7339e481ada7ea2b34acc7edecaf24804fe09a611673c5a03fb86942ee8e7d9ad51da86a24c9ee18fd7b2153c6082ce7dc3b2df57debdf6ec07271869cfb5b442a97534c650145c40ee53618fcf98ddc917ef2e94550853e3cd5eeec1f1f4fd3695536bf42f1d71dbe1c5f86115319a7e23535304bda845444b91c9665783ac9b2e25162f0eed671b0f3d0ac0f987173497a2d4d6de7700d89ecf581a331ee4fd451a1616b3dcf1dea519337908c04909ec1d3237bf16eed681a957ba18188e1d9f1942788338d7b708bc173ca58b5ecfa50c059a6fa7d2d0feeffba2ca478b30c1fe4e668f9e931874ef7c2f9c8b11e84d638b5ed73e9f0b3b016e57d97a6a5cff783157f3a1d8578bca694e8b376ccd131ecf86db76ce270e9f1f625f3f78fb966b5ec75a746f19f8e522a448eeeae744ceeddb67c365a72d54e991619169a784d951d89ff64b30c35e8b2a2d6748479f63cbe07bb0446332b48fe8a622e5a14310ea848e69be1de9368e42b44c264d21379e54ccda3125fa82bc92e7e6a54d06da98e645f9e671ef7f507bd966a430bff82d87ad04fd61c699f5fa319db3a45b1143a709ec49fc1bc2768d5a6d401e1c0d56a2f683960ec5cd7de80fd73cfec17545b615f788a7b074cf0dd8210bbe094c0b848f4457f8be80b530f4b11e5a629bba00237221f2e6fc9d2a6b2697a2290c94f58aafaead7bcea5daaccfd22d2bf3f1f802c95b4ca4e75a0dcb8f1575cfa88913d57929299477ed1a81b275683d35a05d55f6ce9d1f7bf599972efa611721ad21f82b0d8e111a815089f00ce8796202d9e03a5dd313e46144f984f7d6cacbde975dc4963380539debad512f7ce5e87ea65e1e648f2fb19359daef26e4aaea2151c0e86cb9a47e65772a8df97827a7daebf3ae6a09d710bf1d14b6636800e63177a43be6ee9807e91f308ea94ea5f4be7e9b0945ebb42729c4920f66ca938aa599b05ccf175a0a83678257a4d571880186c0675e77d4be2f921aaa5660521579025f5a3cd4397ada269185bd39e41f7c1a71f7606635c940aeb80ce6b5fc37729878244bbfc23f17d1485024ddbd3f2248d27b8d54c6ae48ad9af5d8be4b5e2ab10ef09fddf6fca1722659acb58f11210c4bad3032e6acb393a6df821a7443cf100528c7cc8c1b1ebfe1225ebc5f66873cbf8b44817e8e491ddb9bd9594c05c0d9177f4599d4813c3abf63e0f64efb23d138351c21fee9a22822191f429ab56e591d2c45732e4e14f39853ebbd4f08b17cc53001649ec622ad6514753d47158341ae5855975dc1a120ae7d5de84152bed16eef6caa4c2332178779d648b271d43a2fe06c78a04310cfe778b0aadb7d0e34026e79b94ee84c37b4a9a4c50d0fdccd61f28d59fa91501779bff75c3aeafcbffb46cb2b548af5b48d36b57c3211a7291f6e5826ff2bc4724c6cb041c640df7b84c220668239cd713e896e41ea13e218cb688a532244975885d7f49a3391153fa897985051c50a7a943118b5019b95b151a2a5efb29bdca845c43ae4b62e44f382271badc92a4589e678c587c8f45c12eb6d38bf4f2368f6edadc9054d3efdc3a273ccea812f8f07cad5d9af9fd70ff84a625fb198ec0423db97815d773a13c450ecc965ef24e7ab2193b403defd29a9a8d2bf137f1f16ac9e72fdeea049ee637b0c2c697cbf069ba4a65427b31fe91b960423ecfde90fdf69b6f6bc3130183258936f9c2a339deabf0e5d5a94fdcecf1c6f281d37b46076c5ad21cc6de7facf7bcbfb6569b9ae64cddd27f8426b62a0fae23463333eaa264336855b70f18f4332655a0d4e28f05781b33744cb6cd98fd754da7a7005a14fc9e35fdfc9eb9aa3802ae05e1151d6b102db3746b0ac93759ae46bd1ca2cec9cff516bfcd57db507a8b109dab9f34a95b42b7a361c28c7bc17cee6ddede0fb8ed90b5582c7eb3c2e8e79c2ff6e98d103ecc66b156478ef0cb44250c2e722a2b561768b68c1c1e45ba57b94465d4c7fab035db2f6a1474a19ed17b856800de3c9ce804f146a6639e934ec543da1c93df24777cc4af4612306e3c0a501eab9fac5fe849da223d7f12250b22621d6a01231f988f99071a08a355f9e079eea3e26353eabcbad63457a94ff1ed4c7e45961c68b3aeb69e2f028a828d16359260bd95ce22bc5694a013dd08f678c8087655531a01a7f37cc452bbe239fddfa505ef8d7cf315d12c1daa1dcfe510d2963bd3d55f86ea96cefa6b8fc950d83dbf061684f70fa387131ac6b8fbb6510c05cc0e07ad2b5ce9e0e7ca6d57601d708067d659701656d4176fba34b7e38346817ba523a17474d4096a903079718cde44305f056dae0609fa679b798a34c93a188f19d37e77a2c8c03577235fd4a6a47e139f5c4703d426824e53bcd4008c58280c697ca4193081708c67925576daba46009bf2ba0117c1988f125c679afab27317ac1c49bd8343c7a33d03c85b063bf0ddac3eec87ae671cb8565da212903f6c2d2ea48c9f2aeaaaa8dee2266bf3254e7fa05ff3888298cb3d054a4b4553ae0192ca67e0237537989341cd3d4b2548a6a9645bee796d6b167e4778452933b082dee49b8e62c8cf10f90a9be4c266f45ddc43303031a3a1654e97634c89172ed959ec6362c98f27bdd934c6671efc843fe06e724b158103f8f9dc0d93ad00e2531f6d4e74a38a939ae508a7ba058b2a56eb8091b1d7727172b314c84327877de361ab6f2321226114b39ee527d0f1e5dcd748e9d895376010ab95e1be70625233a2ccfaaefea745e91eca2539b27e6b2627b5470d69715cf0244f5079e196d1a3c310dacf10b26e09178fdd908c9729249d32f223b2640f5fd5f8e75b719f6c00c8d85c74c7b7088b9169e52f2da7f8303a69bb8c818071810e376230ebbfcd31d24ec4d7605d31deed6d737655a56259913f2a5039fda76507a566d85fbd42a2a7cc73e47e0274851f21ad7225931254754238764b1d9ef378924a9dc20ed539f3e8abe3eef841d067d929e062ceb99f96efba961f2023d7c1a63dccdfd6f50a95437873e308fdd84bb5ce47918cb5f842acea319a84b6b134f2c88cdae821662ac0e028ac6e316bde42de292b65368409e6a27ec6a8458bdb6c8aab78dcf7a1eaeee605257f1847eb18ed51dbe0f2ca09fc3d10f5c2ceb593538208bd090fd6cb5b56cb823d7ac79064c8d206bfdb1202c88e88c52aacd594911a1269c6bfb84e70a179c67b3444c70958cc02160d8fa0151f5048ee4956df4e3df5ab75cff499a70dd4cd0300fdf8a09ce91ba605ddddd508c5ef31e5c0f139c50e71081879f5ad78d7e37dc54aa21b6db1ee9bbe205ee6b90b92e52f2cdb6cc3c002550f3f8319cec7a125b847c26ac8b680f75d44ea43ec347677b37ee5b2147f4410c04c69fedfee0b46b8b7199ee388f2288d9e7ef131e1e14e2f7c2fc3faf77b420f94dcde3b4d0a5995bfbbc0d79af3df35fda96af111dc5dd38003418f67304a3e80607d497c0dee562eb0a1d3a9980d1ce8105d29fb9639781223e8bc8a52be4412375870e0ab995db3be4b1d8793d76feb676d1d3e3e03b03ddc68b7f05984a33cbd71fbafab363f606489b8fb045f9396f1284936a1369bdfdab8c7c93e6459b04caac41e078ed75810f477f064169bf7a9e0b467561a03354d591a8e7ffd59c8eea89419885d3afd50deca51a5aa2cb5bcf7c12b3be2ddab438976ef514aac76f8bb5b70b29b60b086c09be1680a9539993ea6405812b6c67f349ba4764e292f93bf2b5c81a856a0dc59386a24a66a517b845f09eba2bbc06c8077334634cb256ae2e5bff455c33eaddd36109a8da674d71554766aa94d1e52066ea9a9c90929e6554ed01a1e2e4b592d21f225e9e9c5702b13689c21c627c4ee6eb3809d07b23b88d11d049401b3c7e2304e0708b696cf119a0b65524a92a686d7e86fb54d9aac5785b9ac7f6f9e70aa81d3559008bd236fe0b247e0b21adcff2521d80bf18e75e73d6eb5c98e76f8b80a93aa213e63ac89bbc9d0d6446abba30d250963fd575300bc46a4d0d193aa162b214e5b0f5c917d2169443522df9e6ae1241865526b265e7197966037a4b49c4578f56eca4c9c081ba46efbf24ffec4c6375737ff3ee0a71363535910bf671c1db75a7c1c06f49c851a8e677947daa167b9623d206ffee46c3287a0fd5ddbda4255def4552a1c13fe78951372aeab619d487599cd299ea5ecf5ac12e11f791accefa0f70df37dc289c557dd8d03fd7dac6602e62643c450092eaf54e8efb6b87750dc0e2b76a36d7ab26b34003187c2e9ab8016ad93650a6e94550b1206538e11cbb795b2f6f5ad795207700f62dff011b22d8420793a7cdbeea0ae0f72bca0a8cd3ee4e411dbafe2c3982ddba26fa5426d51fe4365bc1d6a57533e89f2b5c92aa10c695f54b4603efa4a550ebdfc520674a5e197ccce9d1cdcaf73a597694765f583bbfc53937f9512de3240026d7c5573ed4f1f16e7502613333654134476c52a5df32fa91fa51e698d569e5e08819a9da4a4450aaf88a61d77c964ca26a4f30d539ef2ed67c01fa825655c30d752b9a3a07b7b5", 0x1000}, {&(0x7f0000005700)="4a11405d4097f3752f5430ad3666834e6350862e9605404cf333dca1691a2a92f1b7dae7e695d25d7c11c7d37a1d82369f4c15b1545703dfbbd95a7339669891d7f083e62be0ebde37439369b74a8b980c94da219641cb237bb84c0cf994c448d837025bb689001e237ac0759a0944de5681076c5d4511b542", 0x79}, {&(0x7f0000005780)="72f9abcccf757a9e1a3949fe35976188512774628cfb9adc130898da19a665a040bac4a19eb79a9e37f588e255c14aeaecb3caf4f54cd618e72968e793df1853a624ac0ee4aec5cb948ca68100fa52ba2cb909319f6f977a10fb651abce9e4b4a72b9dbebc33a6efa3", 0x69}, {&(0x7f0000005800)="2d8f8b3f0e677d0f1fa42aa99033507d91b62b60a293bd967b6086d1a00dd1cdbbf126ab80765e10bf3ad0645c2de357eba3d4239b41d7ba8499", 0x3a}], 0x7}}, {{0x0, 0x0, &(0x7f0000006e80)=[{&(0x7f00000058c0)="9af59c10b2e27b3ad82e6f6591ab4df4a0e4cdd26963465f195ceb8f12fc293caa1fac14faa5801b2927aed1e1fac06590e06602a1a85bf3cec2ec1828ed9a1d8b292b43d5bd609e5510d29a8d63c67f51dd25b2df0ad6c84bcf9568c8cc87c302775cd4a8d056f282b67eb69667e4b736013abfa2ce5ea8ddacbb424ceab4969301940f9b9159c215b791cc37f6a3042e03517d948089df002ccd43b133f4bb812e59716123d847678b80f28fe0cd571fdf8816ee90afa7d35737a56c8d0f2a83", 0xc1}, {&(0x7f00000059c0)}, {&(0x7f0000005a00)="62628391cf68a7aa858ca9080bf7384ad916de841f25a9afd5cc75f199d98d0fc35e8586f778d2290b8fe2171af678c043f2a01199a49936fccad5ceb59592bd525a02c772ad2170f70bdf4547093d4353b66e7a12cfe0dc232e8f12a34f6a5dc9b56f20f8043d96634361d4896a74f0915c866845c4572915963d16cc86f00cac7afc59f15975e0cdfa2c93", 0x8c}, {&(0x7f0000005ac0)="af17783df7686ceae0d8462557423415a923defd23ec6ba888601d76b1c26c3aa8467569e15fa2759f274a9fb8854b3adaf283fe43fc0e70666de29ffa29d4e36a91c5706d1acc561a1ec5a49d5ac272d70ae66c8a135567758a5feba0521c2df24ec205a6b93c8d", 0x68}, {&(0x7f0000005b40)="a830b08a501daa42b06b3f3e47a7b58f23bf94c490cd43fd00bb87574bfd6bcf7796bbd6ec2e96af2fc5ad880c3c8fed1f1c1546e772bd89291a139efad2235e4a0fd12428182fdb6cb00cfebe5620e07f7df952544ef1f849a54fb5e84e00824bedadc4195ce87d60ffae624c71924e8e32a661e5e5be4f870f2dcad1f88789efe14ae77b332a61c0e395281b43cde9bad957a34075a58e0c2161b875367bc2973d4528e9a28746e8a28813badf80bd14f8c0a67a74c380", 0xb8}, {&(0x7f0000005c00)="e894e4327fca8aac68ed56d16e233ac35963db2f08b0a25a2da62ea8b56f176ceaa88ef1970ee3d0e73481bfa1970bfa7e92d56cfb", 0x35}, {&(0x7f0000005c40)="65993b23d97bd553e0dd2a7802bcbf4923721f750541bc3c2120454c65f367d37ee8f8fa57fdf2b729f3de3ab724335b261e52e2fb8fccf27efb502c6e21f42b3b60cb2fc37c7377e17dc8bebd46917e391f2fd948091ca9f46c51f202e660fd61d3cfeb8612121d9a0de9d99fba7f6c28dfb7b07489180ef7606ddaa98b57e5e60ff273c7017f245812223e0840280b3470a94344d67f88fff4dd886aa10ad8c3a8bf25cb735a872f5f180ea3b8706fea6192cfa8567fcf82286c425b08de47836c3c59f6c1fa7169efdd0d10cfb7472a04432a32a0c292737ff828935453f520597eb257d669ff1b8378716c1e7d284b3a53a8a50e6170e1ca76881d2a545138964cfafd990078e55e6b1b91522d8b920ebc1921fd6840fb683d48eeb37f2c84cbb995dfe6a05eb2c04890ec1e78b20d59db7cf99afa01278f60c0d9b24e073e90af175368a99949981915d10c7cb79d136bb19b4e8fc9df560728a95e98adab2c6df2dfeec358370ad00a9b3397eb4e7e7e129bf151506542c378fd5f4f43fcf522b5b12f116f5af5cc3d5140462ed114a6a1a38dae083195a20f5e25556ef3a62d326d5ee91e82d2173bd37a732e00dbd79a927b805845857ff98d21b1c3c339528b184ea535b7d029ef8e49b5a360e054bab9f56f5dbeda822c9b4276192c10c293b241cd8d646c078217759f3b705384e0733a6c911b5e50612c46762168c0e0e1b5c76f19e6184639205b707d3bdb1d92e39f211332c4df282f8913d30607d13ce3ae3351d5e09abd12795fe719da9c27b91aaaf9c18df050418e79a5593c0190eb1007e4aab580f7cfbd82353cc05051af5e63282b1e0414002789e150d836442d70a16fa60acf09e469a7bc20cba172339b2be5787c5636fd020615d34779d5108ea97b43437c7a9d31ba75614fd81e447e228f6baa213b5e466b828e9c43691e16048f85f9536055efa38f8e237f763c8908dd8ad4c51a223477d502d0c75eaca5991b652e5f1fb30d8ddaa27beac715315d9c9625abd37ae52e9bb352541bbb3919c770e0198b6cc44eaa89d654076931cacd8142f47223224d62e430794f53cdc19bf0336df3199cb56182fb8f88383596f242525ba241ffa2f3e977341453de118a0310d2eff8e7d03dd74a3203dda641a6d1cd082e11666e7f41978df4fe2219c57c39fe5d6fbeb6c4e0ace5a79f4c80e8af203e9e22240ebbcc89bb4deaafd64987973a95672db31cef0df2574295b19dd7e352bebc63962b87d9618159d3f9dda6c00c425475b5146eaec372700a8fd00ba404562ceb39f90610672b86ee176b2784c0f247dafe0995f94edfb7addfe4e68d21fdbeee9d4fbbfb155f6400e13fe75bde604db91fc65381e26250fef5fe5d29a75d7e035089d0c5309bf726a0b7916262fc13c013ffb059f4f7a96a414a5c13f077b0c2324151b609c16652504ca0997ec8ec97514e3dbbca0bcad3250720702cfa14cb5f789ad586a7d7dd6a4ec26b42e9ebf7a203d43e32ee09c33cd065863c6e326f00fd4d9adde545ab34a512d84f20a4b0a2dfd3c578002f6ab43424cd9b2ba3e5df1f84c08e9a6e0f666601f6595efa92a14a96ea1c9fed0bc3090e67c06a1f7a01b924c14ad60675e7877d72a065371c4baf0624011b9b03cdbb6a96104dd0cd1b0f51703fae8277ef39868b9cd313af2176ba5762178aea16438a2c99c11ad1bc4fe2cc3e7b50591d86eeb696056666aabe1b5c6e48fa90e65abc3e91db6354cff30dcd56f3f1f9793941d9a4458e3879b2d9a9e3741a19b50b62b39dc1437e43a29cf4c3120eadfac744b07346675451c164d02c454b6e30da2066b3a0fc636c531e041976b064ef8b36808fe007a1a602f4849c9cd8347a00746d3ebccf19925656295aed27238badb17e11a832801a8ad3a1a146170f79b5e7074a7342f212860f4c14cbcef105a56791c0b5c75846621b1349c6cf0501a9b95c989b5d9d858bc1cbfe707dff95c719e056b952efb8d90356c5287d471bb85485a1b2cba59c8c479319ff3db4c849f569f37f0c8792fbbc3617dffb03609e5ac42abef7226bedff75a44cc661339edbc4c200efceedab5cd423801102f7f56940745369fd9132977cddc81cf46e8c1bc980e65119693ea2d03fc6fd81ca84de452fd131c7327fc340d46a633285dd9022a6e49b4288d89cead47bc0ee91e15466ad313404a30cbc7a3091462dae1835ffc7015a1b29c0d401676975a6624cb5dddd0de4582b76c7242094c279ec0c62d66a527de31943b04a210357696ee8c0a1f6c26a65c16b40dc630899675c1a4f65d0360a93405041d958df9ff3f82515948bd58027d1e138a2bb20a43a53c414fb46839200a05acaf4b90733bad0fb4d564e882853ed0573e03b0ad3b1ec2e91a4a645626e856f51bf944869f2e8ec1691949665eca716bc4bd085ee626a6194b4222450996c02d81b1492588a6b41059b2fe17bf087116da7ab2af6f88974680aa5ab70b4ad9857989779cbe9b0d9232b1751b46c28baafe17fc13eedbb50107b194380523eecd625575f547a760f0a29e3c1b557916aa5db6524d5dd747f97eb6c1497dfc2bf692bc32a212d876a56c7db2a562a0f378d2bf45963eee0a42559236b465d0a041fab993bad78854ebf0097aed1c085b538735d2fb15230b29833e85d16bc26263c6d22af76c9427d800206cc9a77e75e555b5009438e7f2ea6a57593762729c566d53e94551f3bc83153b8169d2556f68424e1e12abe6781795eff810843ddc1a71527521a4c66d436db18e83775f594bc658b62396e97507dd7465cefac4ec2290612a08bf00b23be2d507fc1d6252ecdd68b9292ee5284215c5581d133ca8b6832cf287111b1defa09bd71510c40f42b7097d52d9433a54217ab23d84668e5f0c6c17bc59e8c15143b3a1166eb403d617b711ec0871851d4cc2ad28fa303ed3ec85b7627ccd3dec00b3fd51129125a3b47f3df1e90b9a333d6ad2c44bf69b107ccf2f2da2d73bfea552a543378ddcd45f415fc6d3256167166e533f05999229f0cee1d1e4333841846641c62bac8e3a16cfe69dd25e1787c470460e8c437bc60bcc5c6b0a5db340c83b259eca29ef1ea8669010d412b9e9f9ca635f9b6690641a528394a98a727236f206ae6caae1e9e0b1dc0ba7767b53a0612227c78c6376e14442b563194ade509acc783c08d8665e526b6dadeb4201f04b0e37f6231ef2287debf4c63e99fdb70e57dd4be393e6ca33da2d95e404282a14e1fe0d67c92b4c0b801c716814a36d7ae110f805c2430c04cafdd2fff20ca375f8babd2ee1859760ecaa92bc91eed03ada5c317b47095eaf2526fb0413be966b6af8abfc169f3d3c0bfc9cf69ddce4a2761996c791892878e30df967d833b0399aba67165b4f29c546a76e342603f54279b8b81c33efd0531c3fa92c3ca70845bfcfc2579310f64962096658f383f58725a8bf7fbc4e8541628b4904a018d2feff9b6f6a7be9c84c2167a9390eb9e374a77f67f6ba17a9ed5da8b7a4b405a0bcd37260df1ea8bc1ba948afcf4e7b840d2ac9a64d71b92bf1d88bad6603a525a9d23eead86f45ba3797cd515a7e673d71a4d08d658b5140469097eb3e562fedaf1eec0b180e15393f657ef4033761e9a8a8695d56a38f84022f16f5e67fe217c349dbd5e43862a4261d7a0e852bd4e1ab62162d001bceee508a1b8fbb0ea7a42847fd88ea31ca264126463208e3b44a6d807bccab3edda8ba8ed53fc74acf47a6e00a8015269df530253ce6bab92be7515ff96e7afc73064bb14f28f35162d6a27b73e8e6f0207597c588fce7184d6af5a6d250f7fb5780244b5b05008c30eed84b619f4a80390da46f05627503457b884227294c3ecb2b2802f49d0a90151836a3bd090a10bae68bbf31dbfff6486bf282ff1eef093578a2a98b96c75712fbca1bb71d12137d85885cd2e950a6dbd04b389c68c9e707ac4a587be01b34682190d140472dd9a5b3d3db3a125db08d21e44d8b96fd01eec7154b1ce56f66d7c30bd06ff5c0cd94c3d6b7923040b4c08ce44b85e4be4a86b51f93bb6540972c2fefd368494c02443cca55504a19a8c5b5fc0593e11cc0fc0e007ecc3a46311dd93c6b8de385d68ad928c7004d546ab83a28c7d800526822a2b03e082cd8c76c91e01c0d28500093d3e2e6440bbad2219da0febcef3ff04ecfaabeb09d1095aea8c5fe42ce778738838c20d841a2ed70e364f1d23920c3b8a1f0a2586d3ab8b37f0632b94d748b689061cf7138c30e955791ef6bd94cf9e11df2cb686e18a70e9e2bc25546b20fff7eeabc1fd49a4b4c9a1172db26c95098bee803a5e7896989dadfe6a7f6d4a3bf43cdb1f1b4eec527dcd910493701357383117c92eed6536149f566be5aa5a5bdfa705deaec33eaeae4fdd586bd6779f986ac5254f843f5da7a5f23265e43f404ce5cecf515d3a7d4add4c060ddd4ad428add52309e90499664d4d810bbef21fa3b737f62cf61a81ac671a5b8e487055a9d084fcce6bd46828b8404adbc38b51c58b03a4c9d58bda9180406390d441eeef46e0e760f1a627649e5ae879720fa268ff5f0f0b970c4e00c2941bafe0d453fe3126160af9c622517c36f71f75fcec8f8d72d891326569004cf0fa12449f781b451b0e8648a25d547d305c852c97d7f78d38bc84f865601f434fe234d42098023ca45c12050cb3a24e5730215b6f26e3d2dfd761aeaced5021d070fe435afded756c25efc54f3ed5e8086294357cc2c0f32535892d51ecf63dce4759d53db1e60a3fbe4a23356d6b4f0a4e298c0e4ff71d38f3ba5af1fd625a2eb8bf0455ba05f16c8cd005a4bd9757f15078ea77a51166607749e4f2d6b7ab2506f0dbdcdf91f769064d226397b26a6d19b79a21bc921449a800dab7dc376c709e96c06bf7a3bec7baf8d2474ed98eb6c4f750f885bb949ce488fa7d018724f798f94581d0826feb22b36ea9e9e1c67b72530c4982e68aa12aeb51a449c5defab7fc45f82717936df5a61da92f88020dc37f124dddb74aa95bc9346bbc386369ff4f843183d2a278418d8d5250ec7e287bc9ad47a8d1c44a297640dc1be9f16b7ac32e97fa46edf865aa0d39e4ddb44c644847fae404096d80b120afa5b7f3dec5f664d38da1ecaaac16139d3aceb26223b279d5359f91cc3c07efd7fe0e837dbdbbbf959a3e7857966c50f28eaa61c5ae26093f49f7e11187dabd57218a285c85c08c42afd628308e65af1a06760e160ab14a36bb8796d617ca8bd112e690c2d9ef2f39ba27573a982c40385e82299fd682d601b8dc718e1918334f922b2695c4a14225203291b8a5ce8c93e34ed4a50256ec652488ba661718cef05650fb2209bbc362f2526a876f95bfb9cc020528d67a8897beb21b3736cb32f83aafc8659d97c0013d239731094c6f5bcf5b934ce3715f27998231b284d99adc5212819ad75c9e0045d9f8db54223c632d9720e98bf0bf1a2687b8c6899810763a31ceae5ea9e7bf15291f18f4c9547e0323e85063f28d3ccb1adaa92ea47b73bd7e1e9496f7d312d77143edde4114a27a4d66b39e182be6786c1d4fb945183e43b07ad1c4f281072cbf6406014d2afb2d0a928af0ba3c4e02a3fb5db9bcb79c1044445570e0effc1cc6c655213afff93d61f0deec65fd7f31d85f4bf5f21d3d9bb9b1e15edad79007a949fe5e1ebcf0e6e91d770eaf19e7368692090189c0634b8f73db96de32ccf71cf1c0b43a7c65a3c0be14daa4dd80f4079b12884a4d9cf03972a3be97e6803a", 0x1000}, {&(0x7f0000006c40)="30081380d1c9668d5dee8f46bdd1c07cba04ca71e3f4522b4528f330aa096e5465f38384bd198ef4ede4a521e6d07a23c6a5c786280c92d8e6d0e8e632baf4ae6da74140ff3c3e912d71f7c4765fd37be1283410b7678ce8a0e823110e6e931c36bcf6cc603ca6995e443e7be49cbc6c641f1d2f8c6bb8e077cdb0252c666583fac67efd1bf7fcdf1a0bec660b362de4b821fccfb320e85881558ecaf0ee4da874cc5af16ac3a66708eab5259cae92035d1012fe07c0dfad9aabfa97bda930f5b746e5ace7fc7f5f08671a2188e8bbd1d91c76de7a", 0xd5}, {&(0x7f0000006d40)="389af1c8be5fb7216fb1a4c7d95aa67e8ce114ee538ef3088b400b8e4b3383970409de97a74c41343fc882ab1e1ad8492694999e5dab0b93ee6358a5abf85e2a2f9f13b0784f89654a4698aebfb79a5581328e18b96470856c33e3d9d5b93b97afb04697735157eab9865f94882e3469536e67a6994ef12b799fa07cefc8a2dc29ee7234e80e90ddc85184046b4ab36f590010bd943f2017f5d19849dee1d67ef6fd", 0xa2}, {&(0x7f0000006e00)="dc77108fa0824bc7ad5543d137e7d7ade52cef1c0a3db92feaa55b8802ca01902a4e21ad0ca0fff29c714c4a0f915ae5cb987c4cf040177088583d5fdbfc8d96e09c704472b38c4b6d747dc6c5917304dbf8ea3bd0", 0x55}], 0xa, &(0x7f0000006f40)=[@tclass={{0x14, 0x29, 0x43, 0xffff}}], 0x18}}, {{&(0x7f0000006f80)={0xa, 0x4e23, 0x6, @mcast1, 0x9}, 0x1c, &(0x7f0000007280)=[{&(0x7f0000006fc0)="165e7cdd31b419e414428a3949f03b126ffd02890f70069837265c051e65cffb3624fe25a048a6aa69b2aa533e8fc96f6cd9488749370b598bef0aaae43d33933133b4fe8534aa2524bfe998879994ce163c8c313b9e0f64df35062250cdfbd2f30039eea223142422338d1f7245555500cab9343005a88a4ae292c267f8be76f9984c30bac60293860b795556626dd5c3629b1e2b55d0003eb65626ab575a853b14b91e1a91a2939a965d4a3cf56d", 0xaf}, {&(0x7f0000007080)="7fc7416063a6304ae11d58667f8411346e219fc878e7cf3942bca0541622b6829e57e129534d009062a23ff8044eeb4b76ebbed9695ff3b0b9cea0205941e84e3eef7a7d0ed1a7dd1ad2cbc4d0661b8cec3fdae2ba62313d3818b779b286b80014a17ae0461d41255488410acfe9ac1af79a47b8a0fc507e0c09ed1ae42f049e3e20ae89037883862988ce4dd46ca707ca1146a9ee2cc83c94d1843ee3b2201248a2521328b3b064cb77e4ba1d2cd2201a24d888e044a3a7b8b2416aa544f98799d84b4d2ea812858b32cb6aa4", 0xcd}, {&(0x7f0000007180)="de69ac7f8f0ed4917b40821f9314f82b2765e91f378800b9ef522b0f9e058574a932927dacbab9c516ebafda8cc3d8aa7c60b86883cd0d3937da3a05984aa5c13fb4af4ff1416e82cfe688a219eedd11452bb5dfe990dda0d28c9b822a9418b4c722acbea163dca012ae69ec4d471f23324d98a306587bfeee73fd8bc6b5caeb193f7fa4cc307fb47e1ac567351db12b1d4624a57a37ae217e508840d1f0e594", 0xa0}, {&(0x7f0000007240)="5a7cb762b4d8e1d3ae7e4daf72ac6b9f22b18a37200235664fe828818e0d85019b79bf97869ecd71dce70bc91cf1bd7d00665f0aee8949dd", 0x38}], 0x4, &(0x7f00000072c0)=[@hopopts={{0xa0, 0x29, 0x36, {0x89, 0x10, [], [@jumbo={0xc2, 0x4, 0x3ff000}, @pad1, @calipso={0x7, 0x50, {0x3, 0x12, 0xcf, 0x0, [0x4, 0x9, 0x2ec8, 0xff, 0x4d49e653, 0x6, 0xfffffffffffffffe, 0x1, 0x7]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x0, 0x6, 0x7, 0x86, [0xb5, 0x81, 0x6]}}, @generic={0x0, 0x1, 'E'}]}}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x4, 0x4, 0x0, 0x2, 0x0, [@dev={0xfe, 0x80, [], 0x18}, @dev={0xfe, 0x80, [], 0x22}]}}}, @dstopts={{0x28, 0x29, 0x37, {0x8, 0x1, [], [@enc_lim={0x4, 0x1, 0x82}, @pad1, @padn={0x1, 0x1, [0x0]}]}}}], 0x100}}, {{0x0, 0x0, &(0x7f0000007600)=[{&(0x7f00000073c0)="7b61d1d68044eb47521f4cbd0e9c8d4970f1de1fa49e63887283ecdeca8ba77c47c45617d9d7fd6a98265d6a440881a43bf1efa355c091d176bf7d8702106c209db159699142420397b55bcca03863979c430641c28f28a7fa243d6a5b9e8939614bc3df1f370978a6216ff0e235dc719677099af0fc406a7aa7185cc4246b7b1e8445a8179600811824df6ed18fe5a15791afc09e6168d2d7914f7cc0c247f5c01461363009ebb0d55b367f6eb1e68534a87229d15eefa5075deae56cb3749e2a8cce2413c30fe039f2c8a3ef4967adcea042c756725c113eae8f2c1e294074288aa821378d0dde63a0e6656f243877a5301e769892874a34d93af9", 0xfc}, {&(0x7f00000074c0)="45d927b3833001b5", 0x8}, {&(0x7f0000007500)="fe61aa9125ba7e4a475a799a33c959974a029df72c6aea427d79a1cf337c3c39a6999c6cee841d5a73c004271f1d8dcb74f60d4b61fca22a64ec2e1b755bbc90fffd2ccf41ecd41bcc1ed1c75ff32eb5fb80711a6f11b91b938f8294800e3cf7c575c4d756ebee3a2c978e9d84b8ea528c0e1394c0149298ac6fead924c2f8882c1af73de30201bd51b784ffa2ca9d0ae25c6f37eef090e0db8d628d5b796ec70ca7e8b8ff3e305e29c956fc9514857e85cb5f8fca5185e17e893a383a589db4980b", 0xc2}], 0x3, &(0x7f0000007640)=ANY=[@ANYBLOB="200000000000000029000000360000001d00000000000000c204000004010000300000000000000029000000370000000002000000000000c910ff01000000000000000000000000000100000000000014000000000000002900000008000000a40000000000000014000000000000002900000008000000db99000000000000140000000000000029000000340000000200000000000000300100000000000029000000360000006722000000000000c9105ccdf7bec6420709e033d0d2138b9bcac20400000000c2040000000102f49c963dbb1066c8c0e06b6c81fabe2a300f2c1e165a4c08b7e419798476b07cf6ce18533044eb51d6eb56cd5835b5f8a46eec9fe178cbbc4da6f14c63bd0eb1137b720a1dfe64e003973a382de51cf39228d690006c549eb04451056f8b071ddf48bcd1179538fc06813c01307baa9b8276902f2a645d81b45b27e3f9c6023980f9d68295d2cf8b3397229e1c8b35569eac31674571f26089f43d48005f753c36f56f67013b0060c98e7c6f867ba3b500b5115c2f43e06b54a1ac6f26ba6fed8d8cd0ecf8406abaf63bca9f22e7db0e350de61cec0859469dbfb1319eccc517aa2689f469eed6e4d0a9b7683510eb18a846b364720000000038000000000000002900000036000000a3030000000000000401070001000001000101000401810108000000000000000001010000000000"], 0x200}}, {{0x0, 0x0, &(0x7f000000aac0)=[{&(0x7f0000007840)="c0e45530c8ceb5388ac578896f86cf0de310baa3d0963007324a0694006be6978668485d7e100249694e238111dc076161592c38c172fceff072f82305552c8ea895e8543eca1c7992db276a6e6a1da5d6672c81743cfe6c50329c807af8aa59ba31ef7b79489d05e489a6c626a4329d9a714e6422f63f9b5ce09ab58ccbe58518608ec20382fbc15093f975fe6749aa3d9c3d2dd008991346e128a658306ec8850cf76fe93f23e731fa9bd2c82d2c7e604ad542b4ced4eb468aa4c688082d34e14a962ff2e883333f5bc64f33f1a06f6988cd40518bc8be0a3d36ed3e11d26a8c1a37d83e4feb6486bda6eabe0ae0d0a26155c4ad8919ec85e30a53ffe2b73ddec82b51ce7bedf3760a7fd0ad7bf61d561cb24def8e11bc426af8495c82126ad8ef61ed5a8b1bfe52ee0e87bba2fd93527a04df9b392068122a2e8eee93d6c58b92685956d7cd48f8a757129c89cbdd0b9f6401a76f0f08cb68c77d38c6a0d29d7bd5182056b4ca289dd98eccdeb5b90acdac6286964701e6e721e0ff548a4f902c9924f4226294390c25ecbbfb57eda2f7a84b931b1734be561435772ee2f445bf124e5dfb6cf794fa3d4f8952f771020506cef27f12f3726492be70e5b862d4fff607a9f940c74ccf7fe20e8967a370173f0596f323849409ea43bfb96c4325693ede9d81cfa8295fdfe25c65cb41581aa707c43790551f7df9708ae1f1bbdfd86e3be09992723222a2bc849eaf7d5588efb5453869c4d747b33638e28ce136fe6365b161c9f3eed819502df2a57f3f95c456105cac4c9a3cec9a5e54a0a07fbbfecd940235a6f865933031e922afe757a8dcf59926a03a317eb1c3a8948bc160cf2cd05da899cd43f1360407d383e2581ea5af515ee7152e32d9f9b3753c21532b2a7288e0b04f096832bc06b5eca8bd655b97f112520632302b42e789ff838b4ce716b095a910e5c0829f95d4b95b7141878a5b67bc2a317ab74834abb1a2f18180168f84f67d182bb862a38253d3236318fde8959da8e6850badf40e7f04ffda438892b574178d7ee9aa0963aadf63960fe73694158a52063712cb2d514d508a9147e81ec150bb4fc29eb75f5205b51a230ab584d8fcd7e92ac5b2d290c7ecb8e29dc96ca9209e97e628d852f56a043fb5f07a1fd43125c55761ff5d3299766d03a6fbc1330a4027aba43e254302d480ac56adeeba8903b89312e926017813a87758e38c9daaba012b2dbac6eaa874adbfbbe11aea04c68d4db91672ab7244457930ca50b0d524b6ed7cf747c7b72633c66393f1f3da7e9857c693cc417e1116bc33643a0bfa5d44cdb40dc5959fe78cf35625b86012d862f94840677234308962de3f268f5a03c04795fdedb67f4f5307165d906ade9ef92a0dedf2137f6d47583b5f7dcfaaced3400605e2b177ad4b6e5fa0c773ca2cc2f6188dfda96af2b1f30a532d280fc7a18f890a3c3056541e7c1059dc9126e279bfa857193451fcbcc41c4a7dd0a87cb9f7b32c5643a807f24ed6c04d00b20be157a0941c775fa9e3dc36c0224933100722bc2d40b54c407e323a3651e0b004b1b18c96fa051c70106046e82021dd2bc03d31c1667c8968c8eeafc2a864e45df13a0eba9cfce90cd95e2084d509c21d17ba405e96b141379a55d5dd17eaecc2be14421d98c783b6f3c7c89939e9586eaec940e842b49827ee0c555a04753c780f0875499987f56f145c51febe86a4030f66001cc34aca53d638b33c263cbe8cddbafb0b3a0f09aa7ac58ff70ee07447d1b631c2d99bd0e4c9de494eb18302daf915289005653cc494611ef44ad7598bae628bed46581aab793c4f711057598a7fe9c335bbdf21d7d4340b955059aa519bdc632baaec57b415b9adb2e826b72d8767ecc2ac5a42824b7ae18b35658d31f58c60043efbdaf5b8ca13cad5ad9b39481aedea7e8e05d6d1c61a59f8a29c00c64f68ebe8ffba37931a16cbc11df8c65685f003522e68414a66b81c6cc8027c44191360b0070029c1cad93f58062e877578ba9d902f28af3a40519611222b146d635368609a9b03624975b754c2ed1102c1b367eabbc8419e46f0e1f7af2f3ea43dc33c3342fba32ecf3e6be8c34d3151c87d72c8368e10cc070304ecfc60757959b143d3f1353c71de5881eae95e0c9e9749fd0458ace7a0fc438459ace147a7ae23ed25a44cc9b7eb86d6545cafbb84f7a2f35f7a88a40d587b76016a5b19d215e7b1eb3b2e75dfeb929c002ef8a37ca8c9553e295a9f0c50192a8192f48b6d8e6cce7424088df0aa1ba8ffff9150280d195dada8ee8ce9c31e41f2e5753dc9d124291ad5e32453e220f6ea1e8415c06ea681203afc76fbb065949b6999b2be0ab24647fa355b902027051c1fd4e4d3e5ad2fd70fb1e405f78afb898c1735a932a6fb53dd70a6e17577a377c126ddc5faf94d6d7c0aac64a93296d931eead4e33831ae37323912f4e099945db0c2178b2f75f381d4ed4024e531374abe064ec91271324096d2965a2e51aefd9be1e8abb76490a56a829043a77926a42580dd6de808cb29c7f9af4f65648f99524f04f1df7bd741b13602509e9455df95fbe228514663d29ce5fddc194a2b2bff638d4ce2021c0f5e5a83a6ee2a17d7475c95aad6ba3f00e0e237d569ecaae846ceea0961e7133b0e89def0e9e657f598a40b3b3fa5fb5c85468c839342e994c6ff5268d07e0093cacb7595f777050947020f2239a506e77ee1130a8634dba53972119aacc5ea18a7d80d671ac5c6baa51c97033e9ec2bb2056aae19c15fa924c55f4f971c258a59b4416dfcce6f4513c2ec2d2ee6e24d27b49ec77b74f3b3d2f844333e37d6484cb56ef7e76a76614858513a8b12a76739460f9fdb8eac1aa33256dda62eb8424cb9a869b738f63c1aed2c82dd23d7e3a65a0b737af2cb5458545acf89466a477add1ee1e4d74df729d4c82e13592bff6fbe41306474d209aa2ab0879ff8dc9dcc399a66e0c5809f123570918511f313f632578793f0cd8adc811461a3aa6ffb9cf5af1fc1dbf8768fcb139cc4834415807aa08876e5f3c22f140e3756a65ada3e6d62c044af3599f466420a0e3ef21b37b18ba2ebfc789f4838ecc8bb78d87ac817fb6249d3e4dfaede04af85794183a9176d2bf11aac5bfcfb79d689919695193eee2dcc5ab4451f618f3074c037fa6d7d07248df3b98eca29825bd3b0061c499eaf4f2c0f105c4c84b74ee5857ed07ea8468f1eed8796352c2b36e8bbeab7181d4c0629d7173831d9dc8883a28195b3f39a1de15ab0b862f8b3267b2b9154ee52beb4a510cbfd4206a28d53a32ade6b0b0d6ceb7d1d29044a4d7b267391484e44c08f8378e97de90e1642afb31ce60bf59f3c4cfbb4595e31bf2c08ce1b49bb1f3691fe255b10e2e957f3e2305c0c7b37eaa57609d48d9b801b319481f85f28e09fa971bc42ec22ee36944cbce483a89e4a2354e762f5902c3a102a2fffe701e0ecfa858d79ec1512929a345e69e788eb9452011481684c9d7f9bcdf7acf26b46077cca579a05e63dae2dd1e9465fea81072861fbf301b414881c3754c973a724d6669cfe434effea1ba5f5241e7e0b5bcf58b27ac963f36d9e611b4426084dff7eb73b7a5932e7ff9d5f20d5e69dbc82cc65c889803cfe902973a5a92cdb4af46096ec509fc47a4f25e10c5e78b9088d19392898c39ef68739e1c429ec7794d903f5d761df65815684d98dcedacb8f5de39c1e30928db03febbd7067f569a0b35f56754238cf468ab39c50dfb2c1a3c692b183ca7ab3643db9e1394d78d7ea9918ce7dc401fe6264ae2e8abf81671e6a11041e43c5ec17d376d68c295ab0bd42052be8d486742a01bdc0211d43f51958677fea5217556e29743644a35a05dd370b562df98b10346039441e120d2c6c0cce7d61bd19ca1af47404d42bc385cc4c414bd89795e768f71e965b2a70012433c7c262149e8b86ebb3d71ece9ee79507bd192b975a7842f81d24db5cc7d020bb2a6fd2e8d6552e61d526f0b66a00dcabb099bf7ccea09e8dc19d34dca39a585119ee89a6df69eefdabf992127bc258b8dc464938f51022add51e6643f96a1fda6822e25ff71592ad8d6d947885f2e9db640d733668c4668cc86f60f2fda95c3ad140b026fa9bc7fab12fc8e133a013627b37c14fc7bdb907ca0c85632ce3e3f706034c9aee0548afdfd4a11c08cfacdffa947c08c1aefb2e152589a80f65a65c7f51279d2ee4a5e92dc58e3d67ff1550e966a54563fa3fc51d5766a1afd53cc7dd825f018726904f91cdc51672350d0cb64039a3aa3cb85189c1c1b8af6b23166f95323a8d2513a20749c65a1171e2102d4c4fdc01b39e1985e73687b527d32a59bf2dac00a616c293eb1b874e33172737f4c76ceebc92dc8ea70f36165581e3d31194b37e83b427aaf9f1fe4f4abf2fb8b5eccdf4de540aa3a11db191861e27108fc0139ce97ec00ff0638d4c47699d92a49c3b91df142f0cad427b154175b5412d97f47266558f006d188dcd479dbcd1be9150eb75ebecdbbd8d409a3c2d2d9ca3d085edbd44f2e88f3571dac0bde6ecdd652c00705bcd896da27be8972d907b18c40f9571eee6ec868c7f11af1906b3f5935f6c756e59867da540fe0bc6a7016d3020f9c737f8a756a4df79996f55955a476000e98b3e7d1c8d467e90a01e10d484fe90c10f2e2715ea1c696cae2842586ab8afb726d16329670a4f2bc94a90189f67316fdd124fca8b918d925fde8086b8b8bd34075006b2fd28b4ba40e6a598b2e13609b107e162d3d3bce2a1c32eaba92a9ae67bd3bd05246100747d86f21bca8a597aca07e1c16fbc98268ddc403c261b8cdee29be5ea4d2a5e6c02940c648d7391bf40ea56fc64ad7bf1ed254e01aa669411f4172c3549bc272698b7aa5b6470bad97297e56ed00903f3f40a73e5dcc696106a19114ed32fdbf99a2508cf3c5c41931de83b1de5286ed173929dee4f2dd4fbfeb6564c788a286eeaeb47641c8efb336f1f884e5fd8e1126d41dfc3bdf8ddb2cf02052cbad1c35c917558e2f5356649996a131f3895162a6f9ab38cdd45ad8bf02554b1befa810fc82e7a69f6999d55a15497f167cf09657bb3b0365e03627135fa69b66c3a67ca593c61df8840df4e83981ecbc96f5ec2c6f627de3c5c1def5b3ac8a31b823ee0f9115961e5364fae89831d845f35d3e285abd342f7cb3ef79450ef184925e36b50e79b6ee927c2a2a0768600719b5e75943a88d4d17b2f249ccf9266337a02fdd5c037e3b428ea49389e111e349906e656516c9728594f0ee31538031f6190221a049a34f878af14d17a0a74dc1f7745962dc9a50bce3c56c329967d99fb69e387b4bf35e2c193298aff246ed946d1c62bbcaad8b40704e6204bdd168ff9140f3f0ae5b048aab521a5b7923a9d949180437e53bd0ef5a6c11722d8b69a202d43baeab3789b72b79c72dcabe030d0aa9b167b230ec9620e0bae27d13c3265dacf0c7d21e05757cb996adc510e95e6d4d61fef96a84088296b8d01b5ab124700ffe0d7cbabddcd1e2d1e8250b2bf84efed093b6ac41a94ed7680ecac848eaf619c2d16c473aa293b1b0ae31b7aa9d7b7424ad06d5427a65bc9f2a728842926569e5b3ad23bb50785e02c7e326539ef5ca3c1036ce00d4f0e651df5a33580340e846d496c362281d41916c5d7a8bfb7881efe5b40c14f855691b0b664589f3a8c7ad9a39156189d8d7d401926fa2a15ec5709d5b5699b77d38841b7346d2a016d6a7dd6170e496fe0777d06b9ad1f93ec0819", 0x1000}, {&(0x7f0000008840)="76debb203bb606656a798e2ca54b4d8f1a4f89c3aa5240bdde09f2a0d558d902a56f6eb553c928246b583e94875ddf409dc4967e2b3675301514784811ec40ded8340a9a9b6f080bdf5942654c78d18bdea6d1c3d5a020ed40287170999463a8f18b590f5272340eac4194b71b83a5605db7e98fca17de13539714dc50dd4d23760c9a7116739988b510a1117fabb0f69407f4df621072f1f387e81d9483190f97d2f7e01bf5214ee878cf55b51b6552165dfe98e83a7a026b53179330408c6302", 0xc1}, {&(0x7f0000008940)="6905dd21cda323d8059ac92ae81227f70836b6d6f4fdaf21b4627862d248c22a4cd27f59742c13c21840b96a9286c00b2652d5680731e7c4bbe96d3f67987dc48db609d80fafb5070db4e7e83925f38c9a462be284e1be25596ff1595d57a54ced40cfd9b948ed79", 0x68}, {&(0x7f00000089c0)="bcc43999f8b47737026b3c1f6a5031359447a1aab7c9084d052a2a23b752f69c88898e56af512daaa6a071d985e49f36e0818468e8e6ad56bb0e6d6c2c5a4d0dff1aa927ccebfd5364df57ddaa333f916ec36cc398b69c5310792e67215971bea47b41a6044d67822f6e89e6c1001554f07fbe7281e117bb8539f487c9f4602ef6dcb6ff15636ba8e1d2d765d8", 0x8d}, {&(0x7f0000008a80)="7fe704d47e8495bf08b1ccf044aaf5b3368d3d7c834b848086f885e66ea873eef1d044dc199e31bae0fc4a9b0b5b869d2d6a5828eea87f38b948d1d0d4c58421c7b9a1ecde01c988569d15b6550e28208fc13cb2948a645ec99097cdb4634e75376d90b7a342ff9fca1c115b98c9ebc60af6ebd4e666133afaefa69ff64f09fe293397c2daafe9e46203d9a79c4068407f03281828bd82b66c9817323d6b42b7136744af92665793141f2e9e7fd1312e512f0b48123b266b35c5010e42853450b36f885e7a951422bebd1eeb6407137f2e3259eaeecf2ccd6925f177780e995097d985db427356736188b0ef3239d2a13296518148220205fcaeab64205d5808208136c5518897795522678f805b367f3d37d1939f9563a912a0c6a94022f7182a4327af92f6e50c35969a976519596983f8c5233e291123ae68e568308e749635ff613843e3c9cd2031172685f02bd73824b739d4187bccf3aab4a9e7959a8c23f03aa41c9a67862c6cb370d34e2c785d499587c0daf9d593c7cc320ffb414e9952b81621b9e66caf270268b737087490b0f4a3e82d8551ec94eb9d6286ada7a81881eca5dec75ac61c4e1f40f1522bf0385bd149d9913a18f6de54f8efc38a8ca8d55736530a00247db27a62d713f014ec088113f1cd168dfbdc883c953da8c6d0dd10b4f71c31f89348a9c96eab22d92630352d701dfc13d36236d3d170b223b7fe3a67f579bd146a1ad7bf6e6b5723c9a902b14fdbfc58acff11c2bfeda443a9fa694a3ce974234107e703b2e09c946be92cfcfa79157bbf7d5c987b6e49e8416a460456e5975ca3efae5c90bd6b73ecff779caf8baba0f796efb7a5cfabbe3cf936be6ad7837ec09af953dc49d119606cbeefa11aee7eb2532119463d1e48a125ae26f195d9d2de63d88d96986eb8f17ba7bea0f19fb580f7d72e3c58cf2d329cd2a4b2b5dcee014a40ab8ba73d69e4ca15760a3d90eb5eea02828e668a9980f0ff1348785b562952761de4b5cd81787dbcbd498e04efcb1ca9c96cd63d24acaee331fcd62f1a66a279c8a4d5bcacefe906ce36ae89ca10c685140c25be8a1ed5c29c8503321c4272e1080500c1e22e0011758e61ae8315785d5df3be1ec6ac282398c6719aba77986419d63f1cd79c94e8387709539915b87ff59d0278751a472b9f536dda9e2bafb0956a1da1df39c3b269065ce2450707100cb499deeda9b251ff3329e1cd0786174bed250de28fd098cc2114ea244469db1b4bf57314410ffeb4d5ad50851949b93b72afc0160ec564d838144442b7469467012dce6e1a2abf8a886e11d1cca77dc7591390f4e56b71eb1f7ea986a3aa31d64617ca2da488e6b0de906afd9ecebd50af07c4d42e08b0d90d1e0c23235b62715e324e20398f9e75a3b63e2cf133d4e0d2e067ed194f9711b74dc2c4050405ff764c7dd52ddb8ee4959174a518300677673816f7e6ef1e9c2dbf1b28fa966ad0cb908d6ab8863665808e862b3590db3470e4d20acf2d3b1565dcfe9596ffd4f9577f06ecb5ad48e054a802e6e1bf82eea0c0dc9ea550759bbd5081ae00628382061d4058de742ba8e2c4714c60dfc67e770cbca796ac63a1da2f828dcd1949d6399268b6dcf91bd4b595372b2b2b6d8dfce789dffd6d0cf92eea290f0275e134aabb98018055c9bbbecf71e73165a325246ca0ba6e91c66e16330e0967bc5f229704d2cded1b29dbc3a3fc6a209dfd0e1f17312a9a627787cacd0f1c51c0e7038dcd5065fadc2fa16fe6f0ea87fbe9f80acdeb409be04d3f66436bbe23c9611039a20e9989ebf349c6933cc30e46b090a6b4b5629f43529921267cd3901ab295def1d197e7e50367148915457a70b34f86991106e7744480f3857d5148df5a470aad087eb9b35f37ec95f7653810c778cf142bf5d6bb7c7f8edd7312ac67d38f145e4afb7368ecfa9ef06cc320e26b8982c8006f59efe9b90a904786c5bd3cba3c95d368d0ba44291275e9f925313320165569054bc53292de092e4ce4ab210a90745da427280d6067088854bfb30b4c524b9bd2c533bed017a01578ee417158be02594a6cbf90f997f70115907e084c47a4e7629e86e74befadc741d4fcb84903932b723a99174d351a5229660afc5ab34de35e2a5eb567b6b328a7311b62eb26d93b056a5a6bd5ad78143866a191bb24c996f304fad713c87019e06e401cf6a870e25aea86f3312a8b241ba14d6b629ca2c5ffa098be108521ad38a1dce21281d5b94b9586e9e83731b16f851dbf2c28729a21cd51c41685ae59fd693d0f3ec54de958d1649f121003838c43b3df3bc72b5530eb920419b9ba19665a8bb336191032b8f68f54694891bc7d17a0f2ad9e0fa0a2960bd0a906110a80f8f92b8a9f1c421eb294a5873be0ef100b669ac1ca6d1202f49dc3cab1e8b789b74235116993a47946f0dba09488ec7558b5c0e9657baaf0f6d0606b291985ce2fd95541dfb05bc35bb95a9de027d9f36c4189b5308d7328df479245375e2a559e473ea7154c4f64b3f4197337279a5a0cd5408758c694a99631c88209bc817cf4c5c328bff697840e2ed69ab7c5da3a7d6c4e3c0ed99b7cbc620ebefe39a875dc8951f82fec08bfdccf3a2df7750b34348ad5ede06c15552ce3c5502ba2f0d439e62ef8ce360b240dc19b8ba9c272684319cdb6f27baf899c24fec1398dd613a6f548bd2d98c23d16eef919a3cfff93d70eda39d02b17192c3a0f48eec5e3045c71e8fd5aa78e5a55f543bc3efe764291bf72fb9fca1118d92f133365aef39c78dff5ae201468856be09762bb1dacd86b22cbb8d96902fd6930aae631dc0fb233956ffc7e38e47aaa3afa73e01312aa0062fa6b9648b5a6888e4b38a60f74bd9e8e4b1a298d319b51eca8f94ec0b3e908aa9390f2b11e159871c431134ca0899b7e2dff8ab2100069272a607a0ad111fafd110bcca658350af679c6477f06af3636b552cf394bd615d3af44d850630e7fd9e30546134a331e9237f0e1201d3d4f9676fbc71c7280b098b973c83fdb5675caa152c26529101ee5d463fbc2a3e0a860107627d4d599108f55284d5da877611257e55ff29862d6d4ff7f3a5008a070ba205c0f8a77ada01622477a9f3568221c9d106ff4c95cab190cc86a98fbe080a0fd38488823e27d79412336e83a364f571abdd97645541870fa511cd48406641e59e5c80c22f88dbe99f277ed5a265226420e0c1eda7b867ae30085eb940aa42ced9987d967683a2d15861995208024385015873c90263815b759e105496b2b3dbcfd23972b6506741259ba00c2f93f5b67927a34a206d1ca925479ffd901eb503ef0bb286ab4ef64935aed217273f0bfebe6e043622a1ea719e6a203a60256be80f9529678fe2738056e187c7a2912901dcec25bc509b1791ac22f4abbd01b39f2614959e9383ef57f8c29d6fc204df79c1e4fc35092fb1e4d5462f6d38401b30b87d168b274321002f6f546843c2b46a801c924e0a39065664de96a746e4e50146c467a19d61d47a4b58bdd003ff94e57f0b3f812bf067b3b7ab00dfce12c981448559bb45c4311899d201c685c143f582a10e0264f339d0788b85af2b7973a239cb59a793070c93722fffc2e25ca17278c6499f141974e617a350c31985f1ae7712af0c1fb06cf7772778edeb48df7f5966726959495b05a4436c9b2f58eaf58e5ca5faf4d40cb3d73688caada63e5bcd53971cef3423b9d396a61df11013bda147412deb316c7a167a756ecaeacea4f73aa70ab1070ec6a19bbb90616a8408fa880d35c2f30dcd995cc015cb6cd2d45bf08a28ff42fb8bbc70b2f853357024a6b579a9a6566ab6226a5c504525ee4b9519b1c9bd1066a01e4161284d4d3a1426f1d3ca5903c49d92f8dc5c0ea38f0a2d6d1708b37bbf2aaa0782ebea99f0ac47fc48991224e5ca488d859845ef3847d743aedfe8a304291c4ee28bcd916359b67b4878dc66555e48128edc214d3354a93917ff7244a7d92a2bafadcaec6c84f7014877b6fbad8719862704281f07ad7c0e77045da6b00209446fb9442d3e6dcbea2891f22532fa3d13190f0051bd1bd6504a5da36c824ccc25efd964f06507f43aea1d9092157c1b6cf8be1034a52516250043816c9cd20826df0c118eb68e7730ad5d6b1848346241a7db245720fd30add23da2df9c3315394a60248070b1d00e773567e59c213a8e87ea276f242e92aafbac5b80d7f9205294bc75a11dede0be8131ac2090cd91960913c9664f17005cae3455609560b08794995db232b52ec30bba9c92d3b7ed477754f0ba13b281342151b8d409cb0067eabde8512fe0b4edced62319b3339860b7365e81fbf36658c942b1d2bcca3ceeb9d5c1164e8a2910eaa55146cee321d7fbb3ad6fc1eb80368264682eaf65322a55f526e1904c22d5c9ccc88ebf59e41b0ae57a9812b10ed9ec8d952c05bb85b2c2448883f3f6e73ff7dd54bffff46cbbe8c2361672edde3dd9fe2705782d2f7c30123411e31c37c5312003ee6403f98104ca54e10e1fe4f9aa06a6b62dec77cedcc7241f4cbf59e6a8c711af937369adf3f80662dc3e05771b66699baf6fc7e0ac88fa4b2cd575d3c8d6edc7faee7395b16f974446151887c94238baf732594d366a7e4d7f499f0d826127633e2ebd809d500620869ea5a8ec0afd882e8028a03fca8a60eeba780aedc7b8139a2c355cc83fe3c6acb50a66b77bf699b9c1850998f473889622e53a13124676604fb3093ab87950207be740299e21107178fab4b3e64d9e0c19d7d8cfa4995df8f7e2b7c2abd46f29679fd1b5b27fdcb7dba8d6a6d876ede1d93c5742b8e3ea8a4dce049ee381bbd8ad200f2f7a220c891a201c69b3bea29b79ff16a590f9d48c91b3567068314bcf6f2aaec98ec6c3f06d48694a58e7835ec9fa1d9b9c2be9b05b0f80dded28e12b130fa4344c3393fc5fa9598758e87b7ad068ef84bc087f17badcc09eccbdaf6032fa86174a337aaa03155291c2ee5dc2cd55c5e5246a70ef5983f1185ac1af4aafe7614b2540c396535807e0c1d076d2669d2cde53f089b9691eb08a6739be8f715563b74958800cba7eca094de0f1a48d639b9863ac87574b678e1d525ab2afa67f936e6882ebe720d757a2887abc054f3ef2fab630f4d86eb06219a4a061409d5df92a88889328f96fdd65ab0cf45fee555eb7d8cc2310403c500cf55a72d15821f5a9f49ba0b4b72c87da6009d03601be0aa480b0e0efbae21bc00713808e2ba0718b1dbf9939becc094b9759c187f234f47b921d862de488534eb4e10a446d93e69b20c83195361dc1c556611cd80253078198fc2398691b922bbd7f5b69491e42edabb1809c37371ce2d2eea0cb98082bb62b38a78ea3942a1ce6b3ec7db7c6ffcc8bea885d571860c84c6a1e5ea48680385cd4d4370ff14c0ff724bca4e7edb88347ef9ff98149cb3984b25693f5552e3a9501437e80403039a0822716cd153cddc11ea3c9b0889df89bafd9fc3eb401f495dbc10a94b174b7a8a9014abaf82afdf84e5f84f10ee03ca4158f1bb8983bc0d29c12cf5e46280d4971b9b95a550cdaae6285f49549d544708df095b6923517f07b0bf077c0674043b03a4c2d41e798d5913259ea7fa6021da52f9a65f47026247bb8912c768eb52ff6833927c3eab6eb6ec551c6bb2f2bb5a2d2d380b4e69f8f1b427f634aacb5571249ba08017271a395853db8758545da600ac5586fc3d3d7804e125f8da775141eae0ff646d1ba8cff3914d70cde82f47a12b667c5529bf87", 0x1000}, {&(0x7f0000009a80)="ce7f64de12d95315e48cadc6bf0c133e06978a4f8629f9d1dd762649bb7075ad641d887f73412998e7b6c687e1fbb5693d2d20317fe54f46c82fa5138420dfd4db1a0f8ca3afa79e3afff273559721462aca236981f8b77e7d7d67eee81f7b893b1995766629500712c4f851962a8cd3e285f75ee4b16372ce5ed708735b9c16c236727af233d97155a00ad9adc522cd7df62efbb0fc5798b203c9dd9da79910a4c895aa27ee5bce86f2ef8aeb794a1f0f9dc39b22446618e768bc3731e8f159e26b8247628743b05766eeb2b3fd009abeb150ccf27484b7812b5f3329485302fd4459c696afe3675d9fad19370b9fcee68d94ecee5a69044eac263c8031d1d9d2a4b93640ece705a5e6083642a0ad0f12ebd4caf0e05978465da63d89f993a5f7285361443cbe8ab50c51e261c533e81e324ab6697ffba91ba3197a1159e5eeabdefc8b7047c1ccb5c4f864bc0af5515ae79ed62d8999f0073e85c0c19907205aeac995b44b46355a06b1e6e7e7b78f26eeb2e09ccf69a559f56e4966ce1290d7e51f0081551e35c59c3be8f2b0f6a5a0a2bf2d7792f7c4b174e96896bd6f6ee4c871b98cc4a7071a62e24ec295f7aaffa892d60219aae5524200194b176f2f8290725ab7bdda0c69b512a360903146f636b28a276ce3acd4a9e5f56273047ca032b68ccf963758d5fbb9b9464fe7fafd5d6533188f5542ae5f01f4d4c11e6737d1df945521ece643f91add29d64d3d8bc46013646d24f3530fdffaeb6a96e1bade4045ef8c81da8f6d78e095ddd51afd4c86fa62f1914486f24ac9e643ea2cc395848ca14a7e6016374be86da2a655bb940e442d9bae3d21df847fbe6a40c4d0bfc6b1af809e7e7cb40545cdd4d70eb8e53950bfae1c23ac814f6d565d951cadaf6e2521c568515c207d4f441b374fbef7179fe6d19be6646bafc009d285d2c0af2e63dc1f3131c4a4e83fffb70399390731f2b1434225858150cb6e3e1f32c3941ff9005320bda94a939643d8eb52b579ef560c1a30a96a40bd86fefda7f47c69b1a5bd00dd384dde8292ba85418173cf2d6688272fe95c9fd85660e0608cc393078d22745ddb359eeaec6e1ee02d04fa6d02d9bb3ad44e00314cc51a302fa80d0cc39ba71d7c5a41c193f7eb0454930aaa33ba73430206eea0a129e9e0d25e57121ca94559efe4330b81d58611d0b9578272e60b4fcd0c3d73cc193f7c78fa74cb4e3014a053242a15c61f6c7953b0a48ab79209f8e4db23f28e3e6079cf360c467e8c7e38d230fd63b0328a45b34ff866d8a41d6f83f4769a8fa9290ae32dba8387e6a79d51ab5cd06ccafe23e0b95e855bec760f38704965a9d907d85e84029de63ef8789d2b366838b226ce46217674bbc869f97ab21894f9645568c237d47a71ac2a4ff545a629af36f5a247963c962938b4c58ead3647185029f4254ae488ba2b302e494b3eed9aec578a6034566a0aa6cd59af1d35b73604dd4e62be775424bfb3c7a38961a391ddf76126665b98332f7f54f1253f372406fc68a586499779caf1cb19fdbfa7e7f110e4dd30c48b2bacfe88084ee528e043f3ed48a299ecd793d3f193c6271b9da2677c073d5a882fbc5508f46203240031b64e3331f1ea794313e387525304876c137b771bbd06a9701ec2bfc47ac749f41cb60849d3840723237d86bb3f5e08324f7fc6773bfeb02394e5bf3130db8fd60ac3f49f801035dc8bf58ced758e327eb1159044be535d945b1c241e7ba3be9547427bf58f9b968130bb559b3067d8159ca527ba4f7460424811b461f5663282bbc763f7c4a0734869e68933967646d054c32d2d7bd739fd6e55b3cb9c0a5cd90c894ef4534f6a5ec78a03fab1ccfb0ef02f03dcaece613ff05d32e446e7a28e84ecde90180156340cb8a1d0a8d2f1aa477ddb74b4b01fa0f9db27b8d51608c7529ca7713851ad9f09d9bda639d297fe2321f2420f9bc593cda74093f873e0b8d2972515491d23d7d9d2623524961bec360ae13edb24a4ec8716ea76f2f52d704ce6d9cf2edaafeec90da6f3d0fb9dcf05ec705fcc456b1272f089c42f0b7847aec8793b428a2fc5c3e809e946f7fafb505e73992938a33ed470d0afdf04cd93f8804b9d8a3de0dbcd2d4c22812cd548dbfb91745b683fb3f1b4afcc36bf1002207fd3e13dd75b07e09abd1031613131a59b81c27c208dea57a257d298404f4da8b24730ca621531750b81ea33d5bc82a752abc4690f17d457423d1b8eaa315177b267d8561f7a8b8fe6a3d90ef61d9831cb821b27413a0bf99b66d817c1221a9e6dc8c0fd6edc4fcf432766a670025f52b2d1fddb42f87af8b9f6f35e6fd6744d86e06997345b795b7130a1368950d819f9fe80ae7c4ca22bcbf7a26d499d1754db912bd655ee96b8a014a91ed9e73e542a169d5a5986ad76d15c8c1bb03f90bd4e8e094ca3d93e0405b6b0dfccaee0c3b605d4c3714684ceb74a0d0d4728b049848f6483a27bb7215cc224b36770e10e709c09a333aeff9e8cf1c6e9cb20f2ffe34565f8628b6230786fef2a3ef26081e7f60fe0edfaf0ec9fcbedebc1383cf5993a02d2b1fc18dfe490cc61cabf006238f6068328f7704d9a29fc8ef26b04c423473b60ff90488faddd6d8267c0cdf69e6cb74db762c29d434799404079d95f94c247bb9a8aa4f282cefc4e5e9177decc9a4497366c4aa5820ec470024a0fe9a1a7244d45a1bf05fbb4a8bf597ec6a450638e37f8734bd68e557789d818d4c4f789178205b0595bcc9ca0745ef3e595305046dcf5f5e872e059e9bf26a13adafc9b4eef08f98f873478955eb2af62b2af919ea51137a7e54499af24c0848178e8cc4ef1e748205630ed6ea429345ebb2bc36b89288f03cd0cd2b41ae1d8bcc7e73fcae35322770c457fc1c2879b26df6f4311ab6475fe53ba3c9efba385a029fb2239990fb2bed8f58912e4e6bc899a6932643a76efd088b0946fd12e5db781aed581436304c49d9abdab29643a46005697a2a39fb382fc3f79132d9369e14cc980aa8ea8be435d5a5479fb71721e74e1563f674884e2464955673d9eab392926fc65a6ad68e255266d429a2d85f16195651133641af80142174253f0aaf5790c29b9aeb28403317967636ea67049a04712b058bc10aaf5c1a4b461977992535df14db5b845c42b9a46005ac286f3ecabfa7691e882f2497e27d7053527fce9921929d2008a931816e6cf3874989e7b76697acb3e8a74eb4ed35ab7424188394d5799c078bf47a3e1b5f08e021f2ce6de859a246900994969d19b72011758746e788fb585a27904096b1b6aaa8349562ecfe6abdf9480762203975a0c97060d29ceb607b62d112d4ad548d6410f6c281db879b5f262a3508f60a6764956392a45bc90052e02e4fa6c2fa4511ff4ebc843d960978999abe22848403a33ad67b8afe429f1646164c6d616b732fc9e0e72202c7f8e9d1db67c7e23fb3406324a15a9d0c511c4ada9a6dfb09aaa13bda194e6c37671107522477913a7a4e780d0de628ece4be260022cc3bdf312f30e575feea289842102ea473a5fb703a4d1709494d047bc33a787eefd26e73183fccc4d4c215021464c61216e8d6fa851495d95048deb7f7c98e54088ee47b9ab28d6b98a93338fb6603127fdcb7517303cfa29822d75a21df987cdc2ff304e2163ca08060c1da0ed2c88bd9db98fdcef2bfb32227dc0cef3ffebb16491a7c08e6b5331d19557de96b9fb1dffffef29aefed75368e79bccd8696fe8d051222e126f35a86d5667f47a2c559e360a2a47d7c01de6eb7c726f4a4771a16c3b2d27f7bc47d0eb131f9fe135e9145a46e7e690b41fbd48a270e39262bb50392a4c5f6f4c32a1ac4c7365c446a9e920f2dd2d13f50a6b1490521f2f53d27d9bf30e191706f4b235a1f617d0c5a74c822bfa91be2c387d5b534836ec035711b47cf9e588963305faa504abd62ca9ca054079d8db7975d87606cf03a64a7ddb89d2fc16199be9a5a8b5e6a890268da6e53c50df323e7b34abd848ebd47a8ccc6efe26389d2329a623f8bf5d250f4306f5990565751e4d5c212fdf1e2b80459ea36df104758da6729b9d49ff5868eb3984bf49e90116a5a0896a55d09dde5ddcd3f08ef249dbe5b5d9020b05cd71b3d9ba6bc323456ae4a421fc0cec97f4305f095275d4cb21164cb5d1275204cabd94a403953abffdca719fa11ad5cdf36234e9a21d29f5fcdc3c75c258624535b24ab0e0a095b6a876785d3c51a168a8401518c444fd22ffbd4d447428dbb8da36fbc5dc2d42c67fbea4975e935a78348b7e62395df72fcd9f59aadae1e654a380d634b0b0ff17d3abdcd5c0b6c85880d2887a9fea8d967d0d5c9ced77e078c891f7ee3177e396e9794b337701c90992535164d84e43ed8a9d69d6345c6aeebfc2c62b2602cb0a0db8bd776ab5f205adfe402cddca8861416b997e7251256a8ca1b42c1315434dd223abff871cc5973da87328cc78f411d8d02f34bcf90b31cf065ba84907be2e430567e34ea529ff553f75d8ebb9e4871072eab03e9df9191fb2ce18992e6400c65339c976a01b52ef7c22264bc423a5122f9b06f680b18ec8106234d9cccb28cd4f4424118e30ccb51e839bd30eb305ec51e4cfc431cccebe477720430c1bbd3fe5a9c9b6e472222a7ba336f30325fe0e50aab7b6fe748f6149e6c44a1fedab4f8ae8fc1abe74480ff3ba0081101f4c4a74582848267b0f0269f27b58cdfd82a0e821ecee0ca7344a462deafc4a8eea8b9caeed298ed18eb0ded67c5e690c702508f8bd1f6a496e46d07643240b8b613d13b2637b168c1eaf770380a5b5a601d71ae19f4d75f770e7682b8728292ede3677cb61e630acec25e48eb079abab338c0d7b077ca8ce86bd9b7559ce81a5e257ea2860a2acca39425b340fde512f02d46d94198f5cc9795ebe563b0a9da3f2a738efd61276f8833d2901e16f34c63a4ab2b8065cc61e8feca5e452c2cb15a70e82294730175ca27f8ed9ee5ff6541de99072e0dbb1c9c0ff1d51ca9518d73dd48b9b7bf108e83de0bf1fa6cb2dc223c97fef4cd28ccb67f1963289e17415e9878c00aa547d04aafb5aa49ba117c6c8c3c3d1957aea8e244f1882b7bf55effc40ee2c9514c9c4816a450c09183e110da82f330d808306061a2e4110d95699d9107fb2d39f05bfecee1c0527f324235e0d1ae8731a446f0cf038f1a26a324b230e33b6ce162eedc001df565cfe0cbf185782ab4363af393f40764867febc9936d1f6e4b063e7978d4884c79b5c998bb39a1561921694b17737838712da66b2706e6deb066ab5c7551b13eb69514dea7615533877f3d80e362cb152ce5964469f0a7ae675ff67f7ee96474d2d5a81fa59ac766578ed5a16b1e1f567c4a8437e6490d441b17ed5cbe973cd36eaf8fa189e910d55121b0c5bd8b902e56b6beed3d4526586e5cc841b937853ca0c55ad9ce239ccb112398549b9c97ef677aa541cb31aa79296c646b94d6bc738c5c4db132fe2e9b8e27a86eceefd0e7cff0c3d3d1f5d53e7ea0cf413684f00f38b2fc601e964f87bcd92134ecfe0a91d863713706dd26543319995537176e3b3497068b5ec0b3020a4dbbd6238062ec953a78df64ab40670d4d1343ee91e16f3a7d00b2dbf3ecab3031aad55dd5dbfc7eba6e7fbc9c64d78dca9a2b261ef3a032dc781688a8b500d397b6226aebe479a1392802b21eee1b41ea79fc4331bba61cb7a0598d3ac8682631ecdeeb58a0ba11cafff635243d4d60824b793590c16054515d74652d224edd10e", 0x1000}, {&(0x7f000000aa80)="a7c90941889cecc0d680e46788138f9902bbe454a032281e870b6be2aceb1407385ca68dd86b55aa6562", 0x2a}], 0x7, &(0x7f000000ab40)=[@rthdrdstopts={{0x20, 0x29, 0x37, {0xd1, 0x0, [], [@enc_lim]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x80}}, @rthdr_2292={{0x88, 0x29, 0x39, {0x3c, 0xe, 0x1, 0xf2, 0x0, [@ipv4={[], [], @loopback}, @mcast2, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @empty}, @mcast1, @empty, @empty]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}], 0xd8}}], 0xa, 0x20004000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000080)={0xd, 0x5, {0x51, 0xbfa, 0x6, {0x3ff, 0xff}, {0x3ff, 0x3f}, @period={0x5a, 0x5, 0xfffd, 0x1f, 0x3ff, {0x20, 0x4, 0x9, 0x8b6}, 0x8, &(0x7f0000000000)=[0x7, 0x4, 0x400, 0x0, 0x80, 0xffff, 0x2, 0x8001]}}, {0x55, 0x7, 0x3, {0x4, 0xea5a}, {0xfffe, 0x1}, @period={0x5b, 0x8, 0x5, 0x8, 0x6, {0x5, 0x0, 0x4, 0x2}, 0x4, &(0x7f0000000040)=[0x3f, 0x7, 0x8, 0xc21]}}}) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:13 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000073588e09000000000000000000080000500010006000000090002007379782bf700000075a7dc85ab05ef1265"], 0x28}}, 0x0) [ 672.177274] oom_reaper: reaped process 19699 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:31:13 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3, 0x2740) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000040)=""/84) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r3, 0x80047453, 0x0) 14:31:13 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x90020000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 672.266855] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 672.278601] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 672.284230] CPU: 0 PID: 20857 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 672.292510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 672.302249] Call Trace: [ 672.305074] dump_stack+0x197/0x210 [ 672.308925] dump_header+0x15e/0xa55 [ 672.313049] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 672.318595] ? ___ratelimit+0x60/0x595 [ 672.322689] ? do_raw_spin_unlock+0x181/0x270 [ 672.327464] oom_kill_process.cold+0x10/0x6ef [ 672.332187] ? out_of_memory+0x14a/0x1330 [ 672.336688] out_of_memory+0x362/0x1330 [ 672.340817] ? lock_downgrade+0x880/0x880 [ 672.344997] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 672.350278] ? oom_killer_disable+0x280/0x280 [ 672.354925] ? find_held_lock+0x35/0x130 [ 672.359178] mem_cgroup_out_of_memory+0x1d2/0x240 [ 672.364073] ? memcg_event_wake+0x230/0x230 [ 672.368709] ? do_raw_spin_unlock+0x181/0x270 [ 672.373264] ? _raw_spin_unlock+0x2d/0x50 [ 672.377588] try_charge+0xec5/0x1490 [ 672.381565] ? lock_downgrade+0x880/0x880 [ 672.385973] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 672.390850] ? rcu_read_unlock+0x33/0x60 [ 672.394953] ? get_mem_cgroup_from_mm+0x185/0x510 [ 672.400127] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 672.406391] ? retint_kernel+0x2d/0x2d [ 672.410546] mem_cgroup_try_charge+0x259/0x6b0 [ 672.415338] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 672.420307] wp_page_copy+0x430/0x16a0 [ 672.424315] ? follow_pfn+0x2a0/0x2a0 [ 672.428305] ? do_raw_spin_unlock+0x181/0x270 [ 672.432961] do_wp_page+0x57d/0x10b0 [ 672.436799] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 672.441941] ? kasan_check_write+0x14/0x20 [ 672.446204] ? do_raw_spin_lock+0xd7/0x250 [ 672.450507] __handle_mm_fault+0x2305/0x3f80 [ 672.455123] ? copy_page_range+0x2030/0x2030 [ 672.460084] ? count_memcg_event_mm+0x2b1/0x4d0 [ 672.464794] handle_mm_fault+0x1b5/0x690 [ 672.468887] __get_user_pages+0x609/0x1860 [ 672.473252] ? follow_page_mask+0x1ac0/0x1ac0 [ 672.477792] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 672.482738] ? retint_kernel+0x2d/0x2d [ 672.486869] populate_vma_page_range+0x20d/0x2a0 [ 672.491860] __mm_populate+0x204/0x380 [ 672.496047] ? populate_vma_page_range+0x2a0/0x2a0 [ 672.501509] __x64_sys_mlockall+0x35c/0x520 [ 672.505866] do_syscall_64+0xfd/0x620 [ 672.509909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 672.515214] RIP: 0033:0x45b349 [ 672.518627] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 672.538395] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 672.546406] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 672.554193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 672.562586] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 672.570283] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 672.577826] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 672.585376] Task in /syz1 killed as a result of limit of /syz1 [ 672.591693] memory: usage 307200kB, limit 307200kB, failcnt 9494 [ 672.598521] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 672.605643] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 672.612305] Memory cgroup stats for /syz1: cache:28KB rss:297376KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114140KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161556KB [ 672.635863] Memory cgroup out of memory: Kill process 20811 (syz-executor.1) score 1226 or sacrifice child [ 672.646197] Killed process 20930 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB 14:31:15 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x10, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:15 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() r1 = gettid() r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x800, 0x0) r3 = accept4$unix(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100)=0x6e, 0x800) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000140)={r3}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r6) ioctl$VIDIOC_DQBUF(r5, 0xc0585611, &(0x7f0000000180)={0xffff, 0xa, 0x4, 0xe000, 0xc25, {0x77359400}, {0x3, 0x1, 0x9, 0xd6, 0x1, 0x1f, "9b028743"}, 0x5bb, 0x3, @userptr=0x2, 0x0, 0x0, r6}) write$FUSE_NOTIFY_DELETE(r7, &(0x7f0000000200)={0x3c, 0x6, 0x0, {0x2, 0x6, 0x13, 0x0, '/dev/ocfs2_control\x00'}}, 0x3c) tkill(r1, 0x1000000000013) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x5) ioctl$KVM_KVMCLOCK_CTRL(r9, 0xaead) sched_getaffinity(r1, 0x8, &(0x7f0000000000)) socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:15 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup(r5) syncfs(r5) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000180)={0xf604, 0x0, [], {0x0, @bt={0x2, 0x3ff, 0x1, 0x3, 0x8000, 0x7, 0x3, 0x6, 0x1ff, 0x7fff, 0x2, 0x1, 0x8269, 0x8, 0x1, 0x8, {0x0, 0x7}, 0x3, 0x40}}}) 14:31:15 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xb0030000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:15 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x400000, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@multicast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6}}, &(0x7f00000002c0)=0xe8) sendmsg$NL80211_CMD_START_SCHED_SCAN(r3, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="60c9178cbf000000000000dbb1020000", @ANYRES16=r4, @ANYBLOB="fcdbdf254b19000004008700440087000600eb000010000008000300", @ANYRES32=r5, @ANYBLOB="340084800a000500aaaaaaaaaaaa0000080002009e0e00001b000100884a4a97288f6dec5d31705ef7a7e36bda5cebde21a3e700"], 0x60}, 0x1, 0x0, 0x0, 0x800}, 0x20000844) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:15 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:16 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r0 = getpid() socket$inet6(0xa, 0x2, 0x0) ptrace(0x4206, r0) tkill(r0, 0x9) 14:31:16 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f0000000040)) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x14, 0x7, 0x6, 0x801}, 0x14}}, 0x20000000) 14:31:16 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80000, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000040)={0x11, 0x1, 0x6}) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r3, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r3, 0x80047453, 0x0) 14:31:16 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xc0030000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 674.751842] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 674.763394] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 674.769290] CPU: 1 PID: 21234 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 674.778123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 674.787632] Call Trace: [ 674.790358] dump_stack+0x197/0x210 [ 674.794159] dump_header+0x15e/0xa55 [ 674.798219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 674.803642] ? ___ratelimit+0x60/0x595 [ 674.807936] ? do_raw_spin_unlock+0x181/0x270 [ 674.812520] oom_kill_process.cold+0x10/0x6ef [ 674.817401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.823197] ? task_will_free_mem+0x139/0x6e0 [ 674.827878] ? find_held_lock+0x35/0x130 [ 674.832232] out_of_memory+0x362/0x1330 [ 674.836395] ? lock_downgrade+0x880/0x880 [ 674.840716] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 674.846241] ? oom_killer_disable+0x280/0x280 [ 674.850934] ? find_held_lock+0x35/0x130 [ 674.855375] mem_cgroup_out_of_memory+0x1d2/0x240 [ 674.860430] ? memcg_event_wake+0x230/0x230 [ 674.864962] ? do_raw_spin_unlock+0x181/0x270 [ 674.869499] ? _raw_spin_unlock+0x2d/0x50 [ 674.873675] try_charge+0xec5/0x1490 [ 674.877450] ? lock_downgrade+0x880/0x880 [ 674.881785] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 674.886660] ? rcu_read_unlock+0x33/0x60 [ 674.890851] ? get_mem_cgroup_from_mm+0x185/0x510 [ 674.895960] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 674.902388] mem_cgroup_try_charge+0x259/0x6b0 [ 674.907183] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 674.912364] wp_page_copy+0x430/0x16a0 [ 674.916604] ? follow_pfn+0x2a0/0x2a0 [ 674.920785] ? do_raw_spin_unlock+0x181/0x270 [ 674.925337] do_wp_page+0x57d/0x10b0 [ 674.929168] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 674.934159] ? kasan_check_write+0x14/0x20 [ 674.938519] ? do_raw_spin_lock+0xd7/0x250 [ 674.942892] __handle_mm_fault+0x2305/0x3f80 [ 674.947421] ? copy_page_range+0x2030/0x2030 [ 674.952144] ? count_memcg_event_mm+0x2b1/0x4d0 [ 674.957305] handle_mm_fault+0x1b5/0x690 [ 674.961408] __get_user_pages+0x609/0x1860 [ 674.966018] ? follow_page_mask+0x1ac0/0x1ac0 [ 674.970906] ? lock_acquire+0x16f/0x3f0 [ 674.975176] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 674.981202] populate_vma_page_range+0x20d/0x2a0 [ 674.986280] __mm_populate+0x204/0x380 [ 674.990696] ? populate_vma_page_range+0x2a0/0x2a0 [ 674.995830] __x64_sys_mlockall+0x35c/0x520 [ 675.000475] do_syscall_64+0xfd/0x620 [ 675.004310] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.009948] RIP: 0033:0x45b349 [ 675.013170] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.032468] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 675.040739] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 675.048609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 675.057349] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 675.064904] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 675.072900] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 675.080420] Task in /syz1 killed as a result of limit of /syz1 [ 675.086958] memory: usage 307200kB, limit 307200kB, failcnt 9521 [ 675.093283] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.100467] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.107045] Memory cgroup stats for /syz1: cache:28KB rss:297372KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114172KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161556KB [ 675.129634] Memory cgroup out of memory: Kill process 21233 (syz-executor.1) score 1226 or sacrifice child [ 675.140046] Killed process 21525 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 675.154357] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 675.167154] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 675.172837] CPU: 0 PID: 21276 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 675.181005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.191118] Call Trace: [ 675.194011] dump_stack+0x197/0x210 [ 675.197831] dump_header+0x15e/0xa55 [ 675.201885] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 675.207369] ? ___ratelimit+0x60/0x595 [ 675.211270] ? do_raw_spin_unlock+0x181/0x270 [ 675.215790] oom_kill_process.cold+0x10/0x6ef [ 675.220574] out_of_memory+0x362/0x1330 [ 675.224929] ? lock_downgrade+0x880/0x880 [ 675.229278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 675.234491] ? oom_killer_disable+0x280/0x280 [ 675.239233] ? find_held_lock+0x35/0x130 [ 675.243481] mem_cgroup_out_of_memory+0x1d2/0x240 [ 675.248637] ? memcg_event_wake+0x230/0x230 14:31:16 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) creat(&(0x7f00000001c0)='./file0\x00', 0x2) lsetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)=@random={'osx.', 'syz2\x00'}, &(0x7f0000000180)='\x00', 0x1, 0x3) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000040)={0x4000, 0x100000, 0x10000, 0x1ff, 0x3}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) [ 675.253247] ? do_raw_spin_unlock+0x181/0x270 [ 675.257794] ? _raw_spin_unlock+0x2d/0x50 [ 675.261985] try_charge+0xec5/0x1490 [ 675.265732] ? lock_downgrade+0x880/0x880 [ 675.269922] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 675.274828] ? rcu_read_unlock+0x33/0x60 [ 675.279251] ? get_mem_cgroup_from_mm+0x185/0x510 [ 675.284259] ? trace_hardirqs_on_caller+0x6a/0x220 [ 675.289342] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 675.295539] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 675.300571] mem_cgroup_try_charge+0x259/0x6b0 [ 675.305286] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 675.310624] wp_page_copy+0x430/0x16a0 [ 675.314672] ? follow_pfn+0x2a0/0x2a0 [ 675.318892] ? do_raw_spin_unlock+0x181/0x270 [ 675.323827] do_wp_page+0x57d/0x10b0 [ 675.327815] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 675.332718] ? kasan_check_write+0x14/0x20 [ 675.337622] ? do_raw_spin_lock+0xd7/0x250 [ 675.341921] __handle_mm_fault+0x2305/0x3f80 [ 675.346801] ? copy_page_range+0x2030/0x2030 [ 675.351266] ? count_memcg_event_mm+0x2b1/0x4d0 [ 675.356407] handle_mm_fault+0x1b5/0x690 [ 675.360638] __get_user_pages+0x609/0x1860 [ 675.365488] ? follow_page_mask+0x1ac0/0x1ac0 [ 675.370115] ? retint_kernel+0x2d/0x2d [ 675.374208] populate_vma_page_range+0x20d/0x2a0 [ 675.379177] __mm_populate+0x204/0x380 [ 675.384699] ? populate_vma_page_range+0x2a0/0x2a0 [ 675.389671] __x64_sys_mlockall+0x35c/0x520 [ 675.394418] do_syscall_64+0xfd/0x620 [ 675.398392] entry_SYSCALL_64_after_hwframe+0x49/0xbe 14:31:17 executing program 5: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x488881) ioctl$UI_SET_MSCBIT(r0, 0x40045568, 0x11) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDGETKEYCODE(r2, 0x4b4c, &(0x7f0000000000)={0x81, 0x8001}) wait4(0x0, 0x0, 0x80000000, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)={0x30, r4, 0x23f, 0x0, 0x0, {{}, {0x0, 0x410c}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0xfffffff0, 0x0, 0x24000004}, 0x0) sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000100)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r4, 0x800, 0x70bd29, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x518}}, ["", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000040}, 0x8840) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x408480, 0x0) ioctl$PERF_EVENT_IOC_RESET(r5, 0x2403, 0x8) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r6 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r6) tkill(r6, 0x9) [ 675.403785] RIP: 0033:0x45b349 [ 675.407004] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.426552] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 675.434417] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 675.442119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 675.450171] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 675.457878] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 675.465720] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 675.483509] Task in /syz0 killed as a result of limit of /syz0 [ 675.490536] memory: usage 307200kB, limit 307200kB, failcnt 5600 [ 675.497091] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.504104] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.510751] Memory cgroup stats for /syz0: cache:76KB rss:298420KB rss_huge:67584KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:213752KB active_anon:15260KB inactive_file:0KB active_file:0KB unevictable:69396KB [ 675.534362] Memory cgroup out of memory: Kill process 21275 (syz-executor.0) score 1226 or sacrifice child [ 675.544812] Killed process 21405 (syz-executor.0) total-vm:72588kB, anon-rss:18196kB, file-rss:34816kB, shmem-rss:0kB [ 675.584158] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 675.596177] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 675.601765] CPU: 1 PID: 21234 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 675.609821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 675.619929] Call Trace: [ 675.623056] dump_stack+0x197/0x210 [ 675.626738] dump_header+0x15e/0xa55 [ 675.630753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 675.636544] ? ___ratelimit+0x60/0x595 [ 675.640452] ? do_raw_spin_unlock+0x181/0x270 [ 675.645117] oom_kill_process.cold+0x10/0x6ef [ 675.649747] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.655498] ? task_will_free_mem+0x139/0x6e0 [ 675.660211] out_of_memory+0x362/0x1330 [ 675.664674] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 675.669965] ? oom_killer_disable+0x280/0x280 [ 675.674569] ? find_held_lock+0x35/0x130 [ 675.678931] mem_cgroup_out_of_memory+0x1d2/0x240 [ 675.683885] ? memcg_event_wake+0x230/0x230 [ 675.688235] ? do_raw_spin_unlock+0x181/0x270 [ 675.693211] ? _raw_spin_unlock+0x2d/0x50 [ 675.697573] try_charge+0xec5/0x1490 [ 675.701351] ? lock_downgrade+0x880/0x880 [ 675.705819] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 675.710789] ? rcu_read_unlock+0x33/0x60 [ 675.714875] ? get_mem_cgroup_from_mm+0x185/0x510 [ 675.719842] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 675.726197] mem_cgroup_try_charge+0x259/0x6b0 [ 675.730804] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 675.735887] wp_page_copy+0x430/0x16a0 [ 675.740266] ? follow_pfn+0x2a0/0x2a0 [ 675.744715] ? do_raw_spin_unlock+0x181/0x270 [ 675.750772] do_wp_page+0x57d/0x10b0 [ 675.754857] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 675.759560] ? kasan_check_write+0x14/0x20 [ 675.763812] ? do_raw_spin_lock+0xd7/0x250 [ 675.768090] __handle_mm_fault+0x2305/0x3f80 [ 675.772620] ? copy_page_range+0x2030/0x2030 [ 675.777124] ? count_memcg_event_mm+0x2b1/0x4d0 [ 675.782150] handle_mm_fault+0x1b5/0x690 [ 675.786267] __get_user_pages+0x609/0x1860 [ 675.791053] ? follow_page_mask+0x1ac0/0x1ac0 [ 675.795811] ? lock_acquire+0x16f/0x3f0 [ 675.799838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 675.805620] populate_vma_page_range+0x20d/0x2a0 [ 675.810409] __mm_populate+0x204/0x380 [ 675.814323] ? populate_vma_page_range+0x2a0/0x2a0 [ 675.819572] __x64_sys_mlockall+0x35c/0x520 [ 675.823978] do_syscall_64+0xfd/0x620 [ 675.827804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 675.833004] RIP: 0033:0x45b349 [ 675.836331] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 675.855721] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 675.863618] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 675.870909] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 675.878520] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 675.886013] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 675.893401] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 675.900926] Task in /syz1 killed as a result of limit of /syz1 [ 675.906984] memory: usage 304884kB, limit 307200kB, failcnt 9527 [ 675.913433] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.920281] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 675.926777] Memory cgroup stats for /syz1: cache:28KB rss:295348KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:112036KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161556KB [ 675.949376] Memory cgroup out of memory: Kill process 21233 (syz-executor.1) score 1226 or sacrifice child [ 675.960158] Killed process 21233 (syz-executor.1) total-vm:72588kB, anon-rss:18196kB, file-rss:54376kB, shmem-rss:0kB 14:31:17 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0xc0, 0x101, 0x15, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) 14:31:17 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xc0ed0000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) 14:31:17 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmsg$BATADV_CMD_TP_METER(r4, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800500}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x800) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x28, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) 14:31:17 executing program 3: r0 = socket$inet(0x2, 0x6, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000000)={0x18, 0x0, {0x5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 'bridge0\x00'}}, 0x1e) ioctl$PPPIOCGMRU(r2, 0x80047453, 0x0) 14:31:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGLCKTRMIOS(0xffffffffffffffff, 0x5456, &(0x7f00000000c0)={0x0, 0x717288a3, 0x0, 0x0, 0x0, "5390a6fa72c1be78bf7c5c89b36cd5d249ff40"}) chown(0x0, 0x0, 0x0) setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mlockall(0x3) setsockopt$inet_tcp_int(r0, 0x6, 0x0, &(0x7f0000d06000)=0x1, 0x4) sendfile(r0, 0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x10000) 14:31:17 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_WRITEI_FRAMES(r1, 0x40184150, &(0x7f00000001c0)={0x0, &(0x7f0000000240)="e6011d289644a0c38190d8212a3805c46e96b7ff4fa53feb177f0c8fa1527e7d39e70cc4f9254f80e9c90a82f753524f486483f8bcf2bbbf4b4fd3d63fc26d79ae90e7f4a929e6a1143cb17a41163c87b45bb473fc829cb79763d33810028b30cd2eea893d8d0ea79a1f2e7fc03be7ed27a1db3adf9de837b2c58e8330d044ff8be85b05edf303457eceb78b0f5c23b058ea8b4af3df50a176", 0x99}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000040)={0xa00000, 0x0, 0x5, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x9b090e, 0x5, [], @ptr=0x1f}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0x3, &(0x7f0000000380)=0x78bf, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x67, r5}) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000100)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r9 = dup(r8) r10 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x3, 0x0) setsockopt$inet6_udp_encap(r10, 0x11, 0x64, &(0x7f0000000180)=0x5, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) inotify_add_watch(r9, &(0x7f0000000200)='./file0\x00', 0x40000100) ppoll(0x0, 0x0, 0x0, 0x0, 0xfffffde7) r11 = getpid() socket$inet6(0xa, 0x0, 0x0) ptrace(0x4206, r11) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) ioctl$KVM_GET_IRQCHIP(r13, 0xc048ae65, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r13, 0xc080661a, &(0x7f0000000300)={{0x1, 0x0, @descriptor="8c13de0bad35bd5a"}}) tkill(r11, 0x7) 14:31:18 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) ioctl$SNDRV_PCM_IOCTL_STATUS32(r2, 0x806c4120, &(0x7f0000000180)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="28000000070601080000000000000000000000000500ae00062e4328e2d92dae83797a320010000082f0a806bc93241ede004f62af8e6680e5610a38af731b63b28cf9ccf70a34c09dc2d98816867c23039e5c24e8defb6fbd5e45eb2151"], 0x28}}, 0x0) 14:31:18 executing program 4: mkdir(&(0x7f0000000400)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0xc4020000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000200)='9p\x00', 0x0, &(0x7f0000000d80)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYRESDEC]) [ 676.483623] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 676.544064] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 676.924553] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 676.936137] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 676.942216] CPU: 0 PID: 21985 Comm: syz-executor.1 Not tainted 4.19.100-syzkaller #0 [ 676.950150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 676.959514] Call Trace: [ 676.962138] dump_stack+0x197/0x210 [ 676.965789] dump_header+0x15e/0xa55 [ 676.969646] oom_kill_process.cold+0x10/0x6ef [ 676.974169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 676.979815] ? task_will_free_mem+0x139/0x6e0 [ 676.984427] out_of_memory+0x362/0x1330 [ 676.988431] ? retint_kernel+0x2d/0x2d [ 676.992338] ? oom_killer_disable+0x280/0x280 [ 676.997133] mem_cgroup_out_of_memory+0x1d2/0x240 [ 677.001988] ? memcg_event_wake+0x230/0x230 [ 677.006330] ? do_raw_spin_unlock+0x181/0x270 [ 677.010851] ? _raw_spin_unlock+0x2d/0x50 [ 677.015027] try_charge+0xec5/0x1490 [ 677.018754] ? lock_downgrade+0x880/0x880 [ 677.022966] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 677.027840] ? rcu_read_unlock+0x33/0x60 [ 677.031952] ? get_mem_cgroup_from_mm+0x185/0x510 [ 677.036864] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 677.042947] mem_cgroup_try_charge+0x259/0x6b0 [ 677.047756] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 677.052716] wp_page_copy+0x430/0x16a0 [ 677.056623] ? follow_pfn+0x2a0/0x2a0 [ 677.060572] ? do_raw_spin_unlock+0x181/0x270 [ 677.065173] do_wp_page+0x57d/0x10b0 [ 677.069009] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 677.073701] ? kasan_check_write+0x14/0x20 [ 677.077962] ? do_raw_spin_lock+0xd7/0x250 [ 677.082501] __handle_mm_fault+0x2305/0x3f80 [ 677.086938] ? copy_page_range+0x2030/0x2030 [ 677.091395] ? count_memcg_event_mm+0x2b1/0x4d0 [ 677.096095] handle_mm_fault+0x1b5/0x690 [ 677.100178] __get_user_pages+0x609/0x1860 [ 677.104560] ? follow_page_mask+0x1ac0/0x1ac0 [ 677.109605] ? retint_kernel+0x2d/0x2d [ 677.113758] populate_vma_page_range+0x20d/0x2a0 [ 677.118555] __mm_populate+0x204/0x380 [ 677.122470] ? populate_vma_page_range+0x2a0/0x2a0 [ 677.127431] __x64_sys_mlockall+0x35c/0x520 [ 677.131785] do_syscall_64+0xfd/0x620 [ 677.135615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.140831] RIP: 0033:0x45b349 [ 677.144037] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.163251] RSP: 002b:00007fd45077ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 677.170998] RAX: ffffffffffffffda RBX: 00007fd45077f6d4 RCX: 000000000045b349 [ 677.178281] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 677.185567] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 677.192990] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 677.200315] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 677.209745] Task in /syz1 killed as a result of limit of /syz1 [ 677.216050] memory: usage 307200kB, limit 307200kB, failcnt 9565 [ 677.224533] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.231655] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.238287] Memory cgroup stats for /syz1: cache:28KB rss:297436KB rss_huge:223232KB shmem:52KB mapped_file:132KB dirty:132KB writeback:0KB swap:0KB inactive_anon:114016KB active_anon:21760KB inactive_file:0KB active_file:0KB unevictable:161688KB [ 677.261196] Memory cgroup out of memory: Kill process 21961 (syz-executor.1) score 1226 or sacrifice child [ 677.271295] Killed process 22292 (syz-executor.1) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 677.285827] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 677.297872] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 677.303507] CPU: 1 PID: 22172 Comm: syz-executor.0 Not tainted 4.19.100-syzkaller #0 [ 677.311407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 677.320779] Call Trace: [ 677.323396] dump_stack+0x197/0x210 [ 677.327037] dump_header+0x15e/0xa55 [ 677.330784] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 677.335920] ? ___ratelimit+0x60/0x595 [ 677.339822] ? do_raw_spin_unlock+0x181/0x270 [ 677.344333] oom_kill_process.cold+0x10/0x6ef [ 677.348940] out_of_memory+0x362/0x1330 [ 677.352990] ? retint_kernel+0x2d/0x2d [ 677.356914] ? oom_killer_disable+0x280/0x280 [ 677.361446] mem_cgroup_out_of_memory+0x1d2/0x240 [ 677.366312] ? memcg_event_wake+0x230/0x230 [ 677.370663] ? do_raw_spin_unlock+0x181/0x270 [ 677.375173] ? _raw_spin_unlock+0x2d/0x50 [ 677.379348] try_charge+0xec5/0x1490 [ 677.383074] ? lock_downgrade+0x880/0x880 [ 677.387280] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 677.392171] ? rcu_read_unlock+0x33/0x60 [ 677.396243] ? get_mem_cgroup_from_mm+0x185/0x510 [ 677.401099] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 677.407206] mem_cgroup_try_charge+0x259/0x6b0 [ 677.411809] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 677.417193] wp_page_copy+0x430/0x16a0 [ 677.421100] ? follow_pfn+0x2a0/0x2a0 [ 677.424925] ? do_raw_spin_unlock+0x181/0x270 [ 677.429456] do_wp_page+0x57d/0x10b0 [ 677.433632] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 677.438315] ? kasan_check_write+0x14/0x20 [ 677.442585] ? do_raw_spin_lock+0xd7/0x250 [ 677.446941] __handle_mm_fault+0x2305/0x3f80 [ 677.451396] ? copy_page_range+0x2030/0x2030 [ 677.455849] ? count_memcg_event_mm+0x2b1/0x4d0 [ 677.460549] handle_mm_fault+0x1b5/0x690 [ 677.464665] __get_user_pages+0x609/0x1860 [ 677.469030] ? follow_page_mask+0x1ac0/0x1ac0 [ 677.473821] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 677.478607] ? retint_kernel+0x2d/0x2d [ 677.482516] populate_vma_page_range+0x20d/0x2a0 [ 677.487291] __mm_populate+0x204/0x380 [ 677.491195] ? populate_vma_page_range+0x2a0/0x2a0 [ 677.496328] __x64_sys_mlockall+0x35c/0x520 [ 677.500786] do_syscall_64+0xfd/0x620 [ 677.505386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 677.510593] RIP: 0033:0x45b349 [ 677.513803] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 677.532829] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 677.540661] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 677.547947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 677.555255] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 677.562535] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 677.569829] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 677.578548] Task in /syz0 killed as a result of limit of /syz0 [ 677.585056] memory: usage 307200kB, limit 307200kB, failcnt 5631 [ 677.591486] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.598385] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 677.604730] Memory cgroup stats for /syz0: cache:76KB rss:298236KB rss_huge:69632KB shmem:24KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:211512KB active_anon:15260KB inactive_file:0KB active_file:0KB unevictable:71576KB [ 677.628085] Memory cgroup out of memory: Kill process 22058 (syz-executor.0) score 1226 or sacrifice child [ 677.638812] Killed process 22293 (syz-executor.0) total-vm:72720kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB [ 781.676199] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 781.682505] rcu: (detected by 1, t=10502 jiffies, g=69549, q=89) [ 781.688769] rcu: All QSes seen, last rcu_preempt kthread activity 10503 (4295015312-4295004809), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 781.701532] syz-executor.0 R running task 26368 22172 8244 0x80000002 [ 781.708754] Call Trace: [ 781.711349] [ 781.713520] sched_show_task.cold+0x2ee/0x35d [ 781.718055] ? set_rq_offline.part.0+0x140/0x140 [ 781.722841] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 781.727888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.733600] rcu_check_callbacks.cold+0xaa1/0xd90 [ 781.738500] update_process_times+0x32/0x80 [ 781.742877] tick_sched_handle+0xa2/0x190 [ 781.747053] tick_sched_timer+0x47/0x130 [ 781.751146] __hrtimer_run_queues+0x33b/0xdc0 [ 781.755651] ? tick_sched_do_timer+0x1b0/0x1b0 [ 781.760378] ? hrtimer_fixup_activate+0x30/0x30 [ 781.765067] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 781.770117] ? ktime_get_update_offsets_now+0x2d3/0x440 [ 781.775510] hrtimer_interrupt+0x314/0x770 [ 781.779772] smp_apic_timer_interrupt+0x111/0x550 [ 781.784641] apic_timer_interrupt+0xf/0x20 [ 781.788936] [ 781.791197] RIP: 0010:css_next_descendant_pre+0x1/0x190 [ 781.796576] Code: 00 e9 86 fe ff ff e8 ee 00 3e 00 e9 51 ff ff ff 4c 89 f7 e8 e1 00 3e 00 e9 0c ff ff ff 66 90 66 2e 0f 1f 84 00 00 00 00 00 55 <48> 89 e5 41 57 41 56 41 55 49 89 f5 41 54 53 48 89 fb e8 78 5e 06 [ 781.815604] RSP: 0018:ffff88804e5b72a0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 781.823340] RAX: ffff888215838728 RBX: ffff88805240a1c0 RCX: ffffffff81593f51 [ 781.830633] RDX: 1ffff11042b070e5 RSI: ffff88805240a1c0 RDI: 0000000000000000 [ 781.838009] RBP: ffff88804e5b7370 R08: 1ffff11015d24732 R09: ffffed1015d24733 [ 781.845384] R10: 0000000000000000 R11: ffff8880ae923993 R12: 0000000000000000 [ 781.852670] R13: ffff88804e5b7468 R14: 0000000000000000 R15: 0000000000000000 [ 781.859974] ? rcu_dynticks_curr_cpu_in_eqs+0x51/0xb0 [ 781.865193] ? mem_cgroup_iter+0x39e/0xac0 [ 781.869440] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 781.874204] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 781.879872] shrink_node+0x20d/0x1450 [ 781.883714] ? shrink_node_memcg+0x13f0/0x13f0 [ 781.888343] do_try_to_free_pages+0x3cb/0x11c0 [ 781.892991] ? shrink_node+0x1450/0x1450 [ 781.897084] try_to_free_mem_cgroup_pages+0x32b/0x920 [ 781.902292] ? retint_kernel+0x2d/0x2d [ 781.906207] ? try_to_free_pages+0x7f0/0x7f0 [ 781.910646] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 781.915765] ? cgroup_file_notify+0x140/0x1b0 [ 781.920284] try_charge+0x51d/0x1490 [ 781.924024] ? lock_downgrade+0x880/0x880 [ 781.928203] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 781.933092] ? rcu_read_unlock+0x33/0x60 [ 781.937179] ? get_mem_cgroup_from_mm+0x185/0x510 [ 781.942051] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 781.948143] mem_cgroup_try_charge+0x259/0x6b0 [ 781.952750] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 781.957960] wp_page_copy+0x430/0x16a0 [ 781.961868] ? follow_pfn+0x2a0/0x2a0 [ 781.965687] ? do_raw_spin_unlock+0x181/0x270 [ 781.970228] do_wp_page+0x57d/0x10b0 [ 781.973958] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 781.978645] ? kasan_check_write+0x14/0x20 [ 781.982893] ? do_raw_spin_lock+0xd7/0x250 [ 781.987151] __handle_mm_fault+0x2305/0x3f80 [ 781.991749] ? copy_page_range+0x2030/0x2030 [ 781.996296] ? count_memcg_event_mm+0x2b1/0x4d0 [ 782.000988] handle_mm_fault+0x1b5/0x690 [ 782.005072] __get_user_pages+0x609/0x1860 [ 782.009338] ? follow_page_mask+0x1ac0/0x1ac0 [ 782.013849] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 782.018628] ? retint_kernel+0x2d/0x2d [ 782.022633] populate_vma_page_range+0x20d/0x2a0 [ 782.027421] __mm_populate+0x204/0x380 [ 782.031372] ? populate_vma_page_range+0x2a0/0x2a0 [ 782.036365] __x64_sys_mlockall+0x35c/0x520 [ 782.040719] do_syscall_64+0xfd/0x620 [ 782.044646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.049949] RIP: 0033:0x45b349 [ 782.053179] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 782.072338] RSP: 002b:00007f000624dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 782.080072] RAX: ffffffffffffffda RBX: 00007f000624e6d4 RCX: 000000000045b349 [ 782.087371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 782.094656] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 782.101942] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 782.109576] R13: 0000000000000730 R14: 00000000004c8a1a R15: 000000000075bf2c [ 782.116888] rcu: rcu_preempt kthread starved for 10546 jiffies! g69549 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 782.127432] rcu: RCU grace-period kthread stack dump: [ 782.132637] rcu_preempt R running task 29008 10 2 0x80000000 [ 782.139891] Call Trace: [ 782.142514] __schedule+0x866/0x1dc0 [ 782.146257] ? firmware_map_remove+0x1a6/0x1a6 [ 782.150956] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 782.156082] ? lockdep_hardirqs_on+0x415/0x5d0 [ 782.160694] ? trace_hardirqs_on+0x67/0x220 [ 782.165143] schedule+0x92/0x1c0 [ 782.168528] schedule_timeout+0x4db/0xfc0 [ 782.172690] ? usleep_range+0x170/0x170 [ 782.176686] ? trace_hardirqs_on+0x67/0x220 [ 782.181147] ? __next_timer_interrupt+0x1a0/0x1a0 [ 782.186143] ? prepare_to_swait_exclusive+0x120/0x120 [ 782.191386] rcu_gp_kthread+0xd5c/0x2190 [ 782.195494] ? rcu_blocking_is_gp+0x90/0x90 [ 782.199837] ? trace_hardirqs_on+0x67/0x220 [ 782.204183] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 782.209315] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 782.214875] ? __kthread_parkme+0xfb/0x1b0 [ 782.219128] kthread+0x354/0x420 [ 782.222528] ? rcu_blocking_is_gp+0x90/0x90 [ 782.226868] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 782.232427] ret_from_fork+0x24/0x30