0, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:43 executing program 1: 03:44:44 executing program 3: 03:44:44 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2362.709947] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2362.764716] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2362.796534] CPU: 0 PID: 24825 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2362.804392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2362.813757] Call Trace: [ 2362.816362] dump_stack+0x197/0x210 [ 2362.820010] dump_header+0x15e/0xa55 [ 2362.823748] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2362.828869] ? ___ratelimit+0x60/0x595 [ 2362.832773] ? do_raw_spin_unlock+0x181/0x270 [ 2362.837396] oom_kill_process.cold+0x10/0x6ef [ 2362.841919] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2362.847475] ? task_will_free_mem+0x139/0x6e0 [ 2362.852257] out_of_memory+0x362/0x1330 [ 2362.856257] ? lock_downgrade+0x880/0x880 [ 2362.860421] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2362.865539] ? oom_killer_disable+0x280/0x280 [ 2362.870052] ? find_held_lock+0x35/0x130 [ 2362.874142] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2362.879180] ? memcg_event_wake+0x230/0x230 [ 2362.883522] ? do_raw_spin_unlock+0x181/0x270 [ 2362.888075] ? _raw_spin_unlock+0x2d/0x50 [ 2362.892242] try_charge+0xec5/0x1490 [ 2362.895989] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2362.900852] ? lock_downgrade+0x880/0x880 [ 2362.905015] ? kasan_check_read+0x11/0x20 [ 2362.909188] memcg_kmem_charge_memcg+0x83/0x170 [ 2362.913870] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2362.918387] ? __isolate_free_page+0x4c0/0x4c0 [ 2362.922991] memcg_kmem_charge+0x13b/0x370 [ 2362.927247] __alloc_pages_nodemask+0x3c3/0x750 [ 2362.931936] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2362.936970] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2362.941571] ? trace_hardirqs_on+0x67/0x220 [ 2362.945913] copy_process.part.0+0x3d6/0x7a60 [ 2362.950428] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2362.955547] ? delayacct_end+0x5c/0x100 [ 2362.959539] ? __delayacct_freepages_end+0xe0/0x140 [ 2362.964579] ? __lock_acquire+0x6ee/0x49c0 [ 2362.968850] ? __cleanup_sighand+0x70/0x70 [ 2362.973156] ? mark_held_locks+0x100/0x100 [ 2362.977421] _do_fork+0x257/0xfd0 [ 2362.980899] ? fork_idle+0x1d0/0x1d0 [ 2362.984662] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2362.990564] ? kasan_check_read+0x11/0x20 [ 2362.994727] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2362.999500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2363.004386] ? do_syscall_64+0x26/0x620 [ 2363.008380] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2363.013759] ? do_syscall_64+0x26/0x620 [ 2363.017758] __x64_sys_clone+0xbf/0x150 [ 2363.021752] do_syscall_64+0xfd/0x620 [ 2363.025631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2363.030837] RIP: 0033:0x45dd19 [ 2363.034068] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2363.052990] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 03:44:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc2140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:44 executing program 2: r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ocfs2_control\x00', 0x81, 0x0) r1 = syz_open_procfs(0x0, 0x0) close(r1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000080), r2}}, 0x18) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r0, &(0x7f0000000080)={0x4, 0x8, 0xfa00, {r2, 0x8}}, 0x10) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000880)={0x9, &(0x7f0000000200)=""/193, &(0x7f0000000780)=[{0xffffffc0, 0xdf, 0xbc3, &(0x7f0000000300)=""/223}, {0x8, 0xa3, 0x8001, &(0x7f0000000400)=""/163}, {0x36572d3, 0xc, 0x2, &(0x7f0000000100)=""/12}, {0x4, 0x93, 0x75d1, &(0x7f00000004c0)=""/147}, {0x80, 0x98, 0x7fff0000, &(0x7f0000000580)=""/152}, {0x0, 0xd, 0x2, &(0x7f0000000140)=""/13}, {0x7, 0x81, 0x7, &(0x7f0000000640)=""/129}, {0x1, 0x24, 0x800, &(0x7f0000000700)=""/36}, {0x0, 0x27, 0x100, &(0x7f0000000740)=""/39}]}) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/mixer\x00', 0x810000, 0x0) 03:44:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc3140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:44 executing program 3: [ 2363.060716] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2363.068002] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2363.075289] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2363.082572] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2363.089856] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2363.159501] Task in /syz5 killed as a result of limit of /syz5 [ 2363.187706] memory: usage 307188kB, limit 307200kB, failcnt 435 [ 2363.198073] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2363.205583] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2363.212242] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2363.235113] Memory cgroup out of memory: Kill process 24825 (syz-executor.5) score 1103 or sacrifice child 03:44:44 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:44 executing program 1: 03:44:44 executing program 3: 03:44:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc3ffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2363.252389] Killed process 24825 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2363.267257] oom_reaper: reaped process 24825 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:44 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100)='batadv\x00') sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r1, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0x2c, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0xa800}, 0x8991) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x80000000}, &(0x7f0000000080)=0xc) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:44 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3d720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:44 executing program 1: 03:44:44 executing program 3: 03:44:44 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2363.448848] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2363.527935] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2363.548763] CPU: 1 PID: 24957 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2363.556605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2363.565968] Call Trace: [ 2363.568576] dump_stack+0x197/0x210 [ 2363.572223] dump_header+0x15e/0xa55 03:44:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc4010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:45 executing program 3: [ 2363.575956] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2363.581073] ? ___ratelimit+0x60/0x595 [ 2363.584970] ? do_raw_spin_unlock+0x181/0x270 [ 2363.589481] oom_kill_process.cold+0x10/0x6ef [ 2363.593988] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2363.599543] ? task_will_free_mem+0x139/0x6e0 [ 2363.604062] out_of_memory+0x362/0x1330 [ 2363.608051] ? lock_downgrade+0x880/0x880 [ 2363.612303] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2363.617405] ? oom_killer_disable+0x280/0x280 [ 2363.621907] ? find_held_lock+0x35/0x130 [ 2363.625996] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2363.630850] ? memcg_event_wake+0x230/0x230 [ 2363.635188] ? do_raw_spin_unlock+0x181/0x270 [ 2363.639696] ? _raw_spin_unlock+0x2d/0x50 [ 2363.643886] try_charge+0xec5/0x1490 [ 2363.647632] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2363.652492] ? lock_downgrade+0x880/0x880 [ 2363.656654] ? kasan_check_read+0x11/0x20 [ 2363.660825] memcg_kmem_charge_memcg+0x83/0x170 [ 2363.665505] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2363.670034] ? __isolate_free_page+0x4c0/0x4c0 03:44:45 executing program 3: 03:44:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc4140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2363.674633] memcg_kmem_charge+0x13b/0x370 [ 2363.678886] __alloc_pages_nodemask+0x3c3/0x750 [ 2363.683589] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2363.688617] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2363.693211] ? trace_hardirqs_on+0x67/0x220 [ 2363.697547] copy_process.part.0+0x3d6/0x7a60 [ 2363.702054] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2363.707168] ? delayacct_end+0x5c/0x100 [ 2363.711160] ? __delayacct_freepages_end+0xe0/0x140 [ 2363.716193] ? __lock_acquire+0x6ee/0x49c0 [ 2363.720459] ? __cleanup_sighand+0x70/0x70 [ 2363.724723] ? mark_held_locks+0x100/0x100 03:44:45 executing program 3: [ 2363.728988] _do_fork+0x257/0xfd0 [ 2363.732477] ? fork_idle+0x1d0/0x1d0 [ 2363.736208] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2363.742100] ? kasan_check_read+0x11/0x20 [ 2363.746257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2363.751022] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2363.755786] ? do_syscall_64+0x26/0x620 [ 2363.759772] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2363.765155] ? do_syscall_64+0x26/0x620 [ 2363.769143] __x64_sys_clone+0xbf/0x150 [ 2363.773219] do_syscall_64+0xfd/0x620 03:44:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc5140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2363.777037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2363.782234] RIP: 0033:0x45dd19 [ 2363.785436] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2363.804349] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2363.812073] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2363.819358] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 03:44:45 executing program 3: 03:44:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2363.826639] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2363.833922] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2363.841211] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2363.988194] Task in /syz5 killed as a result of limit of /syz5 [ 2363.995800] memory: usage 307188kB, limit 307200kB, failcnt 464 [ 2364.002429] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2364.009830] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2364.016466] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB 03:44:45 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3e000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:45 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = socket$vsock_dgram(0x28, 0x2, 0x0) sendfile(r0, r1, 0x0, 0x1) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0202, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000080)={0xff, 0x1, 0x4, 0x2, 0x0, {0x77359400}, {0x3, 0xc, 0x9, 0x20, 0xf9, 0x3f, "589e7efb"}, 0x478, 0x3, @offset=0x2, 0x100, 0x0, r3}) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f0000000100)={0xbfef, 0x80000000}) 03:44:45 executing program 1: 03:44:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:45 executing program 3: 03:44:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc6140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2364.038747] Memory cgroup out of memory: Kill process 24957 (syz-executor.5) score 1103 or sacrifice child [ 2364.049264] Killed process 24957 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2364.061517] oom_reaper: reaped process 24957 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:45 executing program 1: [ 2364.164588] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2364.189845] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2364.202889] CPU: 1 PID: 25099 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 03:44:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2364.210739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2364.220105] Call Trace: [ 2364.222710] dump_stack+0x197/0x210 [ 2364.226355] dump_header+0x15e/0xa55 [ 2364.230085] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2364.235203] ? ___ratelimit+0x60/0x595 [ 2364.239099] ? do_raw_spin_unlock+0x181/0x270 [ 2364.243609] oom_kill_process.cold+0x10/0x6ef [ 2364.248119] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2364.253670] ? task_will_free_mem+0x139/0x6e0 [ 2364.258190] out_of_memory+0x362/0x1330 03:44:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:45 executing program 1: [ 2364.262181] ? lock_downgrade+0x880/0x880 [ 2364.266341] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2364.271451] ? oom_killer_disable+0x280/0x280 [ 2364.275959] ? find_held_lock+0x35/0x130 [ 2364.280047] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2364.284905] ? memcg_event_wake+0x230/0x230 [ 2364.289249] ? do_raw_spin_unlock+0x181/0x270 [ 2364.293759] ? _raw_spin_unlock+0x2d/0x50 [ 2364.297928] try_charge+0xec5/0x1490 [ 2364.301680] ? lock_downgrade+0x880/0x880 [ 2364.305850] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2364.310708] ? rcu_read_unlock+0x33/0x60 03:44:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2364.314785] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2364.319656] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2364.325745] mem_cgroup_try_charge+0x259/0x6b0 [ 2364.330350] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2364.335297] wp_page_copy+0x430/0x16a0 [ 2364.339195] ? kasan_check_read+0x11/0x20 [ 2364.343362] ? follow_pfn+0x2a0/0x2a0 [ 2364.347178] ? do_raw_spin_unlock+0x181/0x270 [ 2364.351691] do_wp_page+0x57d/0x10b0 [ 2364.355424] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2364.360106] ? kasan_check_write+0x14/0x20 03:44:45 executing program 1: [ 2364.364355] ? do_raw_spin_lock+0xd7/0x250 [ 2364.368613] __handle_mm_fault+0x2305/0x3f80 [ 2364.373039] ? copy_page_range+0x2030/0x2030 [ 2364.377488] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2364.382174] handle_mm_fault+0x1b5/0x690 [ 2364.386251] __do_page_fault+0x62a/0xe90 [ 2364.390333] ? vmalloc_fault+0x740/0x740 [ 2364.394413] ? trace_hardirqs_off_caller+0x65/0x220 [ 2364.399443] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2364.404393] ? page_fault+0x8/0x30 [ 2364.407950] do_page_fault+0x71/0x57d [ 2364.411769] ? page_fault+0x8/0x30 [ 2364.415325] page_fault+0x1e/0x30 [ 2364.418785] RIP: 0033:0x432426 [ 2364.421984] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 e6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 4d 64 00 85 c0 0f 84 [ 2364.440894] RSP: 002b:00007ffdadc4e6a0 EFLAGS: 00010206 [ 2364.446271] RAX: 00000000000205b1 RBX: 000000000071e640 RCX: 0000000000000121 [ 2364.453558] RDX: 0000000002973930 RSI: 0000000002973a50 RDI: 0000000000000000 [ 2364.460867] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2364.468154] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071e698 [ 2364.475436] R13: 000000000071e698 R14: 0000000000000000 R15: 0000000000002710 [ 2364.621072] Task in /syz5 killed as a result of limit of /syz5 [ 2364.627454] memory: usage 307200kB, limit 307200kB, failcnt 476 [ 2364.633952] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2364.641282] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2364.647680] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB 03:44:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3e030000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:46 executing program 1: 03:44:46 executing program 3: 03:44:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc7140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:46 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x4300, 0x0) r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = dup3(r1, r2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x7a, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000080)={r4, 0x9}, &(0x7f00000000c0)=0x8) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 2364.668324] Memory cgroup out of memory: Kill process 25099 (syz-executor.5) score 1103 or sacrifice child [ 2364.678625] Killed process 25099 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2364.690415] oom_reaper: reaped process 25099 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:46 executing program 3: 03:44:46 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x800, 0x0, 0xff, 0x1}, 0x20) [ 2364.838315] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2364.898828] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2364.912743] CPU: 0 PID: 25226 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2364.920590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2364.929976] Call Trace: [ 2364.932580] dump_stack+0x197/0x210 [ 2364.936221] dump_header+0x15e/0xa55 [ 2364.939959] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2364.945075] ? ___ratelimit+0x60/0x595 [ 2364.949071] ? do_raw_spin_unlock+0x181/0x270 [ 2364.953582] oom_kill_process.cold+0x10/0x6ef [ 2364.958089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2364.963654] ? task_will_free_mem+0x139/0x6e0 [ 2364.968166] out_of_memory+0x362/0x1330 [ 2364.972153] ? lock_downgrade+0x880/0x880 [ 2364.976305] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2364.981418] ? oom_killer_disable+0x280/0x280 [ 2364.985923] ? find_held_lock+0x35/0x130 [ 2364.990017] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2364.994878] ? memcg_event_wake+0x230/0x230 [ 2364.999230] ? do_raw_spin_unlock+0x181/0x270 [ 2365.003843] ? _raw_spin_unlock+0x2d/0x50 [ 2365.008011] try_charge+0xec5/0x1490 [ 2365.011736] ? lock_downgrade+0x880/0x880 [ 2365.015904] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2365.020766] ? rcu_read_unlock+0x33/0x60 [ 2365.024842] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2365.029706] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2365.035782] mem_cgroup_try_charge+0x259/0x6b0 [ 2365.040398] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2365.045345] wp_page_copy+0x430/0x16a0 [ 2365.049262] ? follow_pfn+0x2a0/0x2a0 [ 2365.053073] ? do_raw_spin_unlock+0x181/0x270 [ 2365.057584] do_wp_page+0x57d/0x10b0 [ 2365.061316] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2365.066012] ? kasan_check_write+0x14/0x20 [ 2365.070263] ? do_raw_spin_lock+0xd7/0x250 [ 2365.074519] __handle_mm_fault+0x2305/0x3f80 [ 2365.078944] ? copy_page_range+0x2030/0x2030 [ 2365.083393] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2365.088081] handle_mm_fault+0x1b5/0x690 [ 2365.092156] __do_page_fault+0x62a/0xe90 03:44:46 executing program 3: 03:44:46 executing program 1: 03:44:46 executing program 3: [ 2365.096227] ? vmalloc_fault+0x740/0x740 [ 2365.100303] ? trace_hardirqs_off_caller+0x65/0x220 [ 2365.105451] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2365.110433] ? page_fault+0x8/0x30 [ 2365.113998] do_page_fault+0x71/0x57d [ 2365.117811] ? page_fault+0x8/0x30 [ 2365.121367] page_fault+0x1e/0x30 [ 2365.124828] RIP: 0033:0x4734ee [ 2365.128034] Code: ff 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec 28 05 00 00 48 c7 c0 d4 ff ff ff 64 8b 00 <89> 85 5c fb ff ff 8b 87 c0 00 00 00 85 c0 0f 85 ee 00 00 00 c7 87 [ 2365.146950] RSP: 002b:00007ffdadc4de80 EFLAGS: 00010202 [ 2365.152326] RAX: 0000000000000006 RBX: 00007ffdadc4e3e0 RCX: 0000000000000000 [ 2365.159719] RDX: 00007ffdadc4e558 RSI: 00000000004c0f07 RDI: 00007ffdadc4e3e0 [ 2365.167003] RBP: 00007ffdadc4e3d0 R08: 0000000000000000 R09: 00007ffdadc4e558 [ 2365.174281] R10: 0000000000000075 R11: 0000000000000202 R12: 00007ffdadc4e570 [ 2365.181869] R13: 00000000004c0f07 R14: 00007ffdadc4e558 R15: 0000000000000001 [ 2365.278682] Task in /syz5 killed as a result of limit of /syz5 [ 2365.284829] memory: usage 307200kB, limit 307200kB, failcnt 505 [ 2365.314376] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2365.322771] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2365.329516] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2365.351006] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2365.361414] Killed process 25226 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:44:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3e720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:46 executing program 1: 03:44:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:46 executing program 3: 03:44:46 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000280)=0x200000000) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) getpeername(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f00000000c0)=0x80) sendto$llc(r1, &(0x7f00000002c0)="00d590e8e1a62ac7f5ba12e6cad2502faea07405dc94a2255802d6f2e91c94e204501585fc97d985184fb9e6db0c83dabaef6f88b8193b0447fd7d410be45c8c37cfb5f9fae1f9f1b98f8b92ca33da6cea2b21e38e9999b5af2b4f7660bdeec8bb4b6b1f4f75ebba39075a3943811dc1e01976815ca8c82d7e987e122e7c216854e53d169fbbe0c2ec93af1e78ec9fac60bdddbdc61ef16ea63bdf4f3c58b7c678f59c298da7960c3e02a38fd48478e61e066e62c630571bfa7a3a32f19fa1820ea954878399cd76f038", 0xca, 0x48001, 0x0, 0x0) 03:44:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc8030000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2365.373527] oom_reaper: reaped process 25226 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:44:46 executing program 1: 03:44:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:46 executing program 3: [ 2365.542570] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2365.579524] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2365.600484] CPU: 1 PID: 25462 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2365.608330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2365.617695] Call Trace: [ 2365.620300] dump_stack+0x197/0x210 [ 2365.624036] dump_header+0x15e/0xa55 [ 2365.627756] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2365.632985] ? ___ratelimit+0x60/0x595 [ 2365.636881] ? do_raw_spin_unlock+0x181/0x270 [ 2365.641393] oom_kill_process.cold+0x10/0x6ef [ 2365.646014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2365.651559] ? task_will_free_mem+0x139/0x6e0 [ 2365.656079] out_of_memory+0x362/0x1330 [ 2365.660068] ? lock_downgrade+0x880/0x880 [ 2365.664225] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2365.669337] ? oom_killer_disable+0x280/0x280 [ 2365.674012] ? find_held_lock+0x35/0x130 [ 2365.678095] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2365.682962] ? memcg_event_wake+0x230/0x230 [ 2365.687320] ? do_raw_spin_unlock+0x181/0x270 [ 2365.691917] ? _raw_spin_unlock+0x2d/0x50 [ 2365.696082] try_charge+0xec5/0x1490 [ 2365.699806] ? lock_downgrade+0x880/0x880 [ 2365.703984] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2365.708847] ? rcu_read_unlock+0x33/0x60 [ 2365.712926] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2365.717801] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2365.723882] mem_cgroup_try_charge+0x259/0x6b0 [ 2365.728491] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2365.733436] wp_page_copy+0x430/0x16a0 [ 2365.737335] ? kasan_check_read+0x11/0x20 [ 2365.741505] ? follow_pfn+0x2a0/0x2a0 [ 2365.745319] ? do_raw_spin_unlock+0x181/0x270 [ 2365.749830] do_wp_page+0x57d/0x10b0 [ 2365.753558] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2365.758240] ? kasan_check_write+0x14/0x20 [ 2365.762487] ? do_raw_spin_lock+0xd7/0x250 [ 2365.766743] __handle_mm_fault+0x2305/0x3f80 [ 2365.771172] ? copy_page_range+0x2030/0x2030 [ 2365.775615] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2365.780300] handle_mm_fault+0x1b5/0x690 [ 2365.784374] __do_page_fault+0x62a/0xe90 [ 2365.788452] ? vmalloc_fault+0x740/0x740 [ 2365.792527] ? trace_hardirqs_off_caller+0x65/0x220 [ 2365.797554] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2365.802613] ? page_fault+0x8/0x30 [ 2365.806167] do_page_fault+0x71/0x57d [ 2365.809987] ? page_fault+0x8/0x30 [ 2365.813539] page_fault+0x1e/0x30 [ 2365.816998] RIP: 0033:0x45999b [ 2365.820198] Code: 25 20 06 00 00 b8 c0 5c 41 00 48 89 15 0e f0 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 ea 55 2c 00 00 00 00 00 48 c7 05 cf 55 2c 00 00 00 00 00 [ 2365.839127] RSP: 002b:00007ffdadc4ea10 EFLAGS: 00010202 [ 2365.844506] RAX: 0000000000000000 RBX: 00007ffdadc4ea10 RCX: 0000000000415cd3 03:44:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc8140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:47 executing program 1: 03:44:47 executing program 1: [ 2365.851799] RDX: 000004f4e0466a20 RSI: 0000000000000018 RDI: 0000000002972c20 [ 2365.859107] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2365.866394] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2365.873679] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 [ 2365.917140] Task in /syz5 killed as a result of limit of /syz5 [ 2365.936822] memory: usage 307200kB, limit 307200kB, failcnt 524 [ 2365.968852] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2365.976976] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2365.984249] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:72KB inactive_file:0KB active_file:0KB unevictable:0KB 03:44:47 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:47 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3f000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:47 executing program 1: 03:44:47 executing program 3: 03:44:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xc9140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:47 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r1, r3, 0x0) stat(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r6, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x78, 0x2, 0x7, 0x51ab5f3f65d75561, 0x0, 0x0, {0x1, 0x0, 0xa}, [@NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x81}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x101}, @NFACCT_FILTER={0x34, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x7f}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x72e}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7f}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x9}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7fffffff}]}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}]}, 0x78}, 0x1, 0x0, 0x0, 0x4008080}, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r5, r8, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='bpf\x00', 0x3105420, &(0x7f0000000200)=ANY=[@ANYBLOB='mode=00000000000000000172036,mode=00000000000000000000002,mode=00000000000000000000002,mode=00000000000000000000004,mode=00000000000000000000200,fsname=-user{-keyringnodev,obj_type=$,fsmagic=0x0000000000000008,uid>', @ANYRESDEC=r3, @ANYBLOB="2c6575696401", @ANYRESDEC=r4, @ANYBLOB=',func=BPRM_CHECK,euid>', @ANYRESDEC=r8, @ANYBLOB=',smackfshat=-vmnet1,\x00']) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) r9 = getpid() listen(r2, 0xf87) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f00000003c0)={0x6, &(0x7f0000000380)=[{0x4, 0x97, 0x6, 0xfff}, {0x7, 0x20, 0x2, 0x1}, {0x81, 0xff, 0x4, 0x1000}, {0x8, 0x5, 0x7, 0x7}, {0x1, 0x8, 0x0, 0xffff}, {0x4, 0x1, 0x1, 0x7ff}]}) r10 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r10, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) accept4$phonet_pipe(r10, &(0x7f0000000400), &(0x7f0000000440)=0x10, 0x0) sched_setattr(r9, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r9) 03:44:47 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2366.010901] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2366.033506] Killed process 25462 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2366.051981] oom_reaper: reaped process 25462 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:44:47 executing program 3: 03:44:47 executing program 1: 03:44:47 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2366.206128] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 03:44:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xca140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2366.286296] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2366.298688] CPU: 0 PID: 25594 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2366.306546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2366.315915] Call Trace: [ 2366.318530] dump_stack+0x197/0x210 [ 2366.322176] dump_header+0x15e/0xa55 [ 2366.325907] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2366.331031] ? ___ratelimit+0x60/0x595 [ 2366.334937] ? do_raw_spin_unlock+0x181/0x270 [ 2366.339456] oom_kill_process.cold+0x10/0x6ef [ 2366.343970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2366.349525] ? task_will_free_mem+0x139/0x6e0 [ 2366.354161] out_of_memory+0x362/0x1330 [ 2366.358164] ? lock_downgrade+0x880/0x880 [ 2366.362327] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2366.367432] ? oom_killer_disable+0x280/0x280 [ 2366.371919] ? find_held_lock+0x35/0x130 [ 2366.375981] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2366.380856] ? memcg_event_wake+0x230/0x230 [ 2366.385260] ? do_raw_spin_unlock+0x181/0x270 [ 2366.389750] ? _raw_spin_unlock+0x2d/0x50 [ 2366.393891] try_charge+0xec5/0x1490 [ 2366.397598] ? lock_downgrade+0x880/0x880 [ 2366.401744] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2366.406579] ? rcu_read_unlock+0x33/0x60 [ 2366.410643] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2366.415492] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2366.421550] mem_cgroup_try_charge+0x259/0x6b0 [ 2366.426139] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2366.431061] wp_page_copy+0x430/0x16a0 [ 2366.434945] ? follow_pfn+0x2a0/0x2a0 [ 2366.438737] ? do_raw_spin_unlock+0x181/0x270 [ 2366.443222] do_wp_page+0x57d/0x10b0 [ 2366.446927] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2366.451591] ? kasan_check_write+0x14/0x20 [ 2366.455816] ? do_raw_spin_lock+0xd7/0x250 [ 2366.460072] __handle_mm_fault+0x2305/0x3f80 [ 2366.464519] ? copy_page_range+0x2030/0x2030 [ 2366.468941] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2366.473618] handle_mm_fault+0x1b5/0x690 [ 2366.477681] __do_page_fault+0x62a/0xe90 [ 2366.481747] ? vmalloc_fault+0x740/0x740 [ 2366.485804] ? trace_hardirqs_off_caller+0x65/0x220 [ 2366.490819] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2366.495737] ? page_fault+0x8/0x30 [ 2366.499285] do_page_fault+0x71/0x57d [ 2366.503074] ? page_fault+0x8/0x30 [ 2366.506626] page_fault+0x1e/0x30 [ 2366.510077] RIP: 0033:0x45994e [ 2366.513281] Code: 00 00 85 c0 41 89 c5 0f 85 fc 00 00 00 64 8b 04 25 d0 02 00 00 41 39 c4 0f 84 12 02 00 00 48 8b 05 d7 ef 61 00 48 85 c0 74 04 <48> 83 00 04 64 8b 04 25 d0 02 00 00 64 89 04 25 d4 02 00 00 0f 31 [ 2366.532184] RSP: 002b:00007ffdadc4ea10 EFLAGS: 00010206 03:44:47 executing program 3: [ 2366.537557] RAX: 0000000000a78428 RBX: 00007ffdadc4ea10 RCX: 000000000045991a [ 2366.544816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2366.552085] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2366.559353] R10: 0000000002972c10 R11: 0000000000000246 R12: 0000000000000001 [ 2366.566612] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:44:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2366.605240] Task in /syz5 killed as a result of limit of /syz5 [ 2366.615625] memory: usage 307148kB, limit 307200kB, failcnt 546 [ 2366.651476] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2366.670247] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2366.676962] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:68KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2366.728176] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2366.742816] Killed process 25594 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2366.755609] oom_reaper: reaped process 25594 (syz-executor.5), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB 03:44:48 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x3f720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:48 executing program 1: 03:44:48 executing program 3: 03:44:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:48 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x12}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xcb140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:48 executing program 3: 03:44:48 executing program 1: 03:44:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2366.983320] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2367.019975] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2367.025817] CPU: 1 PID: 25724 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 03:44:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xcc140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:48 executing program 1: [ 2367.033628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2367.042992] Call Trace: [ 2367.045683] dump_stack+0x197/0x210 [ 2367.049334] dump_header+0x15e/0xa55 [ 2367.053074] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2367.058201] ? ___ratelimit+0x60/0x595 [ 2367.062102] ? do_raw_spin_unlock+0x181/0x270 [ 2367.066619] oom_kill_process.cold+0x10/0x6ef [ 2367.071129] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2367.076679] ? task_will_free_mem+0x139/0x6e0 03:44:48 executing program 1: [ 2367.081307] out_of_memory+0x362/0x1330 [ 2367.085293] ? lock_downgrade+0x880/0x880 [ 2367.089451] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2367.094575] ? oom_killer_disable+0x280/0x280 [ 2367.099083] ? find_held_lock+0x35/0x130 [ 2367.103170] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2367.108028] ? memcg_event_wake+0x230/0x230 [ 2367.112372] ? do_raw_spin_unlock+0x181/0x270 [ 2367.116886] ? _raw_spin_unlock+0x2d/0x50 [ 2367.121053] try_charge+0xec5/0x1490 [ 2367.124788] ? lock_downgrade+0x880/0x880 [ 2367.128959] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2367.133819] ? rcu_read_unlock+0x33/0x60 [ 2367.137895] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2367.142784] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2367.148958] mem_cgroup_try_charge+0x259/0x6b0 [ 2367.153555] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2367.158500] wp_page_copy+0x430/0x16a0 [ 2367.162401] ? kasan_check_read+0x11/0x20 [ 2367.166564] ? follow_pfn+0x2a0/0x2a0 [ 2367.170376] ? do_raw_spin_unlock+0x181/0x270 [ 2367.174885] do_wp_page+0x57d/0x10b0 [ 2367.178623] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2367.183299] ? kasan_check_write+0x14/0x20 [ 2367.187543] ? do_raw_spin_lock+0xd7/0x250 [ 2367.191791] __handle_mm_fault+0x2305/0x3f80 [ 2367.196212] ? copy_page_range+0x2030/0x2030 [ 2367.200654] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2367.205337] handle_mm_fault+0x1b5/0x690 [ 2367.209417] __do_page_fault+0x62a/0xe90 [ 2367.213596] ? vmalloc_fault+0x740/0x740 [ 2367.217671] ? trace_hardirqs_off_caller+0x65/0x220 [ 2367.222696] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2367.227639] ? page_fault+0x8/0x30 [ 2367.231195] do_page_fault+0x71/0x57d [ 2367.235009] ? page_fault+0x8/0x30 [ 2367.238572] page_fault+0x1e/0x30 [ 2367.242031] RIP: 0033:0x432426 [ 2367.245228] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 e6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 4d 64 00 85 c0 0f 84 [ 2367.264139] RSP: 002b:00007ffdadc4e6a0 EFLAGS: 00010206 [ 2367.269520] RAX: 00000000000205b1 RBX: 000000000071e640 RCX: 0000000000000121 [ 2367.276800] RDX: 0000000002973930 RSI: 0000000002973a50 RDI: 0000000000000000 [ 2367.284092] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2367.291376] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071e698 [ 2367.298655] R13: 000000000071e698 R14: 0000000000000000 R15: 0000000000002710 [ 2367.334554] Task in /syz5 killed as a result of limit of /syz5 [ 2367.342286] memory: usage 307200kB, limit 307200kB, failcnt 582 [ 2367.357775] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2367.364963] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:48 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x40000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xcd140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:48 executing program 1: 03:44:48 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0xce965b91bf8dd314, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:48 executing program 3: 03:44:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2367.371754] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2367.392742] Memory cgroup out of memory: Kill process 25724 (syz-executor.5) score 1103 or sacrifice child [ 2367.403560] Killed process 25724 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2367.415329] oom_reaper: reaped process 25724 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:48 executing program 1: 03:44:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:48 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000040)={0x3, 0x3}) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:48 executing program 3: [ 2367.549551] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2367.588634] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2367.595605] CPU: 1 PID: 25854 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2367.603434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2367.612801] Call Trace: [ 2367.615412] dump_stack+0x197/0x210 [ 2367.619061] dump_header+0x15e/0xa55 [ 2367.622796] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2367.627924] ? ___ratelimit+0x60/0x595 [ 2367.631823] ? do_raw_spin_unlock+0x181/0x270 [ 2367.636860] oom_kill_process.cold+0x10/0x6ef [ 2367.641384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2367.646938] ? task_will_free_mem+0x139/0x6e0 [ 2367.651460] out_of_memory+0x362/0x1330 [ 2367.655451] ? lock_downgrade+0x880/0x880 [ 2367.659616] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2367.664735] ? oom_killer_disable+0x280/0x280 [ 2367.669250] ? find_held_lock+0x35/0x130 [ 2367.673347] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2367.678204] ? memcg_event_wake+0x230/0x230 [ 2367.682562] ? do_raw_spin_unlock+0x181/0x270 [ 2367.687073] ? _raw_spin_unlock+0x2d/0x50 [ 2367.691236] try_charge+0xec5/0x1490 [ 2367.694963] ? lock_downgrade+0x880/0x880 03:44:49 executing program 1: 03:44:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2367.699130] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2367.703983] ? rcu_read_unlock+0x33/0x60 [ 2367.708058] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2367.712927] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2367.719011] mem_cgroup_try_charge+0x259/0x6b0 [ 2367.723615] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2367.728564] wp_page_copy+0x430/0x16a0 [ 2367.732465] ? kasan_check_read+0x11/0x20 [ 2367.736630] ? follow_pfn+0x2a0/0x2a0 [ 2367.740445] ? do_raw_spin_unlock+0x181/0x270 [ 2367.744956] do_wp_page+0x57d/0x10b0 [ 2367.748689] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2367.753371] ? kasan_check_write+0x14/0x20 [ 2367.757617] ? do_raw_spin_lock+0xd7/0x250 [ 2367.761868] __handle_mm_fault+0x2305/0x3f80 [ 2367.766299] ? copy_page_range+0x2030/0x2030 [ 2367.770745] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2367.775433] handle_mm_fault+0x1b5/0x690 [ 2367.779516] __do_page_fault+0x62a/0xe90 [ 2367.783598] ? vmalloc_fault+0x740/0x740 [ 2367.787672] ? trace_hardirqs_off_caller+0x65/0x220 [ 2367.792699] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2367.797642] ? page_fault+0x8/0x30 [ 2367.801203] do_page_fault+0x71/0x57d [ 2367.805020] ? page_fault+0x8/0x30 [ 2367.808586] page_fault+0x1e/0x30 [ 2367.812044] RIP: 0033:0x432426 [ 2367.815246] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 e6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 4d 64 00 85 c0 0f 84 [ 2367.834162] RSP: 002b:00007ffdadc4e6a0 EFLAGS: 00010206 [ 2367.839542] RAX: 00000000000205b1 RBX: 000000000071e640 RCX: 0000000000000121 [ 2367.846847] RDX: 0000000002973930 RSI: 0000000002973a50 RDI: 0000000000000000 [ 2367.854139] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2367.861441] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071e698 [ 2367.868808] R13: 000000000071e698 R14: 0000000000000000 R15: 0000000000002710 [ 2367.924284] Task in /syz5 killed as a result of limit of /syz5 [ 2367.931009] memory: usage 307200kB, limit 307200kB, failcnt 614 [ 2367.937538] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2367.948959] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:49 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x40720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:49 executing program 1: 03:44:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xce140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:49 executing program 3: [ 2367.955137] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2367.982079] Memory cgroup out of memory: Kill process 25854 (syz-executor.5) score 1103 or sacrifice child [ 2367.994967] Killed process 25854 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2368.006977] oom_reaper: reaped process 25854 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:49 executing program 1: 03:44:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:49 executing program 3: [ 2368.187815] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2368.228861] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2368.234513] CPU: 0 PID: 25980 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2368.242329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2368.251687] Call Trace: [ 2368.254289] dump_stack+0x197/0x210 [ 2368.257926] dump_header+0x15e/0xa55 [ 2368.261654] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2368.266775] ? ___ratelimit+0x60/0x595 [ 2368.270678] ? do_raw_spin_unlock+0x181/0x270 [ 2368.275196] oom_kill_process.cold+0x10/0x6ef [ 2368.279709] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2368.285260] ? task_will_free_mem+0x139/0x6e0 [ 2368.289781] out_of_memory+0x362/0x1330 [ 2368.293771] ? lock_downgrade+0x880/0x880 [ 2368.298013] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2368.303131] ? oom_killer_disable+0x280/0x280 [ 2368.307650] ? find_held_lock+0x35/0x130 [ 2368.311737] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2368.316606] ? memcg_event_wake+0x230/0x230 [ 2368.320946] ? do_raw_spin_unlock+0x181/0x270 [ 2368.325454] ? _raw_spin_unlock+0x2d/0x50 03:44:49 executing program 2: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100)='ethtool\x00') r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r4}]}}}]}, 0x38}}, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000001540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001580)=0x14) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getpeername$packet(r6, &(0x7f00000015c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000001600)=0x14) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r10}]}}}]}, 0x38}}, 0x0) r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r11, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$PNPIPE_IFINDEX(r11, 0x113, 0x2, &(0x7f0000001700)=0x0, &(0x7f0000001740)=0x4) r13 = socket$netlink(0x10, 0x3, 0x0) r14 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r14, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r13, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r15}]}}}]}, 0x38}}, 0x0) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r0, &(0x7f00000018c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001880)={&(0x7f0000001780)={0x100, r1, 0x4, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKSTATE_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1\x00'}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_team\x00'}]}, @ETHTOOL_A_LINKSTATE_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r15}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x24000000}, 0x81) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r16 = socket$rxrpc(0x21, 0x2, 0xa) fcntl$F_SET_FILE_RW_HINT(r16, 0x40e, &(0x7f0000000040)=0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2368.329614] try_charge+0xec5/0x1490 [ 2368.333335] ? lock_downgrade+0x880/0x880 [ 2368.337500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2368.342355] ? rcu_read_unlock+0x33/0x60 [ 2368.346438] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2368.351299] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2368.357382] mem_cgroup_try_charge+0x259/0x6b0 [ 2368.361984] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2368.366921] wp_page_copy+0x430/0x16a0 [ 2368.370816] ? kasan_check_read+0x11/0x20 [ 2368.374980] ? follow_pfn+0x2a0/0x2a0 03:44:49 executing program 3: [ 2368.378798] ? do_raw_spin_unlock+0x181/0x270 [ 2368.383302] do_wp_page+0x57d/0x10b0 [ 2368.387029] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2368.391712] ? kasan_check_write+0x14/0x20 [ 2368.395962] ? do_raw_spin_lock+0xd7/0x250 [ 2368.400217] __handle_mm_fault+0x2305/0x3f80 [ 2368.404636] ? copy_page_range+0x2030/0x2030 [ 2368.409080] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2368.413764] handle_mm_fault+0x1b5/0x690 [ 2368.417857] __do_page_fault+0x62a/0xe90 [ 2368.421935] ? vmalloc_fault+0x740/0x740 [ 2368.426012] ? trace_hardirqs_off_caller+0x65/0x220 [ 2368.431041] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2368.435987] ? page_fault+0x8/0x30 [ 2368.439554] do_page_fault+0x71/0x57d [ 2368.443371] ? page_fault+0x8/0x30 [ 2368.446924] page_fault+0x1e/0x30 [ 2368.450383] RIP: 0033:0x432426 [ 2368.453583] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 e6 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 1c 4d 64 00 85 c0 0f 84 [ 2368.472496] RSP: 002b:00007ffdadc4e6a0 EFLAGS: 00010206 03:44:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2368.477874] RAX: 00000000000205b1 RBX: 000000000071e640 RCX: 0000000000000121 [ 2368.485157] RDX: 0000000002973930 RSI: 0000000002973a50 RDI: 0000000000000000 [ 2368.492442] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 2368.499735] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000071e698 [ 2368.507019] R13: 000000000071e698 R14: 0000000000000000 R15: 0000000000002710 [ 2368.596252] Task in /syz5 killed as a result of limit of /syz5 [ 2368.603017] memory: usage 307196kB, limit 307200kB, failcnt 642 [ 2368.612857] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2368.621440] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:50 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x41000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xcf140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:50 executing program 1: 03:44:50 executing program 3: 03:44:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2368.627906] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:100KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2368.650087] Memory cgroup out of memory: Kill process 25980 (syz-executor.5) score 1103 or sacrifice child [ 2368.661021] Killed process 25980 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2368.673570] oom_reaper: reaped process 25980 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:50 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/keycreate\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:50 executing program 3: 03:44:50 executing program 1: 03:44:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd0140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2368.859070] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:44:50 executing program 1: 03:44:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2368.953603] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2368.982339] CPU: 0 PID: 26110 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2368.990209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2368.999573] Call Trace: [ 2369.002178] dump_stack+0x197/0x210 [ 2369.005835] dump_header+0x15e/0xa55 [ 2369.009574] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.014705] ? ___ratelimit+0x60/0x595 [ 2369.018609] ? do_raw_spin_unlock+0x181/0x270 [ 2369.023119] oom_kill_process.cold+0x10/0x6ef [ 2369.027624] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.033371] ? task_will_free_mem+0x139/0x6e0 [ 2369.037887] out_of_memory+0x362/0x1330 [ 2369.041880] ? lock_downgrade+0x880/0x880 [ 2369.046042] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2369.051156] ? oom_killer_disable+0x280/0x280 [ 2369.055670] ? find_held_lock+0x35/0x130 [ 2369.059757] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2369.064612] ? memcg_event_wake+0x230/0x230 [ 2369.068952] ? do_raw_spin_unlock+0x181/0x270 [ 2369.073463] ? _raw_spin_unlock+0x2d/0x50 [ 2369.077620] try_charge+0xec5/0x1490 [ 2369.081452] ? lock_downgrade+0x880/0x880 [ 2369.085615] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2369.090556] ? rcu_read_unlock+0x33/0x60 [ 2369.094632] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2369.099493] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2369.105560] mem_cgroup_try_charge+0x259/0x6b0 [ 2369.110153] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2369.115097] __handle_mm_fault+0x1e50/0x3f80 [ 2369.119517] ? copy_page_range+0x2030/0x2030 [ 2369.123956] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2369.128643] handle_mm_fault+0x1b5/0x690 [ 2369.132724] __do_page_fault+0x62a/0xe90 [ 2369.136792] ? vmalloc_fault+0x740/0x740 [ 2369.140856] ? trace_hardirqs_off_caller+0x65/0x220 [ 2369.145877] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2369.150818] ? page_fault+0x8/0x30 [ 2369.154375] do_page_fault+0x71/0x57d [ 2369.158185] ? page_fault+0x8/0x30 [ 2369.161734] page_fault+0x1e/0x30 [ 2369.165195] RIP: 0033:0x45dcfd [ 2369.168386] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8c fb ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2369.187284] RSP: 002b:00007ffdadc4e778 EFLAGS: 00010202 [ 2369.192667] RAX: ffffffffffffffea RBX: 00007f3a5ea57700 RCX: 00007f3a5ea57700 [ 2369.199948] RDX: 00000000003d0f00 RSI: 00007f3a5ea56db0 RDI: 0000000000411f30 [ 2369.207231] RBP: 00007ffdadc4e990 R08: 00007f3a5ea579d0 R09: 00007f3a5ea57700 [ 2369.214508] R10: 00007f3a5ea56dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2369.221813] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2369.276658] Task in /syz5 killed as a result of limit of /syz5 [ 2369.328191] memory: usage 307200kB, limit 307200kB, failcnt 670 [ 2369.345565] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2369.353073] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:50 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x41720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:50 executing program 3: 03:44:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd1140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:50 executing program 1: 03:44:50 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x9) r1 = accept4$nfc_llcp(r0, &(0x7f0000001340), &(0x7f00000013c0)=0x60, 0x80000) getpeername(r1, &(0x7f0000001400)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000001480)=0x80) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 2369.361025] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2369.382734] Memory cgroup out of memory: Kill process 26110 (syz-executor.5) score 1103 or sacrifice child [ 2369.392726] Killed process 26110 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2369.404157] oom_reaper: reaped process 26110 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:50 executing program 3: 03:44:50 executing program 1: 03:44:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:50 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd2140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:51 executing program 3: [ 2369.633180] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 03:44:51 executing program 1: [ 2369.766704] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2369.798132] CPU: 1 PID: 26248 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2369.805986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2369.815347] Call Trace: [ 2369.817953] dump_stack+0x197/0x210 [ 2369.821604] dump_header+0x15e/0xa55 [ 2369.825330] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.830457] ? ___ratelimit+0x60/0x595 [ 2369.834358] ? do_raw_spin_unlock+0x181/0x270 [ 2369.838868] oom_kill_process.cold+0x10/0x6ef [ 2369.844586] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2369.850129] ? task_will_free_mem+0x139/0x6e0 [ 2369.854646] out_of_memory+0x362/0x1330 [ 2369.858640] ? lock_downgrade+0x880/0x880 [ 2369.862796] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2369.867911] ? oom_killer_disable+0x280/0x280 [ 2369.872413] ? find_held_lock+0x35/0x130 [ 2369.876502] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2369.881360] ? memcg_event_wake+0x230/0x230 [ 2369.885700] ? do_raw_spin_unlock+0x181/0x270 [ 2369.890212] ? _raw_spin_unlock+0x2d/0x50 [ 2369.894371] try_charge+0xec5/0x1490 [ 2369.898106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2369.903007] ? lock_downgrade+0x880/0x880 [ 2369.907144] ? kasan_check_read+0x11/0x20 [ 2369.911282] memcg_kmem_charge_memcg+0x83/0x170 [ 2369.915935] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2369.920417] ? __isolate_free_page+0x4c0/0x4c0 [ 2369.924983] memcg_kmem_charge+0x13b/0x370 [ 2369.929208] __alloc_pages_nodemask+0x3c3/0x750 [ 2369.933989] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2369.938991] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2369.943555] ? trace_hardirqs_on+0x67/0x220 [ 2369.947884] copy_process.part.0+0x3d6/0x7a60 [ 2369.952366] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2369.957451] ? delayacct_end+0x5c/0x100 [ 2369.961446] ? __delayacct_freepages_end+0xe0/0x140 [ 2369.966447] ? __lock_acquire+0x6ee/0x49c0 [ 2369.970668] ? __cleanup_sighand+0x70/0x70 [ 2369.974884] ? mark_held_locks+0x100/0x100 [ 2369.979108] _do_fork+0x257/0xfd0 [ 2369.982548] ? fork_idle+0x1d0/0x1d0 [ 2369.986262] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2369.992150] ? kasan_check_read+0x11/0x20 [ 2369.996283] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.001036] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.005795] ? do_syscall_64+0x26/0x620 [ 2370.009774] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.015139] ? do_syscall_64+0x26/0x620 [ 2370.019110] __x64_sys_clone+0xbf/0x150 [ 2370.023075] do_syscall_64+0xfd/0x620 [ 2370.026867] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.032086] RIP: 0033:0x45dd19 [ 2370.035269] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2370.054157] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2370.061883] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2370.069165] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2370.076417] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2370.083669] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2370.090932] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2370.114980] Task in /syz5 killed as a result of limit of /syz5 [ 2370.121418] memory: usage 307196kB, limit 307200kB, failcnt 705 [ 2370.127861] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.135422] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.142092] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB 03:44:51 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x42000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:51 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000240)={0x0, 0x4, 0x4, 0x10000, 0x1, {0x77359400}, {0x2, 0x0, 0x92, 0x0, 0x85, 0xc0, "38f94af8"}, 0x7, 0x3, @offset=0x7, 0x20, 0x0, r0}) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f0000000140)={{&(0x7f0000000080)=""/41, 0x29}, &(0x7f00000000c0), 0x7}, 0x20) ioctl$DRM_IOCTL_MODESET_CTL(r0, 0x40086408, &(0x7f0000000040)={0x81, 0x3}) 03:44:51 executing program 3: 03:44:51 executing program 1: 03:44:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd3140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:51 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2370.164317] Memory cgroup out of memory: Kill process 26248 (syz-executor.5) score 1103 or sacrifice child [ 2370.174841] Killed process 26248 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2370.187022] oom_reaper: reaped process 26248 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:51 executing program 3: 03:44:51 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:51 executing program 1: 03:44:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd4030000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2370.322921] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 03:44:51 executing program 3: 03:44:51 executing program 1: [ 2370.457099] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2370.507460] CPU: 1 PID: 26385 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2370.515355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2370.524748] Call Trace: [ 2370.527360] dump_stack+0x197/0x210 [ 2370.531015] dump_header+0x15e/0xa55 [ 2370.534758] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2370.539880] ? ___ratelimit+0x60/0x595 [ 2370.543784] ? do_raw_spin_unlock+0x181/0x270 [ 2370.548303] oom_kill_process.cold+0x10/0x6ef [ 2370.552820] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2370.558372] ? task_will_free_mem+0x139/0x6e0 [ 2370.562885] out_of_memory+0x362/0x1330 [ 2370.566888] ? lock_downgrade+0x880/0x880 [ 2370.571049] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2370.576168] ? oom_killer_disable+0x280/0x280 [ 2370.580680] ? find_held_lock+0x35/0x130 [ 2370.584767] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2370.589620] ? memcg_event_wake+0x230/0x230 [ 2370.593950] ? do_raw_spin_unlock+0x181/0x270 [ 2370.598449] ? _raw_spin_unlock+0x2d/0x50 [ 2370.602611] try_charge+0xec5/0x1490 [ 2370.606355] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2370.611210] ? lock_downgrade+0x880/0x880 [ 2370.615372] ? kasan_check_read+0x11/0x20 [ 2370.619531] memcg_kmem_charge_memcg+0x83/0x170 [ 2370.624207] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2370.628718] ? __isolate_free_page+0x4c0/0x4c0 [ 2370.633307] memcg_kmem_charge+0x13b/0x370 [ 2370.637552] __alloc_pages_nodemask+0x3c3/0x750 [ 2370.642243] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2370.647274] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2370.651882] ? trace_hardirqs_on+0x67/0x220 [ 2370.656224] copy_process.part.0+0x3d6/0x7a60 [ 2370.660732] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2370.665938] ? delayacct_end+0x5c/0x100 [ 2370.669929] ? __delayacct_freepages_end+0xe0/0x140 [ 2370.675086] ? __lock_acquire+0x6ee/0x49c0 [ 2370.679344] ? __cleanup_sighand+0x70/0x70 [ 2370.683602] ? mark_held_locks+0x100/0x100 [ 2370.687869] _do_fork+0x257/0xfd0 [ 2370.691338] ? fork_idle+0x1d0/0x1d0 [ 2370.695090] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2370.700984] ? kasan_check_read+0x11/0x20 [ 2370.705238] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.710098] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2370.714850] ? do_syscall_64+0x26/0x620 [ 2370.718814] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.724181] ? do_syscall_64+0x26/0x620 [ 2370.728148] __x64_sys_clone+0xbf/0x150 [ 2370.732120] do_syscall_64+0xfd/0x620 [ 2370.735921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2370.741102] RIP: 0033:0x45dd19 [ 2370.744290] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2370.763201] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2370.770907] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2370.778228] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2370.785505] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2370.792771] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2370.800113] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2370.833519] Task in /syz5 killed as a result of limit of /syz5 [ 2370.841031] memory: usage 307196kB, limit 307200kB, failcnt 735 [ 2370.847713] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2370.867220] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:52 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x42720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd4140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x42000) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) 03:44:52 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc1205531, &(0x7f0000000040)={0x1}) 03:44:52 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:52 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x6, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x800, 0x0, 0x100000000000}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$RNDADDENTROPY(r1, 0x40085203, &(0x7f00000000c0)={0xfffffffe, 0x2, "91a8"}) bind$netlink(r0, &(0x7f0000000040)={0x10, 0x0, 0x25dfdbfd, 0x100}, 0xc) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000100)={0x0, 'vlan0\x00', {0x4}, 0x9}) [ 2370.874395] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2370.895931] Memory cgroup out of memory: Kill process 26385 (syz-executor.5) score 1103 or sacrifice child [ 2370.906423] Killed process 26385 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2370.918568] oom_reaper: reaped process 26385 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:52 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:52 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) [ 2371.059198] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2371.126974] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2371.134183] CPU: 1 PID: 26517 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2371.142021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2371.151389] Call Trace: [ 2371.153986] dump_stack+0x197/0x210 [ 2371.157623] dump_header+0x15e/0xa55 [ 2371.161359] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2371.166473] ? ___ratelimit+0x60/0x595 [ 2371.170376] ? do_raw_spin_unlock+0x181/0x270 [ 2371.174889] oom_kill_process.cold+0x10/0x6ef [ 2371.179392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2371.184934] ? task_will_free_mem+0x139/0x6e0 [ 2371.189441] out_of_memory+0x362/0x1330 [ 2371.193424] ? lock_downgrade+0x880/0x880 [ 2371.197577] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2371.202685] ? oom_killer_disable+0x280/0x280 [ 2371.207181] ? find_held_lock+0x35/0x130 [ 2371.211253] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2371.216102] ? memcg_event_wake+0x230/0x230 [ 2371.220526] ? do_raw_spin_unlock+0x181/0x270 [ 2371.225029] ? _raw_spin_unlock+0x2d/0x50 [ 2371.229202] try_charge+0xec5/0x1490 [ 2371.232950] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2371.237819] ? lock_downgrade+0x880/0x880 [ 2371.241980] ? kasan_check_read+0x11/0x20 [ 2371.246146] memcg_kmem_charge_memcg+0x83/0x170 [ 2371.250824] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2371.255326] ? __isolate_free_page+0x4c0/0x4c0 [ 2371.259916] memcg_kmem_charge+0x13b/0x370 [ 2371.264162] __alloc_pages_nodemask+0x3c3/0x750 [ 2371.268851] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2371.273880] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2371.278468] ? trace_hardirqs_on+0x67/0x220 [ 2371.282808] copy_process.part.0+0x3d6/0x7a60 [ 2371.287315] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2371.292429] ? delayacct_end+0x5c/0x100 [ 2371.296418] ? __delayacct_freepages_end+0xe0/0x140 [ 2371.301445] ? __lock_acquire+0x6ee/0x49c0 [ 2371.305701] ? __cleanup_sighand+0x70/0x70 [ 2371.309943] ? mark_held_locks+0x100/0x100 [ 2371.314196] _do_fork+0x257/0xfd0 [ 2371.317669] ? fork_idle+0x1d0/0x1d0 [ 2371.321395] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2371.327287] ? kasan_check_read+0x11/0x20 [ 2371.331444] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2371.336236] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2371.341020] ? do_syscall_64+0x26/0x620 [ 2371.345013] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2371.350388] ? do_syscall_64+0x26/0x620 [ 2371.354380] __x64_sys_clone+0xbf/0x150 [ 2371.358378] do_syscall_64+0xfd/0x620 [ 2371.362201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2371.367397] RIP: 0033:0x45dd19 [ 2371.370601] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2371.389630] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2371.397356] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2371.404639] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2371.411915] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2371.419193] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2371.426469] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c 03:44:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd5140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:52 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2371.526062] Task in /syz5 killed as a result of limit of /syz5 [ 2371.559970] memory: usage 307168kB, limit 307200kB, failcnt 764 03:44:52 executing program 3: syz_open_procfs(0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x69, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0x6f0a77bd) 03:44:53 executing program 1: [ 2371.570890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2371.585066] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2371.592309] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2371.632681] Memory cgroup out of memory: Kill process 26517 (syz-executor.5) score 1103 or sacrifice child [ 2371.668028] Killed process 26517 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2371.719368] oom_reaper: reaped process 26517 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:53 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x43000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:53 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd6140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:53 executing program 1: 03:44:53 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f00000000c0)) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000540)) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$DRM_IOCTL_DROP_MASTER(r1, 0x641f) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x169203, 0x0) sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x230, 0x1, 0x3, 0x801, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x1}, @NFQA_PAYLOAD={0x27, 0xa, "046de599b2a1ca1ca2c361ef85a84043b933de0470cc1cb6ba2600a4a22961bcdcf002"}, @NFQA_CT={0x1e0, 0xb, 0x0, 0x1, [@CTA_TUPLE_MASTER={0x68, 0xe, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x2}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x3}, @CTA_TUPLE_REPLY={0x88, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @rand_addr="9f8b73b8b53bd02e550c0b4d8266b9a2"}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @rand_addr="17fa684213c026f9a8a672984309d90d"}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}]}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @remote}}}]}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x7}]}, @CTA_TUPLE_REPLY={0x14, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_NAT_SRC={0x68, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @dev={0xfe, 0x80, [], 0x1c}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x800}, @CTA_NAT_PROTO={0x2c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x9}, @CTA_NAT_V6_MINIP={0x14, 0x4, @ipv4={[], [], @broadcast}}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x1}]}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xffffffffffffffff, 0x1000}}]}, 0x230}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000000) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000500)='/dev/null\x00', 0x4000, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r3, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000700)={&(0x7f0000000600)={0xf0, r4, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}]}, @TIPC_NLA_SOCK={0x30, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5df}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x64, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4500}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040881) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f00000004c0)) 03:44:53 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x68]}, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:53 executing program 1: perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x76, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000380)='net/ipv6_route\x00') [ 2371.975148] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2372.015874] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2372.051817] CPU: 0 PID: 26753 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2372.059668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2372.069032] Call Trace: [ 2372.071635] dump_stack+0x197/0x210 [ 2372.075283] dump_header+0x15e/0xa55 [ 2372.079006] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2372.084104] ? ___ratelimit+0x60/0x595 [ 2372.087987] ? do_raw_spin_unlock+0x181/0x270 [ 2372.092485] oom_kill_process.cold+0x10/0x6ef [ 2372.096989] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2372.102609] ? task_will_free_mem+0x139/0x6e0 [ 2372.107200] out_of_memory+0x362/0x1330 [ 2372.111167] ? lock_downgrade+0x880/0x880 [ 2372.115306] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2372.120397] ? oom_killer_disable+0x280/0x280 [ 2372.124879] ? find_held_lock+0x35/0x130 [ 2372.128935] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2372.133774] ? memcg_event_wake+0x230/0x230 [ 2372.138087] ? do_raw_spin_unlock+0x181/0x270 [ 2372.142584] ? _raw_spin_unlock+0x2d/0x50 [ 2372.146725] try_charge+0xec5/0x1490 [ 2372.150437] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2372.155273] ? lock_downgrade+0x880/0x880 [ 2372.159413] ? kasan_check_read+0x11/0x20 [ 2372.163554] memcg_kmem_charge_memcg+0x83/0x170 [ 2372.168211] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2372.172711] ? __isolate_free_page+0x4c0/0x4c0 [ 2372.177297] memcg_kmem_charge+0x13b/0x370 [ 2372.181526] __alloc_pages_nodemask+0x3c3/0x750 [ 2372.186188] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2372.191215] ? trace_hardirqs_on+0x67/0x220 [ 2372.195525] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2372.200529] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2372.206066] alloc_pages_current+0x107/0x210 [ 2372.210470] pte_alloc_one+0x1b/0x1a0 [ 2372.214266] __pte_alloc+0x2a/0x360 [ 2372.217893] __handle_mm_fault+0x340b/0x3f80 [ 2372.222300] ? copy_page_range+0x2030/0x2030 [ 2372.226727] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2372.231483] handle_mm_fault+0x1b5/0x690 [ 2372.235538] __do_page_fault+0x62a/0xe90 [ 2372.239591] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2372.245471] ? vmalloc_fault+0x740/0x740 [ 2372.249524] ? trace_hardirqs_off_caller+0x65/0x220 [ 2372.254539] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2372.259461] ? page_fault+0x8/0x30 [ 2372.263076] do_page_fault+0x71/0x57d [ 2372.266886] ? page_fault+0x8/0x30 [ 2372.270427] page_fault+0x1e/0x30 [ 2372.273881] RIP: 0033:0x40e4fc [ 2372.277075] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2372.295977] RSP: 002b:00007ffdadc4e8b0 EFLAGS: 00010217 [ 2372.301418] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b349 [ 2372.308682] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 03:44:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fdd000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 03:44:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd7140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2372.315948] RBP: 000000000075bf2c R08: 00007f3a5ea57700 R09: ffffffffffffffff [ 2372.323211] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2372.330485] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 03:44:53 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x3, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2372.393338] Task in /syz5 killed as a result of limit of /syz5 03:44:53 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$snddsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x80010, r0, 0x8000) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x4, 0x0, 0xfffffff6, 0x3216, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xcf, 0x800}, 0x0, 0x0, 0x700}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 2372.438957] memory: usage 307200kB, limit 307200kB, failcnt 776 03:44:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd8020000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2372.541233] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2372.581015] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2372.615831] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2372.672933] Memory cgroup out of memory: Kill process 26753 (syz-executor.5) score 1103 or sacrifice child [ 2372.715080] Killed process 26753 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:44:54 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x43720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:54 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f0000001d40), 0xc) sendmsg$can_bcm(r1, &(0x7f0000000140)={&(0x7f0000000000), 0x10, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="05000000000000000000000000774806", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB="00000000080000000000000000000000c4d981ae211e6951"], 0x20000108}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r0, r1) 03:44:54 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x4, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:54 executing program 1: clock_gettime(0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000140)=""/120, 0x78}], 0x1, 0xb6) 03:44:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd8140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2372.777045] oom_reaper: reaped process 26753 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:54 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x5, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:54 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000040)={0x7, {{0x2, 0x4e24, @remote}}}, 0x88) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) perf_event_open(&(0x7f0000000300)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, @perf_bp, 0x2000, 0x0, 0x0, 0x0, 0x7fff}, 0xffffffffffffffff, 0x0, r1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1b}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="f21708ab3c9021b77c0347adeb9427000000", @ANYRES16=r4, @ANYBLOB="000227bd7000fddbdf2518000000"], 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20040090) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r5, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f0000000100)={{r6}, 0x1, 0x6, 0x415}) ioctl$USBDEVFS_RESET(r2, 0x5514) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r7, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_REQ_SET_REG(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r9, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x1b}]}, 0x1c}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r12}]}}}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'vcan0\x00', r12}) r14 = socket$netlink(0x10, 0x3, 0x0) r15 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r15, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r15, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r16}]}}}]}, 0x38}}, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r7, &(0x7f0000000780)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x54, r9, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x40}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r13}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r16}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x20}}]}, 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x200448c4) [ 2372.989211] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:44:54 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000380)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000100)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0) sendfile(r2, r1, 0x0, 0xa198) 03:44:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xd9140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2373.043026] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2373.068723] CPU: 0 PID: 27102 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2373.076569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.085937] Call Trace: [ 2373.088552] dump_stack+0x197/0x210 03:44:54 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(0x0, 0x2) ftruncate(0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x32, 0x6, 0x0, {0x0, 0x0, 0x9, 0x0, 'threaded\x00'}}, 0x32) syz_open_dev$vcsn(0x0, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0x6f0a77bd) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) [ 2373.092204] dump_header+0x15e/0xa55 [ 2373.095940] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.101060] ? ___ratelimit+0x60/0x595 [ 2373.104961] ? do_raw_spin_unlock+0x181/0x270 [ 2373.109480] oom_kill_process.cold+0x10/0x6ef [ 2373.113993] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.119651] ? task_will_free_mem+0x139/0x6e0 [ 2373.124168] out_of_memory+0x362/0x1330 [ 2373.128162] ? lock_downgrade+0x880/0x880 [ 2373.132327] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2373.137446] ? oom_killer_disable+0x280/0x280 [ 2373.141971] ? find_held_lock+0x35/0x130 [ 2373.146056] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2373.150909] ? memcg_event_wake+0x230/0x230 [ 2373.155249] ? do_raw_spin_unlock+0x181/0x270 [ 2373.159764] ? _raw_spin_unlock+0x2d/0x50 [ 2373.163923] try_charge+0xec5/0x1490 [ 2373.167654] ? lock_downgrade+0x880/0x880 [ 2373.171821] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.176680] ? rcu_read_unlock+0x33/0x60 [ 2373.180761] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2373.185632] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 03:44:54 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x6, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2373.191707] ? __free_object+0xe2/0x1f0 [ 2373.195692] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.200814] mem_cgroup_try_charge+0x259/0x6b0 [ 2373.205409] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.210348] wp_page_copy+0x430/0x16a0 [ 2373.214256] ? clock_was_set_work+0x30/0x30 [ 2373.218591] ? follow_pfn+0x2a0/0x2a0 [ 2373.222407] ? do_raw_spin_unlock+0x181/0x270 [ 2373.226917] do_wp_page+0x57d/0x10b0 [ 2373.230643] ? lock_acquire+0x16f/0x3f0 [ 2373.234631] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2373.239847] ? kasan_check_write+0x14/0x20 [ 2373.239868] ? do_raw_spin_lock+0xd7/0x250 03:44:54 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x44000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xda140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2373.239884] __handle_mm_fault+0x2305/0x3f80 03:44:54 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000040)={0x3, 0x4, [{0x42, 0x0, 0x10000}, {0x0, 0x0, 0x2}, {0x0, 0x0, 0x1}]}) [ 2373.239897] ? copy_page_range+0x2030/0x2030 [ 2373.239923] ? count_memcg_event_mm+0x2b1/0x4d0 03:44:54 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x9, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2373.239935] handle_mm_fault+0x1b5/0x690 03:44:54 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2373.239950] __do_page_fault+0x62a/0xe90 03:44:54 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x44720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xdb140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2373.239965] ? vmalloc_fault+0x740/0x740 [ 2373.239978] ? trace_hardirqs_off_caller+0x65/0x220 03:44:55 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0xb, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2373.239987] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2373.239999] ? page_fault+0x8/0x30 [ 2373.240012] do_page_fault+0x71/0x57d [ 2373.240022] ? page_fault+0x8/0x30 [ 2373.240033] page_fault+0x1e/0x30 [ 2373.240041] RIP: 0033:0x410398 03:44:55 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x45720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2373.240052] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 03:44:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xdc140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2373.240058] RSP: 002b:00007ffdadc4e7e0 EFLAGS: 00010246 [ 2373.240067] RAX: 0000000081703df9 RBX: 000000007dbb0daa RCX: 0000001b2d920000 [ 2373.240074] RDX: 0000000000000000 RSI: 0000000000001df9 RDI: ffffffff81703df9 [ 2373.240080] RBP: 0000000000000000 R08: 0000000081703df9 R09: 0000000081703dfd [ 2373.240086] R10: 00007ffdadc4e980 R11: 0000000000000246 R12: 000000000075bfa8 [ 2373.240092] R13: 0000000080000000 R14: 00007f3a60a58008 R15: 0000000000000000 [ 2373.240109] ? trace_hardirqs_off_caller+0x19/0x220 [ 2373.273631] Task in /syz5 killed as a result of limit of /syz5 [ 2373.273751] memory: usage 307200kB, limit 307200kB, failcnt 809 [ 2373.273761] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.273770] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.273776] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2373.273853] Memory cgroup out of memory: Kill process 27102 (syz-executor.5) score 1103 or sacrifice child [ 2373.274344] Killed process 27102 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2373.275490] oom_reaper: reaped process 27102 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB [ 2373.502241] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2373.502252] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2373.502278] CPU: 1 PID: 27391 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2373.502287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.502292] Call Trace: [ 2373.502312] dump_stack+0x197/0x210 [ 2373.502333] dump_header+0x15e/0xa55 [ 2373.502358] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.502374] ? ___ratelimit+0x60/0x595 [ 2373.502388] ? do_raw_spin_unlock+0x181/0x270 [ 2373.502407] oom_kill_process.cold+0x10/0x6ef [ 2373.502426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.502440] ? task_will_free_mem+0x139/0x6e0 [ 2373.502461] out_of_memory+0x362/0x1330 [ 2373.502479] ? lock_downgrade+0x880/0x880 [ 2373.502495] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2373.502510] ? oom_killer_disable+0x280/0x280 [ 2373.502524] ? find_held_lock+0x35/0x130 [ 2373.502550] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2373.502565] ? memcg_event_wake+0x230/0x230 [ 2373.502584] ? do_raw_spin_unlock+0x181/0x270 [ 2373.502600] ? _raw_spin_unlock+0x2d/0x50 [ 2373.502617] try_charge+0xec5/0x1490 [ 2373.502633] ? lock_downgrade+0x880/0x880 [ 2373.502659] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.502675] ? rcu_read_unlock+0x33/0x60 [ 2373.502691] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2373.502713] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2373.502729] ? __free_object+0xe2/0x1f0 [ 2373.502743] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.502767] mem_cgroup_try_charge+0x259/0x6b0 [ 2373.502788] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.502805] wp_page_copy+0x430/0x16a0 [ 2373.502824] ? clock_was_set_work+0x30/0x30 [ 2373.502842] ? follow_pfn+0x2a0/0x2a0 [ 2373.502859] ? do_raw_spin_unlock+0x181/0x270 [ 2373.502876] do_wp_page+0x57d/0x10b0 [ 2373.502894] ? lock_acquire+0x16f/0x3f0 [ 2373.502908] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2373.502924] ? kasan_check_write+0x14/0x20 [ 2373.502937] ? do_raw_spin_lock+0xd7/0x250 [ 2373.502958] __handle_mm_fault+0x2305/0x3f80 [ 2373.502977] ? copy_page_range+0x2030/0x2030 [ 2373.503014] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2373.503032] handle_mm_fault+0x1b5/0x690 [ 2373.503054] __do_page_fault+0x62a/0xe90 [ 2373.503076] ? vmalloc_fault+0x740/0x740 [ 2373.503093] ? trace_hardirqs_off_caller+0x65/0x220 [ 2373.503106] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2373.503120] ? page_fault+0x8/0x30 [ 2373.503140] do_page_fault+0x71/0x57d [ 2373.503154] ? page_fault+0x8/0x30 [ 2373.503171] page_fault+0x1e/0x30 [ 2373.503182] RIP: 0033:0x410398 [ 2373.503197] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2373.503204] RSP: 002b:00007ffdadc4e7e0 EFLAGS: 00010246 [ 2373.503217] RAX: 0000000081703df9 RBX: 000000007dbb0daa RCX: 0000001b2d920000 [ 2373.503226] RDX: 0000000000000000 RSI: 0000000000001df9 RDI: ffffffff81703df9 [ 2373.503234] RBP: 0000000000000000 R08: 0000000081703df9 R09: 0000000081703dfd [ 2373.503243] R10: 00007ffdadc4e980 R11: 0000000000000246 R12: 000000000075bfa8 [ 2373.503251] R13: 0000000080000000 R14: 00007f3a60a58008 R15: 0000000000000000 [ 2373.503276] ? trace_hardirqs_off_caller+0x19/0x220 [ 2373.515573] Task in /syz5 killed as a result of limit of /syz5 [ 2373.515605] memory: usage 307200kB, limit 307200kB, failcnt 841 [ 2373.515615] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.515624] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.515631] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:112KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2373.515782] Memory cgroup out of memory: Kill process 27391 (syz-executor.5) score 1103 or sacrifice child [ 2373.516214] Killed process 27391 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2373.517034] oom_reaper: reaped process 27391 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2373.699769] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2373.699777] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2373.699799] CPU: 1 PID: 27463 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2373.699805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.699808] Call Trace: [ 2373.699826] dump_stack+0x197/0x210 [ 2373.699843] dump_header+0x15e/0xa55 [ 2373.699857] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.699868] ? ___ratelimit+0x60/0x595 [ 2373.699878] ? do_raw_spin_unlock+0x181/0x270 [ 2373.699891] oom_kill_process.cold+0x10/0x6ef [ 2373.699905] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.699917] ? task_will_free_mem+0x139/0x6e0 [ 2373.699937] out_of_memory+0x362/0x1330 [ 2373.699954] ? lock_downgrade+0x880/0x880 [ 2373.699969] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2373.699982] ? oom_killer_disable+0x280/0x280 [ 2373.699996] ? find_held_lock+0x35/0x130 [ 2373.700023] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2373.700040] ? memcg_event_wake+0x230/0x230 [ 2373.700060] ? do_raw_spin_unlock+0x181/0x270 [ 2373.700076] ? _raw_spin_unlock+0x2d/0x50 [ 2373.700094] try_charge+0xec5/0x1490 [ 2373.700110] ? lock_downgrade+0x880/0x880 [ 2373.700132] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.700148] ? rcu_read_unlock+0x33/0x60 [ 2373.700165] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2373.700178] ? __pte_alloc+0x1bf/0x360 [ 2373.700199] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2373.700224] mem_cgroup_try_charge+0x259/0x6b0 [ 2373.700246] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2373.700265] __handle_mm_fault+0x1e50/0x3f80 [ 2373.700285] ? copy_page_range+0x2030/0x2030 [ 2373.700322] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2373.700348] handle_mm_fault+0x1b5/0x690 [ 2373.700371] __do_page_fault+0x62a/0xe90 [ 2373.700390] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2373.700412] ? vmalloc_fault+0x740/0x740 [ 2373.700429] ? trace_hardirqs_off_caller+0x65/0x220 [ 2373.700443] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2373.700458] ? page_fault+0x8/0x30 [ 2373.700483] do_page_fault+0x71/0x57d [ 2373.700498] ? page_fault+0x8/0x30 [ 2373.700514] page_fault+0x1e/0x30 [ 2373.700526] RIP: 0033:0x40e4fc [ 2373.700541] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2373.700549] RSP: 002b:00007ffdadc4e8b0 EFLAGS: 00010207 [ 2373.700561] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 000000000045b349 [ 2373.700570] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 2373.700580] RBP: 000000000075bf2c R08: 00007f3a5ea57700 R09: ffffffffffffffff [ 2373.700588] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2373.700597] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 2373.700751] Task in /syz5 killed as a result of limit of /syz5 [ 2373.700777] memory: usage 307200kB, limit 307200kB, failcnt 873 [ 2373.700787] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.700796] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.700802] Memory cgroup stats for /syz5: cache:128KB rss:60KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2373.700879] Memory cgroup out of memory: Kill process 27463 (syz-executor.5) score 1103 or sacrifice child [ 2373.700929] Killed process 27463 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2373.701678] oom_reaper: reaped process 27463 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2373.774058] audit: type=1400 audit(1580269495.150:181): avc: denied { map } for pid=27497 comm="syz-executor.1" path="/dev/sg0" dev="devtmpfs" ino=1513 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:scsi_generic_device_t:s0 tclass=chr_file permissive=1 [ 2373.865875] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2373.865884] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2373.865909] CPU: 0 PID: 27578 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2373.865916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2373.865921] Call Trace: [ 2373.865939] dump_stack+0x197/0x210 [ 2373.865959] dump_header+0x15e/0xa55 [ 2373.865978] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2373.865993] ? ___ratelimit+0x60/0x595 [ 2373.866005] ? do_raw_spin_unlock+0x181/0x270 [ 2373.866024] oom_kill_process.cold+0x10/0x6ef [ 2373.866043] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2373.866056] ? task_will_free_mem+0x139/0x6e0 [ 2373.866077] out_of_memory+0x362/0x1330 [ 2373.866095] ? lock_downgrade+0x880/0x880 [ 2373.866112] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2373.866126] ? oom_killer_disable+0x280/0x280 [ 2373.866140] ? find_held_lock+0x35/0x130 [ 2373.866166] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2373.866182] ? memcg_event_wake+0x230/0x230 [ 2373.866199] ? do_raw_spin_unlock+0x181/0x270 [ 2373.866215] ? _raw_spin_unlock+0x2d/0x50 [ 2373.866232] try_charge+0xec5/0x1490 [ 2373.866257] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2373.866278] ? lock_downgrade+0x880/0x880 [ 2373.866295] ? kasan_check_read+0x11/0x20 [ 2373.866317] memcg_kmem_charge_memcg+0x83/0x170 [ 2373.866333] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2373.866352] ? __isolate_free_page+0x4c0/0x4c0 [ 2373.866370] memcg_kmem_charge+0x13b/0x370 [ 2373.866390] __alloc_pages_nodemask+0x3c3/0x750 [ 2373.866419] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2373.866442] ? trace_hardirqs_on+0x67/0x220 [ 2373.866455] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2373.866469] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2373.866488] alloc_pages_current+0x107/0x210 [ 2373.866509] pte_alloc_one+0x1b/0x1a0 [ 2373.866524] __pte_alloc+0x2a/0x360 [ 2373.866541] __handle_mm_fault+0x340b/0x3f80 [ 2373.866557] ? copy_page_range+0x2030/0x2030 [ 2373.866591] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2373.866606] handle_mm_fault+0x1b5/0x690 [ 2373.866623] __do_page_fault+0x62a/0xe90 [ 2373.866646] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2373.866665] ? vmalloc_fault+0x740/0x740 [ 2373.866681] ? trace_hardirqs_off_caller+0x65/0x220 [ 2373.866696] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2373.866711] ? page_fault+0x8/0x30 [ 2373.866730] do_page_fault+0x71/0x57d [ 2373.866743] ? page_fault+0x8/0x30 [ 2373.866759] page_fault+0x1e/0x30 [ 2373.866770] RIP: 0033:0x40e4fc [ 2373.866783] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2373.866790] RSP: 002b:00007ffdadc4e8b0 EFLAGS: 00010217 [ 2373.866801] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b349 [ 2373.866808] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 2373.866816] RBP: 000000000075bf2c R08: 00007f3a5ea57700 R09: ffffffffffffffff [ 2373.866824] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2373.866831] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 2373.866981] Task in /syz5 killed as a result of limit of /syz5 [ 2373.867006] memory: usage 307200kB, limit 307200kB, failcnt 905 [ 2373.867016] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2373.867024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:56 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0xe, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:56 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) perf_event_open$cgroup(&(0x7f0000000040)={0x3, 0x70, 0x4d, 0x0, 0x3, 0x3, 0x0, 0x2, 0x40102, 0x8, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xffffffff, 0x1, @perf_config_ext={0x7, 0x60000}, 0x40, 0x8, 0x1, 0x0, 0xffffffff, 0x3d0c, 0x6}, r0, 0x3, r1, 0x4) 03:44:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x46720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:56 executing program 3: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000001640)={0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000001600)={0x0, 0x0, [], @value64}}) 03:44:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xdd140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:56 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2373.867030] Memory cgroup stats for /syz5: cache:128KB rss:192KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2373.867102] Memory cgroup out of memory: Kill process 27578 (syz-executor.5) score 1103 or sacrifice child [ 2373.867143] Killed process 27578 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2373.867862] oom_reaper: reaped process 27578 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:56 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x18, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2375.395825] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2375.420261] syz-executor.5 cpuset=syz5 mems_allowed=0-1 03:44:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xde140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2375.441997] CPU: 1 PID: 27592 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2375.449849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2375.459244] Call Trace: [ 2375.461861] dump_stack+0x197/0x210 [ 2375.465518] dump_header+0x15e/0xa55 [ 2375.469257] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2375.474378] ? ___ratelimit+0x60/0x595 [ 2375.478289] ? do_raw_spin_unlock+0x181/0x270 [ 2375.482808] oom_kill_process.cold+0x10/0x6ef [ 2375.487325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2375.492876] ? task_will_free_mem+0x139/0x6e0 [ 2375.497408] out_of_memory+0x362/0x1330 [ 2375.501404] ? lock_downgrade+0x880/0x880 [ 2375.505569] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2375.510835] ? oom_killer_disable+0x280/0x280 [ 2375.515353] ? find_held_lock+0x35/0x130 [ 2375.519445] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2375.524311] ? memcg_event_wake+0x230/0x230 [ 2375.528660] ? do_raw_spin_unlock+0x181/0x270 [ 2375.533174] ? _raw_spin_unlock+0x2d/0x50 [ 2375.537341] try_charge+0xec5/0x1490 [ 2375.541087] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 03:44:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xdf140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:56 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x2, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2375.545957] ? lock_downgrade+0x880/0x880 [ 2375.550187] ? kasan_check_read+0x11/0x20 [ 2375.554359] memcg_kmem_charge_memcg+0x83/0x170 [ 2375.559052] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2375.563659] ? __isolate_free_page+0x4c0/0x4c0 [ 2375.568275] memcg_kmem_charge+0x13b/0x370 [ 2375.572533] __alloc_pages_nodemask+0x3c3/0x750 [ 2375.577224] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2375.582275] copy_process.part.0+0x3d6/0x7a60 [ 2375.586803] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2375.591932] ? delayacct_end+0x5c/0x100 [ 2375.595934] ? __delayacct_freepages_end+0xe0/0x140 [ 2375.601089] ? __lock_acquire+0x6ee/0x49c0 [ 2375.605354] ? __cleanup_sighand+0x70/0x70 [ 2375.609735] ? mark_held_locks+0x100/0x100 [ 2375.614018] _do_fork+0x257/0xfd0 [ 2375.617499] ? fork_idle+0x1d0/0x1d0 [ 2375.621248] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2375.627440] ? kasan_check_read+0x11/0x20 [ 2375.631617] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2375.636539] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2375.641329] ? do_syscall_64+0x26/0x620 03:44:57 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x4, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe0140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2375.645461] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2375.650850] ? do_syscall_64+0x26/0x620 [ 2375.654855] __x64_sys_clone+0xbf/0x150 [ 2375.658861] do_syscall_64+0xfd/0x620 [ 2375.662685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2375.668020] RIP: 0033:0x45dd19 [ 2375.671231] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 03:44:57 executing program 3: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') io_cancel(0x0, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter\x00') preadv(r2, &(0x7f0000000480), 0x1000000000000143, 0x0) [ 2375.690590] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2375.698479] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2375.705769] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2375.713061] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2375.721410] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2375.728700] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c 03:44:57 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000080)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x100, 0x70bd2c, 0x25dfdbff, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4010}, 0x40000) [ 2375.828759] Task in /syz5 killed as a result of limit of /syz5 [ 2375.836282] memory: usage 307192kB, limit 307200kB, failcnt 939 [ 2375.886012] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2375.908453] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2375.930117] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2375.956187] Memory cgroup out of memory: Kill process 27592 (syz-executor.5) score 1103 or sacrifice child [ 2375.973372] Killed process 27592 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2375.987715] oom_reaper: reaped process 27592 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:57 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x47000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe1140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:57 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x6, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:57 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:44:57 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x9, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:57 executing program 3: syz_open_procfs(0x0, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x32, 0x6, 0x0, {0x0, 0x0, 0x9, 0x0, 'threaded\x00'}}, 0x32) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x510, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='net/fib_trie\x00') sendfile(r1, r2, 0x0, 0x6f0a77bd) [ 2376.176094] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2376.229234] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2376.235003] CPU: 1 PID: 27827 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2376.242824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2376.252243] Call Trace: [ 2376.254856] dump_stack+0x197/0x210 [ 2376.258512] dump_header+0x15e/0xa55 [ 2376.262251] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2376.267381] ? ___ratelimit+0x60/0x595 [ 2376.271290] ? do_raw_spin_unlock+0x181/0x270 03:44:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe2140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2376.275807] oom_kill_process.cold+0x10/0x6ef [ 2376.280329] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2376.285887] ? task_will_free_mem+0x139/0x6e0 [ 2376.290416] out_of_memory+0x362/0x1330 [ 2376.294565] ? lock_downgrade+0x880/0x880 [ 2376.298737] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2376.303991] ? oom_killer_disable+0x280/0x280 [ 2376.308509] ? find_held_lock+0x35/0x130 [ 2376.312602] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2376.317468] ? memcg_event_wake+0x230/0x230 [ 2376.321820] ? do_raw_spin_unlock+0x181/0x270 [ 2376.326342] ? _raw_spin_unlock+0x2d/0x50 [ 2376.330515] try_charge+0xec5/0x1490 [ 2376.334273] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2376.339144] ? lock_downgrade+0x880/0x880 [ 2376.343317] ? kasan_check_read+0x11/0x20 [ 2376.347498] memcg_kmem_charge_memcg+0x83/0x170 [ 2376.352197] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2376.356722] ? __isolate_free_page+0x4c0/0x4c0 [ 2376.361330] memcg_kmem_charge+0x13b/0x370 [ 2376.365605] __alloc_pages_nodemask+0x3c3/0x750 [ 2376.370301] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2376.375343] ? lockdep_hardirqs_on+0x415/0x5d0 03:44:57 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a063b4e9e"}]}}}}}}, 0x0) [ 2376.380035] ? trace_hardirqs_on+0x67/0x220 [ 2376.384384] copy_process.part.0+0x3d6/0x7a60 [ 2376.388901] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2376.394024] ? delayacct_end+0x5c/0x100 [ 2376.398022] ? __delayacct_freepages_end+0xe0/0x140 [ 2376.403066] ? __lock_acquire+0x6ee/0x49c0 [ 2376.407398] ? __cleanup_sighand+0x70/0x70 [ 2376.411656] ? mark_held_locks+0x100/0x100 [ 2376.415927] _do_fork+0x257/0xfd0 [ 2376.419495] ? fork_idle+0x1d0/0x1d0 [ 2376.423236] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2376.429144] ? kasan_check_read+0x11/0x20 [ 2376.433322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.438101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2376.442879] ? do_syscall_64+0x26/0x620 [ 2376.446865] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.452297] ? do_syscall_64+0x26/0x620 [ 2376.456304] __x64_sys_clone+0xbf/0x150 [ 2376.460303] do_syscall_64+0xfd/0x620 [ 2376.464187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2376.469393] RIP: 0033:0x45dd19 [ 2376.472604] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2376.491611] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2376.499340] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2376.506716] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2376.514018] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2376.521415] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 03:44:57 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000040)=0x1, 0x4) r1 = open(&(0x7f0000000080)='./bus\x00', 0x488000, 0x19e) r2 = syz_open_procfs(0x0, 0x0) close(r2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000080), r3}}, 0x18) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r1, &(0x7f00000000c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000200), r3, 0x2}}, 0x18) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 2376.528704] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c 03:44:58 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a670b4e9e"}]}}}}}}, 0x0) 03:44:58 executing program 3: r0 = socket(0x10, 0x803, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000a00)=@raw={'raw\x00', 0x3c1, 0x3, 0x430, 0x270, 0x0, 0x0, 0x270, 0x270, 0x360, 0x360, 0x360, 0x360, 0x360, 0x3, 0x0, {[{{@ipv6={@local, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [], [], 'veth1_to_batadv\x00', 'veth0_to_hsr\x00'}, 0x0, 0x228, 0x270, 0x0, {}, [@common=@inet=@hashlimit3={{0x158, 'hashlimit\x00'}, {'gre0\x00', {0x0, 0x7fff, 0x0, 0x0, 0x0, 0xffffffff, 0x8}}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0x14}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48], 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490) 03:44:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe3140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2376.738246] Task in /syz5 killed as a result of limit of /syz5 [ 2376.756916] ip6t_rpfilter: unknown options [ 2376.769080] memory: usage 307192kB, limit 307200kB, failcnt 969 [ 2376.775195] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2376.800119] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2376.816900] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2376.837953] Memory cgroup out of memory: Kill process 27827 (syz-executor.5) score 1103 or sacrifice child [ 2376.869005] Killed process 27827 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2376.889173] oom_reaper: reaped process 27827 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:44:58 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x47720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:58 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bb000000000000000000000000000097018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) 03:44:58 executing program 3: r0 = signalfd(0xffffffffffffffff, &(0x7f00007aeff8), 0x8) r1 = dup2(r0, r0) ppoll(&(0x7f0000000000)=[{r1}], 0x1, 0x0, 0x0, 0x0) syz_open_dev$vcsu(0x0, 0x0, 0x0) [ 2377.016938] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2377.043513] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2377.049480] CPU: 1 PID: 28009 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2377.057291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2377.066800] Call Trace: [ 2377.069410] dump_stack+0x197/0x210 [ 2377.073067] dump_header+0x15e/0xa55 [ 2377.076795] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.081926] ? ___ratelimit+0x60/0x595 [ 2377.085861] ? do_raw_spin_unlock+0x181/0x270 [ 2377.090370] oom_kill_process.cold+0x10/0x6ef [ 2377.094873] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2377.101709] ? task_will_free_mem+0x139/0x6e0 [ 2377.106222] out_of_memory+0x362/0x1330 [ 2377.110214] ? lock_downgrade+0x880/0x880 03:44:58 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:44:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe4010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:58 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = syz_open_dev$vcsu(&(0x7f0000000040)='/dev/vcsu#\x00', 0x6, 0x40000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x8001, @mcast1, 0x135c}], 0x1c) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 03:44:58 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c03403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0x9b0000, 0x8001, 0x2, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x9c090b, 0xe0000000, [], @p_u8=&(0x7f0000000080)=0x3}}) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x5b4d, 0x3, 0x3, 0x8, 0x4, 0x82f4, 0x7f}, 0x1c) [ 2377.114377] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2377.119492] ? oom_killer_disable+0x280/0x280 [ 2377.124086] ? find_held_lock+0x35/0x130 [ 2377.128181] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2377.133127] ? memcg_event_wake+0x230/0x230 [ 2377.137582] ? do_raw_spin_unlock+0x181/0x270 [ 2377.142100] ? _raw_spin_unlock+0x2d/0x50 [ 2377.146280] try_charge+0xec5/0x1490 [ 2377.150024] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2377.154941] ? lock_downgrade+0x880/0x880 [ 2377.159114] ? kasan_check_read+0x11/0x20 [ 2377.163290] memcg_kmem_charge_memcg+0x83/0x170 [ 2377.167984] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2377.172516] ? __isolate_free_page+0x4c0/0x4c0 [ 2377.177130] memcg_kmem_charge+0x13b/0x370 [ 2377.181419] __alloc_pages_nodemask+0x3c3/0x750 [ 2377.186243] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2377.191289] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2377.195894] ? trace_hardirqs_on+0x67/0x220 [ 2377.200249] copy_process.part.0+0x3d6/0x7a60 [ 2377.204770] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.209897] ? delayacct_end+0x5c/0x100 [ 2377.214025] ? __delayacct_freepages_end+0xe0/0x140 [ 2377.219073] ? __lock_acquire+0x6ee/0x49c0 [ 2377.223345] ? __cleanup_sighand+0x70/0x70 [ 2377.227797] ? mark_held_locks+0x100/0x100 [ 2377.232074] _do_fork+0x257/0xfd0 [ 2377.235561] ? fork_idle+0x1d0/0x1d0 [ 2377.239302] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2377.245492] ? kasan_check_read+0x11/0x20 [ 2377.249680] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.254456] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.259400] ? do_syscall_64+0x26/0x620 03:44:58 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaadee61e655ec1bd4b1406aaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff02000000000000000000fe8000000600000000000000000000aa0203d5f2c1e36282dfc7cd13ce6100"], 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f0000000080)) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000100)={{0xff, @loopback, 0x4e22, 0x0, 'wlc\x00', 0x8, 0x80000001, 0x46}, {@multicast1, 0x4e22, 0x4, 0x9598, 0xfffffff9, 0x9}}, 0x44) [ 2377.263529] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.268915] ? do_syscall_64+0x26/0x620 [ 2377.272914] __x64_sys_clone+0xbf/0x150 [ 2377.276927] do_syscall_64+0xfd/0x620 [ 2377.280875] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.286079] RIP: 0033:0x45dd19 [ 2377.289535] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2377.308821] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2377.316567] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2377.324093] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2377.331458] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2377.338753] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2377.346047] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c 03:44:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe4140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2377.378528] Task in /syz5 killed as a result of limit of /syz5 [ 2377.401009] memory: usage 307192kB, limit 307200kB, failcnt 986 [ 2377.411579] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2377.421441] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2377.428368] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2377.457311] Memory cgroup out of memory: Kill process 28009 (syz-executor.5) score 1103 or sacrifice child [ 2377.469013] Killed process 28009 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:44:58 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x48000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:44:58 executing program 4: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x3, 0x0) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f00000000c0)) r1 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x8de, 0x101000) openat$cgroup_ro(r1, &(0x7f0000000240)='pids.current\x00', 0x0, 0x0) select(0x40, &(0x7f0000000100)={0x3ff, 0xffff, 0x6, 0x3, 0x0, 0x0, 0x5, 0x10000}, &(0x7f0000000140)={0x5, 0x8000, 0x8, 0x7b27, 0x8001, 0x0, 0x6, 0x3}, &(0x7f0000000180)={0xff, 0xffffffff, 0x8001, 0x800, 0x1, 0x7fffffff, 0x0, 0x65}, &(0x7f00000001c0)) fcntl$dupfd(r0, 0x406, r0) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @rand_addr="4b377fb60eeb036c662d448b186d9b65", @local, [{0x4, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:44:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe4ffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:59 executing program 2: open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(0xffffffffffffffff, 0x28, 0x6, &(0x7f00000000c0)={0x0, 0x2710}, 0x10) r1 = syz_open_dev$vcsu(&(0x7f0000000100)='/dev/vcsu#\x00', 0x5, 0x2000) ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000140)={0xa00000, 0x6, 0xfffffffa, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x9a090c, 0xd8, [], @string=&(0x7f0000000180)=0xff}}) [ 2377.653538] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2377.700521] QAT: Invalid ioctl 03:44:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe5140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2377.724303] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2377.726126] QAT: Invalid ioctl [ 2377.738425] CPU: 1 PID: 28333 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2377.746517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2377.755887] Call Trace: [ 2377.758607] dump_stack+0x197/0x210 [ 2377.762259] dump_header+0x15e/0xa55 [ 2377.766162] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.771556] ? ___ratelimit+0x60/0x595 [ 2377.775459] ? do_raw_spin_unlock+0x181/0x270 [ 2377.780099] oom_kill_process.cold+0x10/0x6ef [ 2377.784755] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2377.790318] ? task_will_free_mem+0x139/0x6e0 [ 2377.794844] out_of_memory+0x362/0x1330 [ 2377.798854] ? lock_downgrade+0x880/0x880 [ 2377.803027] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2377.808153] ? oom_killer_disable+0x280/0x280 [ 2377.812679] ? find_held_lock+0x35/0x130 [ 2377.816776] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2377.821648] ? memcg_event_wake+0x230/0x230 [ 2377.826119] ? do_raw_spin_unlock+0x181/0x270 [ 2377.830729] ? _raw_spin_unlock+0x2d/0x50 [ 2377.834911] try_charge+0xec5/0x1490 [ 2377.838653] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2377.843628] ? lock_downgrade+0x880/0x880 [ 2377.847814] ? kasan_check_read+0x11/0x20 [ 2377.851993] memcg_kmem_charge_memcg+0x83/0x170 [ 2377.856691] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2377.861329] ? __isolate_free_page+0x4c0/0x4c0 [ 2377.865941] memcg_kmem_charge+0x13b/0x370 [ 2377.870340] __alloc_pages_nodemask+0x3c3/0x750 [ 2377.875049] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2377.880223] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2377.884946] ? trace_hardirqs_on+0x67/0x220 [ 2377.889301] copy_process.part.0+0x3d6/0x7a60 [ 2377.893824] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2377.898949] ? delayacct_end+0x5c/0x100 [ 2377.902953] ? __delayacct_freepages_end+0xe0/0x140 [ 2377.907996] ? __lock_acquire+0x6ee/0x49c0 [ 2377.912263] ? __cleanup_sighand+0x70/0x70 [ 2377.916521] ? mark_held_locks+0x100/0x100 [ 2377.920809] _do_fork+0x257/0xfd0 [ 2377.924288] ? fork_idle+0x1d0/0x1d0 [ 2377.928029] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2377.933943] ? kasan_check_read+0x11/0x20 [ 2377.938240] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.943000] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2377.947766] ? do_syscall_64+0x26/0x620 [ 2377.951760] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.957142] ? do_syscall_64+0x26/0x620 [ 2377.961134] __x64_sys_clone+0xbf/0x150 [ 2377.965136] do_syscall_64+0xfd/0x620 [ 2377.968955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2377.974153] RIP: 0033:0x45dd19 [ 2377.977344] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2377.996342] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2378.004107] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2378.011472] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2378.018758] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2378.026035] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2378.033331] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2378.058725] Task in /syz5 killed as a result of limit of /syz5 [ 2378.064983] memory: usage 307192kB, limit 307200kB, failcnt 1022 [ 2378.100939] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2378.124897] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:44:59 executing program 3: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$RTC_AIE_ON(r4, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3ba", 0x60, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) 03:44:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe6140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:44:59 executing program 2: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$FUSE_OPEN(r0, &(0x7f0000000100)={0x20, 0xffffffffffffffda, 0x4, {0x0, 0x4}}, 0x20) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000040)={0x6, 0x70, 0x0, 0x6b, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x5}, 0x0, 0x0, 0x0, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x8) 03:44:59 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2378.133791] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2378.218070] Memory cgroup out of memory: Kill process 28333 (syz-executor.5) score 1103 or sacrifice child 03:44:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe7140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2378.259851] Killed process 28333 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2378.285243] oom_reaper: reaped process 28333 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:44:59 executing program 2: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) 03:44:59 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x48720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2378.457551] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2378.493915] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2378.502445] CPU: 1 PID: 28668 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2378.510299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2378.519797] Call Trace: [ 2378.522417] dump_stack+0x197/0x210 [ 2378.526083] dump_header+0x15e/0xa55 [ 2378.529845] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2378.535210] ? ___ratelimit+0x60/0x595 [ 2378.539273] ? do_raw_spin_unlock+0x181/0x270 [ 2378.543831] oom_kill_process.cold+0x10/0x6ef [ 2378.548359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2378.553931] ? task_will_free_mem+0x139/0x6e0 [ 2378.558579] out_of_memory+0x362/0x1330 [ 2378.562594] ? lock_downgrade+0x880/0x880 [ 2378.566778] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2378.572022] ? oom_killer_disable+0x280/0x280 [ 2378.576698] ? find_held_lock+0x35/0x130 [ 2378.580799] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2378.585675] ? memcg_event_wake+0x230/0x230 [ 2378.590028] ? do_raw_spin_unlock+0x181/0x270 [ 2378.594550] ? _raw_spin_unlock+0x2d/0x50 [ 2378.598736] try_charge+0xec5/0x1490 [ 2378.602483] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2378.607362] ? lock_downgrade+0x880/0x880 [ 2378.611536] ? kasan_check_read+0x11/0x20 [ 2378.615819] memcg_kmem_charge_memcg+0x83/0x170 [ 2378.620517] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2378.625051] ? __isolate_free_page+0x4c0/0x4c0 [ 2378.629663] memcg_kmem_charge+0x13b/0x370 [ 2378.634039] __alloc_pages_nodemask+0x3c3/0x750 [ 2378.638741] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2378.643808] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2378.648540] ? trace_hardirqs_on+0x67/0x220 [ 2378.652887] copy_process.part.0+0x3d6/0x7a60 [ 2378.657493] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2378.662621] ? delayacct_end+0x5c/0x100 [ 2378.666625] ? __delayacct_freepages_end+0xe0/0x140 [ 2378.671687] ? __lock_acquire+0x6ee/0x49c0 [ 2378.675954] ? __cleanup_sighand+0x70/0x70 [ 2378.680317] ? mark_held_locks+0x100/0x100 [ 2378.684588] _do_fork+0x257/0xfd0 [ 2378.688067] ? fork_idle+0x1d0/0x1d0 [ 2378.691810] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2378.697721] ? kasan_check_read+0x11/0x20 [ 2378.701896] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2378.706685] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2378.711468] ? do_syscall_64+0x26/0x620 [ 2378.715549] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2378.721051] ? do_syscall_64+0x26/0x620 [ 2378.725199] __x64_sys_clone+0xbf/0x150 [ 2378.729307] do_syscall_64+0xfd/0x620 [ 2378.733196] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2378.738408] RIP: 0033:0x45dd19 [ 2378.741619] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2378.760677] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2378.768512] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2378.775929] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2378.783225] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2378.790642] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2378.797932] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2378.831064] Task in /syz5 killed as a result of limit of /syz5 [ 2378.854815] memory: usage 307200kB, limit 307200kB, failcnt 1036 [ 2378.874427] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe8020000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2378.884289] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2378.904927] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:00 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2378.957201] Memory cgroup out of memory: Kill process 28668 (syz-executor.5) score 1103 or sacrifice child [ 2378.996136] Killed process 28668 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe8140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2379.070412] oom_reaper: reaped process 28668 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:00 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x49000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2379.238286] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2379.267032] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2379.281201] CPU: 0 PID: 28688 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2379.289062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2379.298558] Call Trace: [ 2379.301169] dump_stack+0x197/0x210 [ 2379.304825] dump_header+0x15e/0xa55 [ 2379.308567] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2379.313694] ? ___ratelimit+0x60/0x595 [ 2379.317603] ? do_raw_spin_unlock+0x181/0x270 [ 2379.322251] oom_kill_process.cold+0x10/0x6ef [ 2379.326775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2379.332338] ? task_will_free_mem+0x139/0x6e0 [ 2379.336862] out_of_memory+0x362/0x1330 [ 2379.340859] ? lock_downgrade+0x880/0x880 [ 2379.345028] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2379.350178] ? oom_killer_disable+0x280/0x280 [ 2379.354695] ? find_held_lock+0x35/0x130 [ 2379.358790] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2379.363658] ? memcg_event_wake+0x230/0x230 [ 2379.368010] ? do_raw_spin_unlock+0x181/0x270 [ 2379.372529] ? _raw_spin_unlock+0x2d/0x50 [ 2379.376701] try_charge+0xec5/0x1490 [ 2379.380440] ? lock_downgrade+0x880/0x880 [ 2379.384651] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2379.389639] ? rcu_read_unlock+0x33/0x60 [ 2379.393726] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2379.398600] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2379.404786] mem_cgroup_try_charge+0x259/0x6b0 [ 2379.409398] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2379.414436] wp_page_copy+0x430/0x16a0 [ 2379.418340] ? kasan_check_read+0x11/0x20 [ 2379.422509] ? follow_pfn+0x2a0/0x2a0 [ 2379.426336] ? do_raw_spin_unlock+0x181/0x270 [ 2379.430846] do_wp_page+0x57d/0x10b0 [ 2379.434584] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2379.439278] ? kasan_check_write+0x14/0x20 [ 2379.443524] ? do_raw_spin_lock+0xd7/0x250 [ 2379.443548] __handle_mm_fault+0x2305/0x3f80 [ 2379.443569] ? copy_page_range+0x2030/0x2030 [ 2379.443605] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2379.443624] handle_mm_fault+0x1b5/0x690 [ 2379.443645] __do_page_fault+0x62a/0xe90 [ 2379.443667] ? vmalloc_fault+0x740/0x740 [ 2379.452420] ? trace_hardirqs_off_caller+0x65/0x220 [ 2379.452434] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2379.452447] ? page_fault+0x8/0x30 [ 2379.452472] do_page_fault+0x71/0x57d [ 2379.452488] ? page_fault+0x8/0x30 [ 2379.452505] page_fault+0x1e/0x30 [ 2379.452517] RIP: 0033:0x40e33b [ 2379.452532] Code: 74 28 41 8b 07 85 c0 0f 85 f0 00 00 00 41 83 c6 01 48 81 c5 a8 00 00 00 41 83 fe 10 75 d7 bf b1 0d 4c 00 31 c0 e8 85 3a ff ff 45 f8 01 44 89 75 f4 48 89 ef c6 45 15 00 c7 45 fc 00 00 00 00 [ 2379.452541] RSP: 002b:00007ffdadc4e8b0 EFLAGS: 00010246 03:45:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xe9140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2379.452554] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00007ffdadc4e968 [ 2379.452563] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 2379.452572] RBP: 000000000075bf2c R08: 00007ffdadc4e970 R09: 0000000000760090 [ 2379.452581] R10: 000000000043af20 R11: 000000000000000f R12: 000000000075bf20 [ 2379.452589] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 2379.587252] Task in /syz5 killed as a result of limit of /syz5 [ 2379.621479] memory: usage 307200kB, limit 307200kB, failcnt 1065 [ 2379.628126] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2379.684312] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2379.694950] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:92KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2379.740195] Memory cgroup out of memory: Kill process 28688 (syz-executor.5) score 1103 or sacrifice child [ 2379.755324] Killed process 28688 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2379.795788] oom_reaper: reaped process 28688 (syz-executor.5), now anon-rss:0kB, file-rss:33984kB, shmem-rss:0kB 03:45:01 executing program 3: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$RTC_AIE_ON(r4, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3ba", 0x60, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) 03:45:01 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgrp(0x0) setpriority(0x0, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r1, &(0x7f0000000200)=[{&(0x7f0000000140)=""/120, 0x78}], 0x1, 0x0) 03:45:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xea140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:01 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x49720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:01 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2379.992563] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 03:45:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xeb140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2380.082376] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2380.152049] CPU: 1 PID: 28715 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2380.159902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2380.169270] Call Trace: [ 2380.172057] dump_stack+0x197/0x210 [ 2380.175712] dump_header+0x15e/0xa55 [ 2380.179457] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2380.184578] ? ___ratelimit+0x60/0x595 [ 2380.188482] ? do_raw_spin_unlock+0x181/0x270 [ 2380.193001] oom_kill_process.cold+0x10/0x6ef [ 2380.197533] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2380.203088] ? task_will_free_mem+0x139/0x6e0 [ 2380.207604] out_of_memory+0x362/0x1330 [ 2380.211600] ? lock_downgrade+0x880/0x880 [ 2380.215770] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2380.220904] ? oom_killer_disable+0x280/0x280 [ 2380.225412] ? find_held_lock+0x35/0x130 [ 2380.229511] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2380.234379] ? memcg_event_wake+0x230/0x230 [ 2380.238728] ? do_raw_spin_unlock+0x181/0x270 [ 2380.243250] ? _raw_spin_unlock+0x2d/0x50 [ 2380.247429] try_charge+0xec5/0x1490 [ 2380.251183] ? lock_downgrade+0x880/0x880 [ 2380.255359] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2380.260227] ? rcu_read_unlock+0x33/0x60 [ 2380.264311] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2380.269189] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2380.275297] mem_cgroup_try_charge+0x259/0x6b0 [ 2380.279923] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2380.284885] wp_page_copy+0x430/0x16a0 [ 2380.288803] ? follow_pfn+0x2a0/0x2a0 [ 2380.292628] ? do_raw_spin_unlock+0x181/0x270 [ 2380.297140] do_wp_page+0x57d/0x10b0 [ 2380.300870] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2380.305549] ? kasan_check_write+0x14/0x20 [ 2380.309793] ? do_raw_spin_lock+0xd7/0x250 [ 2380.314047] __handle_mm_fault+0x2305/0x3f80 [ 2380.318468] ? copy_page_range+0x2030/0x2030 [ 2380.322904] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2380.327639] handle_mm_fault+0x1b5/0x690 [ 2380.331932] __do_page_fault+0x62a/0xe90 [ 2380.336139] ? vmalloc_fault+0x740/0x740 [ 2380.340222] ? trace_hardirqs_off_caller+0x65/0x220 [ 2380.345249] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2380.350319] ? page_fault+0x8/0x30 [ 2380.353876] do_page_fault+0x71/0x57d [ 2380.357685] ? page_fault+0x8/0x30 [ 2380.361235] page_fault+0x1e/0x30 [ 2380.364694] RIP: 0033:0x411358 [ 2380.367895] Code: 48 8b 05 63 cb 30 00 48 89 08 48 8b 15 61 cb 30 00 48 89 42 08 48 8b 05 46 cb 30 00 48 89 05 4f cb 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 13 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2380.386814] RSP: 002b:00007ffdadc4ea08 EFLAGS: 00010246 [ 2380.392197] RAX: 0000000002972c00 RBX: 00007ffdadc4ea10 RCX: 000000000071dea0 [ 2380.399575] RDX: 0000000000411190 RSI: 000000000071de90 RDI: 0000000002972c20 [ 2380.406869] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2380.414234] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2380.421508] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:01 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x802) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x42000) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) [ 2380.719367] Task in /syz5 killed as a result of limit of /syz5 [ 2380.725702] memory: usage 307176kB, limit 307200kB, failcnt 1111 [ 2380.732492] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2380.739801] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2380.747316] Memory cgroup stats for /syz5: cache:128KB rss:56KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xec000000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2380.768078] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2380.779114] Killed process 28715 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2380.846708] oom_reaper: reaped process 28715 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:45:02 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:02 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x42000) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 03:45:02 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4a000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xec010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2381.133753] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2381.172362] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2381.179049] CPU: 1 PID: 28929 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2381.186864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2381.196219] Call Trace: [ 2381.198822] dump_stack+0x197/0x210 [ 2381.202471] dump_header+0x15e/0xa55 [ 2381.206198] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2381.211312] ? ___ratelimit+0x60/0x595 [ 2381.215208] ? do_raw_spin_unlock+0x181/0x270 [ 2381.219725] oom_kill_process.cold+0x10/0x6ef [ 2381.224249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2381.230661] ? task_will_free_mem+0x139/0x6e0 [ 2381.235176] out_of_memory+0x362/0x1330 [ 2381.239169] ? lock_downgrade+0x880/0x880 [ 2381.243331] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2381.248447] ? oom_killer_disable+0x280/0x280 [ 2381.252947] ? find_held_lock+0x35/0x130 [ 2381.257024] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2381.261877] ? memcg_event_wake+0x230/0x230 [ 2381.266210] ? do_raw_spin_unlock+0x181/0x270 [ 2381.270807] ? _raw_spin_unlock+0x2d/0x50 [ 2381.274972] try_charge+0xec5/0x1490 [ 2381.278702] ? lock_downgrade+0x880/0x880 [ 2381.282865] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2381.287718] ? rcu_read_unlock+0x33/0x60 [ 2381.291794] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2381.296647] ? mark_held_locks+0x100/0x100 [ 2381.300904] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2381.306984] mem_cgroup_try_charge+0x259/0x6b0 [ 2381.311584] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2381.316531] wp_page_copy+0x430/0x16a0 [ 2381.320442] ? follow_pfn+0x2a0/0x2a0 [ 2381.324260] ? do_raw_spin_unlock+0x181/0x270 [ 2381.328774] do_wp_page+0x57d/0x10b0 [ 2381.332501] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2381.337207] ? kasan_check_write+0x14/0x20 [ 2381.341455] ? do_raw_spin_lock+0xd7/0x250 [ 2381.345712] __handle_mm_fault+0x2305/0x3f80 [ 2381.350143] ? copy_page_range+0x2030/0x2030 [ 2381.354589] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2381.359382] handle_mm_fault+0x1b5/0x690 [ 2381.363463] __do_page_fault+0x62a/0xe90 [ 2381.367542] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2381.373483] ? vmalloc_fault+0x740/0x740 [ 2381.377561] ? trace_hardirqs_off_caller+0x65/0x220 [ 2381.382623] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2381.387567] ? page_fault+0x8/0x30 [ 2381.391130] do_page_fault+0x71/0x57d [ 2381.394951] ? page_fault+0x8/0x30 [ 2381.398505] page_fault+0x1e/0x30 [ 2381.401965] RIP: 0033:0x4734ee [ 2381.405166] Code: ff 90 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 81 ec 28 05 00 00 48 c7 c0 d4 ff ff ff 64 8b 00 <89> 85 5c fb ff ff 8b 87 c0 00 00 00 85 c0 0f 85 ee 00 00 00 c7 87 [ 2381.424078] RSP: 002b:00007ffdadc4de80 EFLAGS: 00010202 03:45:02 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz1\x00', 0x39}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 03:45:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xec140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2381.429451] RAX: 0000000000000006 RBX: 00007ffdadc4e3e0 RCX: 0000000000000000 [ 2381.436729] RDX: 00007ffdadc4e558 RSI: 00000000004c0f07 RDI: 00007ffdadc4e3e0 [ 2381.444010] RBP: 00007ffdadc4e3d0 R08: 0000000000000000 R09: 00007ffdadc4e558 [ 2381.451297] R10: 0000000000000075 R11: 0000000000000202 R12: 00007ffdadc4e570 [ 2381.458579] R13: 00000000004c0f07 R14: 00007ffdadc4e558 R15: 0000000000000001 [ 2381.545877] input: syz1 as /devices/virtual/input/input20 03:45:03 executing program 2: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) [ 2381.625619] Task in /syz5 killed as a result of limit of /syz5 [ 2381.646459] memory: usage 307200kB, limit 307200kB, failcnt 1136 [ 2381.658624] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2381.690896] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xed140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) fallocate(r0, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) r3 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r5, 0x200004) openat(0xffffffffffffffff, &(0x7f0000000040)='./bus\x00', 0x0, 0x4) ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, 0x0) sendfile(r1, r5, 0x0, 0x80001d00c0d0) [ 2381.724220] Memory cgroup stats for /syz5: cache:128KB rss:188KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2381.761747] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2381.831055] Killed process 28929 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:03 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2381.885931] oom_reaper: reaped process 28929 (syz-executor.5), now anon-rss:0kB, file-rss:34112kB, shmem-rss:0kB 03:45:03 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4a720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2382.098489] syz-executor.5 invoked oom-killer: gfp_mask=0x604050(GFP_NOFS|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=0 [ 2382.132613] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2382.147850] CPU: 0 PID: 29162 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2382.155708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2382.165067] Call Trace: [ 2382.167668] dump_stack+0x197/0x210 [ 2382.171314] dump_header+0x15e/0xa55 [ 2382.175074] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2382.180202] ? ___ratelimit+0x60/0x595 [ 2382.184104] ? do_raw_spin_unlock+0x181/0x270 [ 2382.188615] oom_kill_process.cold+0x10/0x6ef [ 2382.193133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2382.198693] ? task_will_free_mem+0x139/0x6e0 [ 2382.203202] ? find_held_lock+0x35/0x130 [ 2382.207368] out_of_memory+0x362/0x1330 [ 2382.211358] ? lock_downgrade+0x880/0x880 [ 2382.215512] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2382.220635] ? oom_killer_disable+0x280/0x280 [ 2382.225151] ? find_held_lock+0x35/0x130 [ 2382.229239] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2382.234095] ? memcg_event_wake+0x230/0x230 [ 2382.238434] ? do_raw_spin_unlock+0x181/0x270 [ 2382.242937] ? _raw_spin_unlock+0x2d/0x50 [ 2382.247096] try_charge+0xec5/0x1490 [ 2382.250827] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2382.255693] ? rcu_read_lock_sched_held+0x110/0x130 [ 2382.260728] ? __alloc_pages_nodemask+0x632/0x750 [ 2382.265603] memcg_kmem_charge_memcg+0x83/0x170 [ 2382.270298] ? mark_held_locks+0xb1/0x100 [ 2382.274460] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2382.278964] ? cache_grow_begin+0x597/0x8c0 [ 2382.283307] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2382.287910] ? trace_hardirqs_on+0x67/0x220 [ 2382.292249] cache_grow_begin+0x3fa/0x8c0 [ 2382.296417] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2382.301971] ? __cpuset_node_allowed+0x136/0x540 [ 2382.307099] fallback_alloc+0x1fd/0x2d0 [ 2382.311090] ____cache_alloc_node+0x1be/0x1e0 [ 2382.315719] kmem_cache_alloc+0x1f3/0x700 [ 2382.319889] ? ratelimit_state_init+0xb0/0xb0 [ 2382.324404] ext4_alloc_inode+0x1f/0x630 [ 2382.328487] ? ratelimit_state_init+0xb0/0xb0 [ 2382.333110] alloc_inode+0x64/0x190 [ 2382.336758] new_inode_pseudo+0x19/0xf0 [ 2382.340753] new_inode+0x1f/0x40 [ 2382.344129] __ext4_new_inode+0x3cb/0x52d0 [ 2382.348384] ? security_transition_sid+0xf1/0x190 [ 2382.353238] ? ext4_free_inode+0x1470/0x1470 [ 2382.357672] ? may_create+0x21d/0x470 [ 2382.361489] ? dquot_get_next_dqblk+0x180/0x180 [ 2382.366184] ? selinux_dentry_init_security+0x2a0/0x2a0 [ 2382.371568] ? selinux_capable+0x40/0x40 [ 2382.375655] ? putname+0xf4/0x130 [ 2382.379120] ext4_symlink+0x3f8/0xbe0 [ 2382.382941] vfs_symlink+0x373/0x5c0 [ 2382.386674] do_symlinkat+0x22b/0x290 [ 2382.390500] ? __ia32_sys_unlink+0x50/0x50 [ 2382.394749] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2382.399524] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2382.404941] ? do_syscall_64+0x26/0x620 [ 2382.408941] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2382.413548] __x64_sys_symlink+0x59/0x80 [ 2382.417645] do_syscall_64+0xfd/0x620 [ 2382.421479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2382.426681] RIP: 0033:0x45b077 [ 2382.429891] Code: 0f 1f 00 b8 5c 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 6d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 58 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2382.448807] RSP: 002b:00007ffdadc4ea58 EFLAGS: 00000202 ORIG_RAX: 0000000000000058 [ 2382.456533] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045b077 [ 2382.463818] RDX: 00007ffdadc4eaf7 RSI: 00000000004c0ee4 RDI: 00007ffdadc4eae0 [ 2382.471101] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000017 [ 2382.478427] R10: 0000000000000075 R11: 0000000000000202 R12: 0000000000000001 [ 2382.485712] R13: 00007ffdadc4ea90 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:03 executing program 2: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) [ 2382.500106] Task in /syz5 killed as a result of limit of /syz5 [ 2382.506741] memory: usage 307200kB, limit 307200kB, failcnt 1175 [ 2382.528571] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2382.535784] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xee140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2382.558597] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:88KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2382.580013] audit: type=1800 audit(1580269503.930:182): pid=29166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16558 res=0 03:45:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635202100000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000280)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000fb], 0x1f004}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000004c0)={0x0, 0x0, @pic={0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_DEL_INTERFACE(0xffffffffffffffff, 0x0, 0xc000) [ 2382.638756] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2382.669777] Killed process 29162 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2382.709565] oom_reaper: reaped process 29162 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:45:04 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4b720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:04 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:04 executing program 2: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(0xffffffffffffffff) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) 03:45:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xef140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2382.992055] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2383.062777] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2383.083777] CPU: 1 PID: 29294 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2383.091626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.101116] Call Trace: [ 2383.103726] dump_stack+0x197/0x210 [ 2383.107376] dump_header+0x15e/0xa55 [ 2383.111107] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2383.116222] ? ___ratelimit+0x60/0x595 [ 2383.120125] ? do_raw_spin_unlock+0x181/0x270 [ 2383.124642] oom_kill_process.cold+0x10/0x6ef [ 2383.129161] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.134713] ? task_will_free_mem+0x139/0x6e0 [ 2383.139216] ? find_held_lock+0x35/0x130 [ 2383.143297] out_of_memory+0x362/0x1330 [ 2383.147287] ? lock_downgrade+0x880/0x880 [ 2383.151444] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2383.156559] ? oom_killer_disable+0x280/0x280 [ 2383.161061] ? find_held_lock+0x35/0x130 [ 2383.165160] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2383.170022] ? memcg_event_wake+0x230/0x230 [ 2383.174368] ? do_raw_spin_unlock+0x181/0x270 [ 2383.178883] ? _raw_spin_unlock+0x2d/0x50 [ 2383.183051] try_charge+0xec5/0x1490 [ 2383.186799] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2383.191668] ? lock_downgrade+0x880/0x880 [ 2383.195836] ? kasan_check_read+0x11/0x20 [ 2383.200006] memcg_kmem_charge_memcg+0x83/0x170 [ 2383.204707] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2383.209229] ? __isolate_free_page+0x4c0/0x4c0 [ 2383.213832] memcg_kmem_charge+0x13b/0x370 [ 2383.218089] __alloc_pages_nodemask+0x3c3/0x750 [ 2383.222782] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2383.227809] ? __lock_acquire+0x6ee/0x49c0 [ 2383.232063] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2383.238228] alloc_pages_current+0x107/0x210 [ 2383.243178] __pmd_alloc+0x41/0x460 [ 2383.247684] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.253237] __handle_mm_fault+0x1954/0x3f80 [ 2383.257662] ? copy_page_range+0x2030/0x2030 [ 2383.262104] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2383.266790] handle_mm_fault+0x1b5/0x690 [ 2383.270961] __do_page_fault+0x62a/0xe90 [ 2383.275049] ? vmalloc_fault+0x740/0x740 [ 2383.279128] ? trace_hardirqs_off_caller+0x65/0x220 [ 2383.284160] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2383.289104] ? page_fault+0x8/0x30 [ 2383.292661] do_page_fault+0x71/0x57d [ 2383.296477] ? page_fault+0x8/0x30 [ 2383.300037] page_fault+0x1e/0x30 [ 2383.303510] RIP: 0033:0x401c27 [ 2383.306712] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 db 4c 00 [ 2383.325623] RSP: 002b:00007ffdadc4e8a0 EFLAGS: 00010287 [ 2383.331003] RAX: 0000001b2c920000 RBX: 0000000000000000 RCX: 0000001b2d920000 [ 2383.338286] RDX: 0000001b2c920004 RSI: 00007ffdadc4e660 RDI: 0000000000000000 [ 2383.345567] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 2383.352850] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 2383.360130] R13: 00007ffdadc4ea90 R14: 0000000000000000 R15: 00007ffdadc4eaa0 [ 2383.387641] Task in /syz5 killed as a result of limit of /syz5 [ 2383.394293] memory: usage 307200kB, limit 307200kB, failcnt 1194 [ 2383.401558] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2383.408950] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2383.415565] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:92KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:04 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4c000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2383.436632] Memory cgroup out of memory: Kill process 29294 (syz-executor.5) score 1103 or sacrifice child [ 2383.447240] Killed process 29294 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:04 executing program 3: request_key(&(0x7f0000000300)='rxrpc_s\x00', &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000380)='\x00', 0x0) 03:45:05 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2383.731967] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2383.811185] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2383.883509] CPU: 1 PID: 29443 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2383.891390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2383.900752] Call Trace: [ 2383.903363] dump_stack+0x197/0x210 [ 2383.907011] dump_header+0x15e/0xa55 [ 2383.910743] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2383.915857] ? ___ratelimit+0x60/0x595 [ 2383.919751] ? do_raw_spin_unlock+0x181/0x270 [ 2383.924262] oom_kill_process.cold+0x10/0x6ef [ 2383.928775] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2383.934334] ? task_will_free_mem+0x139/0x6e0 [ 2383.938848] out_of_memory+0x362/0x1330 [ 2383.942838] ? lock_downgrade+0x880/0x880 [ 2383.946993] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2383.952206] ? oom_killer_disable+0x280/0x280 [ 2383.956710] ? find_held_lock+0x35/0x130 [ 2383.960880] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2383.965739] ? memcg_event_wake+0x230/0x230 [ 2383.970080] ? do_raw_spin_unlock+0x181/0x270 [ 2383.974587] ? _raw_spin_unlock+0x2d/0x50 [ 2383.978750] try_charge+0xec5/0x1490 03:45:05 executing program 2: prctl$PR_SET_THP_DISABLE(0x29, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = getpid() getsockopt$IP_SET_OP_GET_BYNAME(0xffffffffffffffff, 0x1, 0x53, &(0x7f0000000000)={0x6, 0x7, 'syz0\x00'}, 0x0) sched_setscheduler(r2, 0x5, &(0x7f0000000380)) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x200004) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:45:05 executing program 3: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') 03:45:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf0010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2383.982592] ? lock_downgrade+0x880/0x880 [ 2383.986760] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2383.991620] ? rcu_read_unlock+0x33/0x60 [ 2383.995699] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2384.000559] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2384.006638] mem_cgroup_try_charge+0x259/0x6b0 [ 2384.011245] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2384.016204] wp_page_copy+0x430/0x16a0 [ 2384.020114] ? follow_pfn+0x2a0/0x2a0 [ 2384.023934] ? do_raw_spin_unlock+0x181/0x270 [ 2384.028446] do_wp_page+0x57d/0x10b0 [ 2384.032176] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2384.036861] ? kasan_check_write+0x14/0x20 [ 2384.041120] ? do_raw_spin_lock+0xd7/0x250 [ 2384.045381] __handle_mm_fault+0x2305/0x3f80 [ 2384.049807] ? copy_page_range+0x2030/0x2030 [ 2384.054343] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2384.059026] handle_mm_fault+0x1b5/0x690 [ 2384.063106] __do_page_fault+0x62a/0xe90 [ 2384.067193] ? vmalloc_fault+0x740/0x740 [ 2384.071273] ? trace_hardirqs_off_caller+0x65/0x220 [ 2384.076303] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2384.081241] ? page_fault+0x8/0x30 [ 2384.084805] do_page_fault+0x71/0x57d [ 2384.088617] ? page_fault+0x8/0x30 [ 2384.092171] page_fault+0x1e/0x30 [ 2384.095629] RIP: 0033:0x411358 [ 2384.098831] Code: 48 8b 05 63 cb 30 00 48 89 08 48 8b 15 61 cb 30 00 48 89 42 08 48 8b 05 46 cb 30 00 48 89 05 4f cb 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 13 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2384.117745] RSP: 002b:00007ffdadc4ea08 EFLAGS: 00010246 [ 2384.123127] RAX: 0000000002972c00 RBX: 00007ffdadc4ea10 RCX: 000000000071dea0 [ 2384.130411] RDX: 0000000000411190 RSI: 000000000071de90 RDI: 0000000002972c20 [ 2384.137792] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2384.145091] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2384.152380] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @remote}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)}}, 0x20) 03:45:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf0140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2384.254303] Task in /syz5 killed as a result of limit of /syz5 [ 2384.273833] memory: usage 307200kB, limit 307200kB, failcnt 1216 [ 2384.298389] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2384.326971] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2384.333953] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2384.355132] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child 03:45:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf0ffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2384.381606] Killed process 29443 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2384.405071] oom_reaper: reaped process 29443 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:45:05 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4c720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000380)) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r4, 0x200004) ioctl$FUSE_DEV_IOC_CLONE(r2, 0x8004e500, &(0x7f00000000c0)=r2) sendfile(r0, r4, 0x0, 0x80001d00c0d0) 03:45:05 executing program 4: syz_extract_tcp_res(&(0x7f0000000100)={0x41424344, 0x41424344}, 0x7, 0x81) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000000)=0x8, 0x4) syz_extract_tcp_res$synack(&(0x7f0000000140), 0x1, 0x0) syz_emit_ethernet(0x4b8, &(0x7f0000000640)={@local, @dev, @val={@val={0x9100, 0x3, 0x0, 0x2}, {0x8100, 0x4, 0x1, 0x1}}, {@ipv6={0x86dd, @tcp={0x8, 0x6, "ddd729", 0x47a, 0x6, 0x0, @dev={0xfe, 0x80, [], 0x25}, @empty, {[@hopopts={0x0, 0x7, [], [@calipso={0x7, 0x28, {0x2, 0x8, 0x4, 0x2, [0x8, 0x4, 0x1, 0x100000000]}}, @hao={0xc9, 0x10, @ipv4={[], [], @multicast2}}]}, @fragment={0x2f, 0x0, 0x2, 0x1, 0x0, 0x7, 0x68}, @hopopts={0x5c, 0x2, [], [@enc_lim={0x4, 0x1, 0x80}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @pad1, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}]}, @routing={0x89, 0x2, 0x2, 0x0, 0x0, [@loopback]}, @routing={0x9a, 0x8, 0x1, 0x9e, 0x0, [@rand_addr="9edb3e942f2ff34eec218c05104b184c", @mcast2, @ipv4={[], [], @remote}, @initdev={0xfe, 0x88, [], 0x0, 0x0}]}, @dstopts={0x2c, 0x0, [], [@jumbo={0xc2, 0x4, 0x6}]}, @hopopts={0x0, 0x4b, [], [@generic={0x5, 0xde, "2f3adc040a0c655f36d620f8886e63123e7348d15e80f980313612209b5fc77843376e7f06a6102a8826be389f57b551fb7524a41c6572a20286d792568d01e87ba4cc89eb017ae4d9a7991efd1ee508bac1a60801b5317710bb75ed2791ab4461294a86b5cdecfaf3cd20fecff705d1b55385c4a8fe03cb2381fcf523ba3e191147232c0abcf4a8c02074b7fe26a45f524cf0ed0906481af12540e148d84390946243b7947e442c5a4635acbcf337acf0af22d021316d69fdb94c62b23182d9be1fae9e5cbc5ffa1ab360af9a4b733e4945420051ca04d0d9449089a7ec"}, @calipso={0x7, 0x30, {0x1, 0xa, 0xab, 0x3ff, [0x1, 0x3, 0x9, 0x7, 0x40]}}, @padn, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @generic={0x80, 0xd9, "d63ce65df39b271b072647d7b60e1aa1ad4b45387a05adb939f4575300a45d1e02d3ce3bb375506cdfbec749de260debe7dd625b7a03ab194fd05708d03a07f76f46221ac1dc42962a8bb25e2cdacb66570569d5d115860c9f2e3992df048e9195ba94b9390e5ae4a0bad35933f5bcdadefd4b9d3fca6814ed902876dd736cf9ace05f813c146ea538f30dc6003d513a6c7348b497a1eb3632101e54bf0c9d25665629d423c954b46dc010644c8541a0d2cf48eeab91af30e9a992a628ec379dfecfcfba45d3e0e5fe7c796de6760b70490e5bb69b3487af9a"}, @pad1, @pad1, @calipso={0x7, 0x48, {0x0, 0x10, 0x31, 0x7fff, [0x2, 0x0, 0x6, 0x20, 0xf6, 0x83, 0x11, 0x58a]}}, @enc_lim={0x4, 0x1, 0x40}, @jumbo={0xc2, 0x4, 0x401}]}, @routing={0x87, 0x16, 0x0, 0xff, 0x0, [@mcast2, @ipv4={[], [], @multicast1}, @empty, @empty, @mcast1, @empty, @rand_addr="8edff0339066d258618d0aaea016240b", @mcast1, @mcast1, @local, @mcast2]}], {{0x4e21, 0x4e21, r0, 0x41424344, 0x0, 0x0, 0xe, 0x1, 0x4, 0x0, 0x6, {[@mss={0x2, 0x4, 0x8}, @timestamp={0x8, 0xa, 0x2, 0x1}, @mptcp=@synack={0x1e, 0x10, 0xe, 0x2, 0x40, 0x62, 0x9}, @mss={0x2, 0x4, 0x1ff}]}}, {"ffbb1b196525508c46fff762e37bbe3c68698f269cbb6933c1d30e553449950d86c632ce474698e9460288211a42c0251cc560f1a9f24227822bf59b1b68d368d3e8"}}}}}}}, 0x0) [ 2384.584663] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2384.622731] syz-executor.5 cpuset=syz5 mems_allowed=0-1 03:45:06 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2384.637846] CPU: 1 PID: 29474 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2384.645717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2384.655083] Call Trace: [ 2384.657694] dump_stack+0x197/0x210 [ 2384.661346] dump_header+0x15e/0xa55 [ 2384.665099] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2384.670226] ? ___ratelimit+0x60/0x595 [ 2384.674129] ? do_raw_spin_unlock+0x181/0x270 [ 2384.678644] oom_kill_process.cold+0x10/0x6ef [ 2384.683158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2384.688714] ? task_will_free_mem+0x139/0x6e0 [ 2384.693240] ? find_held_lock+0x35/0x130 [ 2384.697322] out_of_memory+0x362/0x1330 [ 2384.701319] ? lock_downgrade+0x880/0x880 [ 2384.705481] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2384.710597] ? oom_killer_disable+0x280/0x280 [ 2384.715102] ? find_held_lock+0x35/0x130 [ 2384.719188] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2384.724044] ? memcg_event_wake+0x230/0x230 [ 2384.728389] ? do_raw_spin_unlock+0x181/0x270 [ 2384.732904] ? _raw_spin_unlock+0x2d/0x50 03:45:06 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) accept4$bt_l2cap(r0, &(0x7f0000000080), &(0x7f00000000c0)=0xe, 0x800) getuid() r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcsa\x00', 0x101000, 0x0) ioctl$KVM_DIRTY_TLB(r1, 0x4010aeaa, &(0x7f0000000140)={0x100, 0xdf}) [ 2384.737166] try_charge+0xec5/0x1490 [ 2384.740993] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2384.745878] ? lock_downgrade+0x880/0x880 [ 2384.750046] ? kasan_check_read+0x11/0x20 [ 2384.754211] memcg_kmem_charge_memcg+0x83/0x170 [ 2384.758895] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2384.763426] ? __isolate_free_page+0x4c0/0x4c0 [ 2384.768026] memcg_kmem_charge+0x13b/0x370 [ 2384.772279] __alloc_pages_nodemask+0x3c3/0x750 [ 2384.776967] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2384.781999] ? __lock_acquire+0x6ee/0x49c0 [ 2384.786258] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2384.791820] alloc_pages_current+0x107/0x210 [ 2384.796254] __pmd_alloc+0x41/0x460 [ 2384.796270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2384.796288] __handle_mm_fault+0x1954/0x3f80 [ 2384.796308] ? copy_page_range+0x2030/0x2030 [ 2384.796345] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2384.796362] handle_mm_fault+0x1b5/0x690 [ 2384.796383] __do_page_fault+0x62a/0xe90 [ 2384.827188] ? vmalloc_fault+0x740/0x740 [ 2384.831264] ? trace_hardirqs_off_caller+0x65/0x220 03:45:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf1140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:06 executing program 2: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='scalable\x00', 0x9) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7868f1eaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf9091a7511bf746bec66ba", 0xfe6a, 0x2, 0x0, 0x27) [ 2384.836384] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2384.841333] ? page_fault+0x8/0x30 [ 2384.844884] do_page_fault+0x71/0x57d [ 2384.848695] ? page_fault+0x8/0x30 [ 2384.852248] page_fault+0x1e/0x30 [ 2384.855710] RIP: 0033:0x401c27 [ 2384.858912] Code: 00 00 00 48 83 ec 08 48 8b 15 6d 0a 67 00 48 8b 05 5e 0a 67 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 40 0a 67 00 48 83 c4 08 c3 48 89 c6 bf 70 db 4c 00 [ 2384.877835] RSP: 002b:00007ffdadc4e8a0 EFLAGS: 00010287 [ 2384.883229] RAX: 0000001b2c920000 RBX: 0000000000000000 RCX: 0000001b2d920000 [ 2384.890517] RDX: 0000001b2c920004 RSI: 00007ffdadc4e660 RDI: 0000000000000000 [ 2384.897803] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 2384.905093] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000001 [ 2384.912377] R13: 00007ffdadc4ea90 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:06 executing program 4: syz_emit_ethernet(0x0, &(0x7f0000000080)=ANY=[], 0x0) [ 2385.012103] Task in /syz5 killed as a result of limit of /syz5 [ 2385.018254] memory: usage 307200kB, limit 307200kB, failcnt 1246 [ 2385.037063] audit: type=1800 audit(1580269506.410:183): pid=29477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.3" name="bus" dev="sda1" ino=16545 res=0 [ 2385.045171] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:06 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x10006, 0x80011, r1, 0x0) pipe(&(0x7f0000000680)) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x80011, r0, 0x0) 03:45:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf2140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2385.105647] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2385.115237] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:92KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2385.148641] Memory cgroup out of memory: Kill process 29474 (syz-executor.5) score 1103 or sacrifice child [ 2385.169020] Killed process 29474 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:06 executing program 4: seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, &(0x7f0000000080)=0x7) syz_emit_ethernet(0x1, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffebab96d4200000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd17e84a673b4e9e"], 0x0) [ 2385.201228] oom_reaper: reaped process 29474 (syz-executor.5), now anon-rss:0kB, file-rss:34112kB, shmem-rss:0kB 03:45:06 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4d720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:06 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf3140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000004c0)={0x0, 0x0, @pic={0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f}}) socket$netlink(0x10, 0x3, 0x0) 03:45:06 executing program 2: prctl$PR_SET_MM(0x23, 0x0, &(0x7f00002d5000/0x2000)=nil) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f00000001c0)) statx(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x800, 0x0, 0x0) setuid(0x0) tkill(0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8044, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x20000000021) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000380)={'nat\x00'}, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) sched_setscheduler(0x0, 0x5, &(0x7f0000000540)=0x2) ioctl$TIOCMSET(r1, 0x5437, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0xf6}, 0x14) [ 2385.336530] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2385.395157] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2385.427807] CPU: 1 PID: 29833 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2385.435690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2385.445060] Call Trace: [ 2385.447673] dump_stack+0x197/0x210 [ 2385.451329] dump_header+0x15e/0xa55 [ 2385.455070] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2385.460190] ? ___ratelimit+0x60/0x595 [ 2385.464092] ? do_raw_spin_unlock+0x181/0x270 [ 2385.468603] oom_kill_process.cold+0x10/0x6ef [ 2385.473115] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2385.478674] ? task_will_free_mem+0x139/0x6e0 [ 2385.483187] out_of_memory+0x362/0x1330 [ 2385.487181] ? lock_downgrade+0x880/0x880 [ 2385.491346] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2385.496464] ? oom_killer_disable+0x280/0x280 [ 2385.500972] ? find_held_lock+0x35/0x130 [ 2385.505071] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2385.509936] ? memcg_event_wake+0x230/0x230 [ 2385.514282] ? do_raw_spin_unlock+0x181/0x270 [ 2385.518809] ? _raw_spin_unlock+0x2d/0x50 [ 2385.522981] try_charge+0xec5/0x1490 [ 2385.526717] ? lock_downgrade+0x880/0x880 [ 2385.530894] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2385.535759] ? rcu_read_unlock+0x33/0x60 [ 2385.539838] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2385.544699] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2385.550762] mem_cgroup_try_charge+0x259/0x6b0 [ 2385.555344] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2385.560299] wp_page_copy+0x430/0x16a0 [ 2385.564181] ? follow_pfn+0x2a0/0x2a0 [ 2385.567984] ? do_raw_spin_unlock+0x181/0x270 [ 2385.572481] do_wp_page+0x57d/0x10b0 [ 2385.576199] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2385.580862] ? kasan_check_write+0x14/0x20 [ 2385.585087] ? do_raw_spin_lock+0xd7/0x250 [ 2385.589317] __handle_mm_fault+0x2305/0x3f80 [ 2385.593716] ? copy_page_range+0x2030/0x2030 [ 2385.598131] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2385.602792] handle_mm_fault+0x1b5/0x690 [ 2385.606844] __do_page_fault+0x62a/0xe90 [ 2385.610918] ? vmalloc_fault+0x740/0x740 [ 2385.615059] ? trace_hardirqs_off_caller+0x65/0x220 [ 2385.620064] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2385.624990] ? page_fault+0x8/0x30 [ 2385.628534] do_page_fault+0x71/0x57d [ 2385.632321] ? page_fault+0x8/0x30 [ 2385.635852] page_fault+0x1e/0x30 [ 2385.640395] RIP: 0033:0x411386 [ 2385.643592] Code: 13 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 89 4a 08 49 8b 89 c8 02 00 00 48 89 11 48 c7 05 0a 13 66 00 00 00 00 00 <48> c7 05 07 cb 30 00 90 de 71 00 31 d2 48 c7 05 f2 ca 30 00 90 de [ 2385.662492] RSP: 002b:00007ffdadc4ea08 EFLAGS: 00010246 [ 2385.667847] RAX: 0000000002972c00 RBX: 00007ffdadc4ea10 RCX: 0000000000a72680 [ 2385.675228] RDX: 0000000000a72680 RSI: 000000000071de90 RDI: 0000000002972c20 [ 2385.682498] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2385.690218] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2385.697476] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 [ 2385.734325] Task in /syz5 killed as a result of limit of /syz5 [ 2385.745767] memory: usage 307200kB, limit 307200kB, failcnt 1281 [ 2385.753995] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2385.766529] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf4140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:07 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:07 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa7fce32cb062e532f403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @control={0xd2, 0x0, 0x4}}], 0x1c) ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000280)={0xa10000, 0x0, 0x4, r3, 0x0, &(0x7f0000000240)={0xa2092a, 0x5, [], @p_u16=&(0x7f00000001c0)=0x8}}) write$sndseq(r4, &(0x7f0000000200), 0x0) ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000140)) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r5, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$SNDCTL_DSP_RESET(r5, 0x5000, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000080)={0x9ab, 0x9, 0x4, 0x4, 0x1aed, {}, {0x5, 0x1, 0x8, 0xbb, 0x3, 0x6, "c8cc96b6"}, 0xf7cc, 0x0, @userptr=0x80000001, 0x6d, 0x0, r6}) memfd_create(&(0x7f0000000180)='\x00', 0x6) ioctl$UI_BEGIN_FF_ERASE(r7, 0xc00c55ca, &(0x7f0000000100)={0x3, 0x1, 0x538e}) 03:45:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x154ab, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="500000001000074774480000dfdbdf250001a381", @ANYRES32=0x0, @ANYBLOB="7fff0002811200001c0012000b0001006d616373656300e10b00020005000c00000300000a000540020000000000000008000a0009d35b587e27a8b0b9cad4a128c1aa7cf68a72e18b043723262ef1db55855e9b9c3c4f3d85375cfa53566d1becb85f7297cb072cd567309e4df2d41485c9b6a83c953a21aa4f22f55716d40a207530362bc729067a2c1827fb817eec56022b28d49a32965d048e336c6476967ed3c025b32265056d7425271b24a7a00c7f44c83d98fd505c6a5bed", @ANYRES32, @ANYBLOB="6326ffc30340a59af4c3650421f9a53779861026cd4f7ae2dcfdaef81c581d1b4223e49887ee68e87ed537d5b2e957e1fac165be3eb34c5174f627927737456b54921f664921e1615264cc762c189704152109b0dff9eb9ca92da732cc5b460a46383502d39192ed1257af1867305485dc560b67fa9950386e7d44374265b739aa0ef8918e45feb997445e598790400e81a0a90106099ffc40614fb95e437e5d5f0594c09185a98100000026a6bfd2720d26c90aee9086e0a95f63a8fda63eb23fd475c61ebd1380a9826fd69c6f64bf79710e7e1d75e2c791eb7b1d86588ef923b129222614c86e18924f9589b3296bf073a802c252d7bc999adfe63ad0e5a6481eae74204aaf21e9a35fb7506b3169662c7d4fc773e0d3e15553c56b"], 0x50}}, 0x0) 03:45:07 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2385.794441] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:80KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2385.831824] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2385.870369] Killed process 29833 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:07 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4e720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2385.921152] oom_reaper: reaped process 29833 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2385.951083] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 2385.996416] device tunl0 entered promiscuous mode [ 2386.044997] device tunl0 left promiscuous mode [ 2386.051467] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 2386.074346] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2386.100155] CPU: 0 PID: 30088 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2386.108008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2386.117371] Call Trace: [ 2386.119976] dump_stack+0x197/0x210 [ 2386.123613] dump_header+0x15e/0xa55 [ 2386.127341] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2386.132457] ? ___ratelimit+0x60/0x595 [ 2386.136352] ? do_raw_spin_unlock+0x181/0x270 [ 2386.140854] oom_kill_process.cold+0x10/0x6ef [ 2386.145359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2386.150903] ? task_will_free_mem+0x139/0x6e0 [ 2386.155412] out_of_memory+0x362/0x1330 [ 2386.159396] ? lock_downgrade+0x880/0x880 [ 2386.163556] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2386.168668] ? oom_killer_disable+0x280/0x280 [ 2386.173168] ? find_held_lock+0x35/0x130 [ 2386.177244] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2386.182097] ? memcg_event_wake+0x230/0x230 [ 2386.186428] ? do_raw_spin_unlock+0x181/0x270 [ 2386.190932] ? _raw_spin_unlock+0x2d/0x50 [ 2386.195094] try_charge+0xec5/0x1490 [ 2386.199071] ? lock_downgrade+0x880/0x880 [ 2386.203236] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2386.208086] ? rcu_read_unlock+0x33/0x60 [ 2386.212162] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2386.217017] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2386.223612] mem_cgroup_try_charge+0x259/0x6b0 [ 2386.228207] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2386.233145] wp_page_copy+0x430/0x16a0 [ 2386.237046] ? follow_pfn+0x2a0/0x2a0 [ 2386.240857] ? do_raw_spin_unlock+0x181/0x270 [ 2386.245357] do_wp_page+0x57d/0x10b0 [ 2386.249080] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2386.253762] ? kasan_check_write+0x14/0x20 [ 2386.258001] ? do_raw_spin_lock+0xd7/0x250 [ 2386.262246] __handle_mm_fault+0x2305/0x3f80 [ 2386.266667] ? copy_page_range+0x2030/0x2030 [ 2386.271196] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2386.275896] handle_mm_fault+0x1b5/0x690 [ 2386.279971] __do_page_fault+0x62a/0xe90 [ 2386.284055] ? vmalloc_fault+0x740/0x740 [ 2386.288225] ? trace_hardirqs_off_caller+0x65/0x220 [ 2386.293257] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2386.298194] ? page_fault+0x8/0x30 [ 2386.301753] do_page_fault+0x71/0x57d [ 2386.305567] ? page_fault+0x8/0x30 [ 2386.309116] page_fault+0x1e/0x30 [ 2386.312578] RIP: 0033:0x411358 [ 2386.315775] Code: 48 8b 05 63 cb 30 00 48 89 08 48 8b 15 61 cb 30 00 48 89 42 08 48 8b 05 46 cb 30 00 48 89 05 4f cb 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 13 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2386.335374] RSP: 002b:00007ffdadc4ea08 EFLAGS: 00010246 [ 2386.340750] RAX: 0000000002972c00 RBX: 00007ffdadc4ea10 RCX: 000000000071dea0 03:45:07 executing program 4: syz_emit_ethernet(0x208, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaf186dd604d898c01d23afffe8000000000000000000000000000bbff02000000005581f8b95c55414c000000000000000000010300907801000000680c28b50131887fff010000400000000000000000000001fe8000000000000000000000000000aa000005306500000067280000000000000001000758000000001400ff0105000000000000000180000000000000ff0300000000000005000000000000008d00000000000000c005000000000000200000000000000080000000000000000000000000008000050000000000000001060000000000000730000000020afc0600e8000000000000000300000000000000060000000000000004000000000000003f00000000000000c910ff010000000000000000000000000001565e5a1b361e5bb93aeadd6cc0a7b44a2f379cf8d3bc561683edd82919bfa5794ccce9f247a615801458d571a9e236f7ae99a8af667230e9074d477aae41f24c92b6ad76ffea165816da275cdce3efa620880000010000323859652e3ee33f5e857fb2987166f208fc8e5d8fd71bc453a561ba385f568f9be938fe24fa0ffa1935f3d37e8fc8d076892dc2040000000800003b33d8f228b99ba48df3c919be6dea51391955fa2c873f4bf38428f38779a3ea5b65a116ca04025a18414acb45f088047145656ca9c6b5d8c72333a27abcc6e02cbd3194bc4b1fad0000000000"], 0x0) r0 = request_key(0x0, &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0xfffffffffffffffa) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r1, 0xc0305615, &(0x7f0000000680)={0x0, {0xca79, 0x3}}) keyctl$update(0x2, r0, &(0x7f00000002c0), 0x0) r2 = request_key(0x0, &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0xfffffffffffffffa) keyctl$update(0x2, r2, &(0x7f00000002c0), 0x0) add_key$user(&(0x7f0000000740)='user\x00', &(0x7f0000000780)={'syz', 0x3}, &(0x7f00000007c0)="feb6af7d35eb2c6dc8c7c2ad2e1113c5a2cd79a9e8666236db2eb343370011fc36790a65d9a45999c47b6d2c04510f38327e5e5a562e175d327f4a140120a015c5b79ebfd63994d819318c257356530a30b72e743046ff769d61cbe4f569da3be5940680a2aabc31f7d106ec577e257bcbbee1ebf8798d90cadd4f962779b5db788d468c0287e86d1edda24b98ac4e2dd9eaa988d0cf9549b4c9e992f25e985a4f172da04a81d1cd73ad247b24fdb56c068f530455d7889e8882efded4839b43ed39211f72d8e0ede8a9f6270f9a08835a2357c92af2f41e9135c10bae99859b5e09c8fc0d8594188518a712627190617b63db844d5d733f40a810cd", 0xfc, r2) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x41, &(0x7f00000006c0)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000003000000000000edfffeffffffffff0000000000000000000000000000000000000000000a00"/88], 0x58) keyctl$instantiate_iov(0x14, r0, &(0x7f0000000600)=[{&(0x7f0000000000)="bb9a36ae4b69054cbb3cbdac9e4660957343c9f45780c75ca236d95a72dda2fbbf6aa533f2021c01f5ea297546e2817a2d9f104bffd6aae826b0d7e737918bc56076eb22e0d148c9701a05bd6b26edd85f424bc354325f4294fe8c2271fad82b5b549fba41db1928491af231dafef721f5a9761fc2730e564c5a573b2960b2137143ad6e1dc7fc456cf1452b126e58", 0x8f}, {&(0x7f00000000c0)="57e92ca9d26a4ee0e0c87300dbe56a9b1b9449f50c198a2756a8a20bf8236ea4b084cf3ebd0259409255815f4cf6861a4b9a628ae9ecb3eee9e8ef00861552a02074b3ec0465a01e668affc6cfdbe1b71e7155a7b47dd1b093da505b91bdd4b19538ea0d4252b615a51b2f50aa5188d53b66d8ef78359d6aa4e6b7f21622982627d62e4f8ab5f579737fdd9ed18c46368e7410b1eb6827bb50a1a2972ae8ff1a8a44af81d9bfd324d0032c865a4abda6353cdc1fa626f432cff4445fa84af2082e9747b7e805686f14be13b5bd7f823517600b73bec7bcb708f1db1c52da0fbd6cfdf5868373720fbdf93873c9b2e7d2f6cb3a5535098e819e38a02165bf", 0xfe}, {&(0x7f00000001c0)="06f6d0268ef68e4c09c92dd81aa4bcbc39ef4ae484dc0fe18ea6af7e63b21b907e9467fe79ea53a80c54cb43f4619549e44d9a7d92b1c7a6436c5a8a3c3b43a761136516b09eb195a1fd2da960f65736e3729ea22d127eaec1d097f824f1a5e35df0151f59ef75179612d4e6a1ca1966a57d6c5d946cda47d6331b53e87dd33aa0b3874d3ac432f3e96cb6e241d0ced8f2d880e0dc487f6f889bcba8a760d53dc2abb1032b3d664123a549539ecfa85a5ac98f51b034dcc635a4ec8eebd2b8f7e639f7b11d72d663faf9bcef63e528b679004c04a342251cb305744a31c34c2a6ee0d2cf60fe95127ace7e171144", 0xee}, {&(0x7f00000002c0)="001187795e9b8403dbbaedf651f71df5a2e53d5bb96669d5ca2be6c5365073cfd73f9997a9fb4bb82fb706375cef80116b4f8c7983683252887fdbdab851d6d259ad8f4894dc85830a4bec399ed8b40c575cf0caec0802cfa31e6efc7fe8b2", 0x5f}, {&(0x7f0000000340)="aa83a1e3dda7105582035e4e41628c45", 0x10}, {&(0x7f0000000380)="f24721c1ab7d63bf0c392c53fc", 0xd}], 0x6, r2) 03:45:07 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4000004e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000300)='scalable\x00', 0x9) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 2386.348035] RDX: 0000000000411190 RSI: 000000000071de90 RDI: 0000000002972c20 [ 2386.355317] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2386.362619] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2386.369900] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf5140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2386.442274] Task in /syz5 killed as a result of limit of /syz5 03:45:07 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r3, 0x7) accept4(r3, 0x0, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f00000001c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) [ 2386.493091] memory: usage 307200kB, limit 307200kB, failcnt 1321 [ 2386.543512] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:07 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf6140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:08 executing program 4: syz_emit_ethernet(0x30c, &(0x7f0000000100)={@local, @dev, @void, {@ipv6={0x86dd, @udp={0x6, 0x6, "039f5b", 0x2d6, 0x11, 0x7, @mcast2, @mcast2, {[@fragment={0x62, 0x0, 0x80, 0x0, 0x0, 0x3, 0x66}, @dstopts={0x0, 0xd, [], [@jumbo={0xc2, 0x4, 0x8}, @calipso={0x7, 0x48, {0x0, 0x10, 0x4a, 0x6, [0x35cf, 0x9, 0xff, 0x5, 0xfffffffffffffffb, 0x8, 0x14, 0xede4]}}, @hao={0xc9, 0x10, @local}, @jumbo={0xc2, 0x4, 0x6}, @ra={0x5, 0x2, 0x7fff}]}, @hopopts={0x33, 0x4, [], [@hao={0xc9, 0x10, @rand_addr="d963e867ab4c2c6fda46cdccf24ca413"}, @enc_lim={0x4, 0x1, 0x6}, @ra={0x5, 0x2, 0x476}, @pad1, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x7f}]}, @hopopts={0x33, 0x0, [], [@ra={0x5, 0x2, 0xe1}]}, @srh={0x6c, 0xe, 0x4, 0x7, 0x2, 0x8, 0x57, [@ipv4={[], [], @multicast2}, @ipv4={[], [], @rand_addr=0x7ff}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @local, @remote, @empty, @mcast2]}, @fragment={0xc, 0x0, 0x1, 0x1, 0x0, 0xd, 0x67}, @routing={0xc, 0x10, 0x2, 0x7f, 0x0, [@rand_addr="b0a9758ebe28fc92ee7e45efd222ee63", @initdev={0xfe, 0x88, [], 0x1, 0x0}, @mcast2, @mcast1, @local, @remote, @ipv4={[], [], @local}, @initdev={0xfe, 0x88, [], 0x0, 0x0}]}], {0x4e23, 0x4e20, 0x10e, 0x0, [@guehdr={0x1, 0x1, 0x1, 0xf9, 0x100, @void}, @guehdr={0x2, 0x0, 0x0, 0x7, 0x100}, @guehdr={0x2, 0x1, 0x2, 0x7d, 0x100, @val=0x80}, @guehdr={0x2, 0x0, 0x2, 0x1, 0x100, @val=0x80}, @guehdr={0x1, 0x1, 0x2, 0x75, 0x100, @void}, @guehdr={0x2, 0x0, 0x1, 0xff, 0x100}, @guehdr={0x1, 0x1, 0x3, 0x80, 0x0, @void}, @guehdr={0x1, 0x1, 0x0, 0x6, 0x100, @void}], "471c1bb25f102d0a8f5aec35f6d201fe69a4a2bc513052caf8f32fbbf21d42a753c8759d1e0497507e3ef59cc98cdebf503eef16ab893b1e80ad0e593679f9cc981b6d09a2babcee0ed542b037abab21449f21da1054427771e59b0d337a73856a81c4e1c640b5b58103f5d36a4ab8c2b1dcab787d7b2bf71d05540aebe11f9fc86a7a1b6b920d9427a90cfb2522525091481570f0ae82169a75f411b991b8e2f7fe99f4f4757d9e6bc372abed80963591d1b5c023ba9a277b8330a3c07cfcfb4657db467d0498cbc3c1f5a2357c178c223f45cc10f3"}}}}}}, 0x0) [ 2386.600457] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2386.629106] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:08 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b15, &(0x7f0000000600)='wlan1\x00\a\xd3~\xd4\xa2\xb8y\xe1\x04\xbe\x02\x00\x00\x00\x00\x00\x00@!\a\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfd\xfd\x00\a\x00\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02:a\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\a\x00vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x99\xb9j\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cy\xb3QOT\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0X\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x990\xcei\xf2\xd1\x04\xde\xaa\xfa\xc0\xe9c\x81\x86\xc3j2m\xf6B\x19=h\x8fe\xc2\x13\x92?||\xbf\x10\x8f$\xdf^\xba\x04^\x13\r}\xd2n?3O\xb5\xa8\xfa\xfe\xe6\x92\xfd\x1c\xbc\x15\x81G\xbeC\xb2\x80\x87\x83\xb6\xf7wz\xcf\xa3c\xac\xe56\x8cg\x15\x9e\x96c') wait4(0x0, 0x0, 0x0, 0x0) [ 2386.699165] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child 03:45:08 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x110, r1, 0x8, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5da}, @IPVS_CMD_ATTR_DAEMON={0x24, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7b5}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x80}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x73}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd28}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x60}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1a}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x46}, 0x1) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:08 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:08 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x4f720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2386.823892] Killed process 30088 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2386.836563] oom_reaper: reaped process 30088 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:45:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf7140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:08 executing program 3: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000000)) r2 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r2, 0x0, 0x3, &(0x7f0000000000)='&}\x00', 0x0}, 0x30) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r5}}, 0x48) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$RTC_AIE_ON(r6, 0x7001) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r3}, 0xc) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) [ 2387.000946] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 03:45:08 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)={0x16, 0x0, 0x75, 0x1}, 0x3c) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0xc, &(0x7f0000000100)={r0, 0x0, 0x0}, 0x18) 03:45:08 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf8010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:08 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev={[], 0x2e}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2387.178824] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2387.184625] CPU: 1 PID: 30438 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2387.192444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2387.201828] Call Trace: [ 2387.204433] dump_stack+0x197/0x210 [ 2387.208082] dump_header+0x15e/0xa55 [ 2387.211815] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2387.216931] ? ___ratelimit+0x60/0x595 [ 2387.220830] ? do_raw_spin_unlock+0x181/0x270 [ 2387.225343] oom_kill_process.cold+0x10/0x6ef [ 2387.229859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2387.235408] ? task_will_free_mem+0x139/0x6e0 [ 2387.239934] out_of_memory+0x362/0x1330 [ 2387.243922] ? lock_downgrade+0x880/0x880 [ 2387.248081] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2387.253196] ? oom_killer_disable+0x280/0x280 [ 2387.257704] ? find_held_lock+0x35/0x130 [ 2387.261787] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2387.266731] ? memcg_event_wake+0x230/0x230 [ 2387.271069] ? do_raw_spin_unlock+0x181/0x270 03:45:08 executing program 2: clone(0x4000010006dfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='gid_map\x00') r1 = gettid() tkill(r1, 0x3c) write$uinput_user_dev(r0, 0x0, 0x0) [ 2387.275579] ? _raw_spin_unlock+0x2d/0x50 [ 2387.279749] try_charge+0xec5/0x1490 [ 2387.283477] ? lock_downgrade+0x880/0x880 [ 2387.287642] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2387.292498] ? rcu_read_unlock+0x33/0x60 [ 2387.296577] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2387.301475] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2387.307559] mem_cgroup_try_charge+0x259/0x6b0 [ 2387.312155] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2387.317090] wp_page_copy+0x430/0x16a0 [ 2387.320990] ? kasan_check_read+0x11/0x20 [ 2387.325157] ? follow_pfn+0x2a0/0x2a0 [ 2387.328983] ? do_raw_spin_unlock+0x181/0x270 [ 2387.333493] do_wp_page+0x57d/0x10b0 [ 2387.337228] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2387.341918] ? kasan_check_write+0x14/0x20 [ 2387.346174] ? do_raw_spin_lock+0xd7/0x250 [ 2387.350435] __handle_mm_fault+0x2305/0x3f80 [ 2387.354868] ? copy_page_range+0x2030/0x2030 [ 2387.359314] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2387.364031] handle_mm_fault+0x1b5/0x690 [ 2387.368112] __do_page_fault+0x62a/0xe90 [ 2387.372192] ? vmalloc_fault+0x740/0x740 03:45:08 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r0, r2, 0x0) ioprio_get$uid(0x3, r2) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2387.376269] ? trace_hardirqs_off_caller+0x65/0x220 [ 2387.381302] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2387.386244] ? page_fault+0x8/0x30 [ 2387.389808] do_page_fault+0x71/0x57d [ 2387.393624] ? page_fault+0x8/0x30 [ 2387.397187] page_fault+0x1e/0x30 [ 2387.400654] RIP: 0033:0x45999b [ 2387.403855] Code: 25 20 06 00 00 b8 c0 5c 41 00 48 89 15 0e f0 61 00 48 85 c0 74 08 4c 89 cf e8 31 c3 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 ea 55 2c 00 00 00 00 00 48 c7 05 cf 55 2c 00 00 00 00 00 [ 2387.422771] RSP: 002b:00007ffdadc4ea10 EFLAGS: 00010202 [ 2387.428151] RAX: 0000000000000000 RBX: 00007ffdadc4ea10 RCX: 0000000000415cd3 [ 2387.435435] RDX: 000005005cc19b7b RSI: 0000000000000018 RDI: 0000000002972c20 [ 2387.442724] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2387.450012] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 [ 2387.457299] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:08 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000140)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3235004000000f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4d}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2387.589432] Task in /syz5 killed as a result of limit of /syz5 [ 2387.597045] memory: usage 307196kB, limit 307200kB, failcnt 1339 [ 2387.605801] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2387.613928] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:09 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @random="4c4c4bb83499", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @mcast1, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000200)='/dev/snd/pcmC#D#c\x00', 0x9, 0x240080) fsetxattr$security_selinux(r0, &(0x7f0000000240)='security.selinux\x00', &(0x7f0000000280)='system_u:object_r:tmp_t:s0\x00', 0x1b, 0x1) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000080)={0x1, 0x9, 0x4, {0x8, @vbi={0xffff4a48, 0x1ff, 0x85e8, 0x20363159, [0x950, 0xc8af], [0x2, 0x8], 0x1}}, 0x3}) r1 = syz_open_dev$vcsu(&(0x7f0000000180)='/dev/vcsu#\x00', 0x1ff, 0x800) openat$cgroup_ro(r1, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) [ 2387.621607] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:72KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2387.644006] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2387.655032] Killed process 30438 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2387.676809] oom_reaper: reaped process 30438 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:45:09 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x50720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:09 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2387.831932] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 03:45:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf8140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2387.892000] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2387.917880] CPU: 1 PID: 30855 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2387.925736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2387.935102] Call Trace: [ 2387.937711] dump_stack+0x197/0x210 [ 2387.941367] dump_header+0x15e/0xa55 [ 2387.945104] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2387.950226] ? ___ratelimit+0x60/0x595 [ 2387.954134] ? do_raw_spin_unlock+0x181/0x270 [ 2387.958650] oom_kill_process.cold+0x10/0x6ef [ 2387.963169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2387.968736] ? task_will_free_mem+0x139/0x6e0 [ 2387.973261] out_of_memory+0x362/0x1330 [ 2387.977279] ? lock_downgrade+0x880/0x880 [ 2387.981448] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2387.986570] ? oom_killer_disable+0x280/0x280 [ 2387.991081] ? find_held_lock+0x35/0x130 [ 2387.995167] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2388.000054] ? memcg_event_wake+0x230/0x230 [ 2388.004419] ? do_raw_spin_unlock+0x181/0x270 [ 2388.008939] ? _raw_spin_unlock+0x2d/0x50 [ 2388.013112] try_charge+0xec5/0x1490 [ 2388.016840] ? lock_downgrade+0x880/0x880 [ 2388.021013] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2388.025872] ? rcu_read_unlock+0x33/0x60 [ 2388.029950] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2388.034816] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2388.040993] mem_cgroup_try_charge+0x259/0x6b0 [ 2388.045600] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2388.050544] wp_page_copy+0x430/0x16a0 [ 2388.050569] ? follow_pfn+0x2a0/0x2a0 [ 2388.050588] ? do_raw_spin_unlock+0x181/0x270 [ 2388.050606] do_wp_page+0x57d/0x10b0 [ 2388.066505] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2388.071195] ? kasan_check_write+0x14/0x20 [ 2388.075443] ? do_raw_spin_lock+0xd7/0x250 [ 2388.079732] __handle_mm_fault+0x2305/0x3f80 [ 2388.084180] ? copy_page_range+0x2030/0x2030 [ 2388.088630] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2388.093319] handle_mm_fault+0x1b5/0x690 [ 2388.097400] __do_page_fault+0x62a/0xe90 [ 2388.101480] ? vmalloc_fault+0x740/0x740 [ 2388.105627] ? trace_hardirqs_off_caller+0x65/0x220 [ 2388.110658] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2388.115601] ? page_fault+0x8/0x30 [ 2388.119166] do_page_fault+0x71/0x57d [ 2388.122976] ? page_fault+0x8/0x30 [ 2388.122992] page_fault+0x1e/0x30 [ 2388.123003] RIP: 0033:0x411358 [ 2388.123019] Code: 48 8b 05 63 cb 30 00 48 89 08 48 8b 15 61 cb 30 00 48 89 42 08 48 8b 05 46 cb 30 00 48 89 05 4f cb 30 00 49 8d 81 c0 02 00 00 <48> 89 05 31 13 66 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 [ 2388.123030] RSP: 002b:00007ffdadc4ea08 EFLAGS: 00010246 [ 2388.157677] RAX: 0000000002972c00 RBX: 00007ffdadc4ea10 RCX: 000000000071dea0 [ 2388.164955] RDX: 0000000000411190 RSI: 000000000071de90 RDI: 0000000002972c20 [ 2388.172241] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2388.179525] R10: 0000000002972c10 R11: 0000000000000202 R12: 0000000000000001 03:45:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf9010000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2388.186805] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 [ 2388.221368] Task in /syz5 killed as a result of limit of /syz5 [ 2388.258630] memory: usage 307200kB, limit 307200kB, failcnt 1371 [ 2388.269216] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2388.314938] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2388.333085] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:09 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x80, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f0000000280)) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) dup(0xffffffffffffffff) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c2fde7065726469723d2e2f66696c6530b25d8bfab83eb648e1e1926807dcc9575c350a3db400e40fcd717d935b802149558e989ab4acca768db5118c4a27122c12ee3f4885830d6b567f021fa53b00de21a8f7d26ddc9948056756dee634d6db3098c3ff9129298efc7e"]) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:45:09 executing program 2: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000000)) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(r1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r1, 0x0, 0x3, &(0x7f0000000000)='&}\x00'}, 0x30) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r3}}, 0x48) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$RTC_AIE_ON(r4, 0x7001) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) 03:45:09 executing program 4: syz_emit_ethernet(0x66, &(0x7f0000000000)={@local, @dev={[], 0x4}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x30, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @mcast2, @local, [{0x2, 0x1, '\x00\x00\x00\x00\x00\x00'}]}}}}}}, 0x0) 03:45:09 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xf9140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:09 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x51720100) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2388.359205] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2388.370840] Killed process 30855 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB [ 2388.382766] oom_reaper: reaped process 30855 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:45:09 executing program 4: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x84400, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYRES16=0x0], 0x0) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f00000000c0)={0x0, 0x2710}, 0x10) openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/validatetrans\x00', 0x1, 0x0) [ 2388.539200] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 03:45:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfa030000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2388.623042] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2388.657325] CPU: 1 PID: 30983 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2388.665179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2388.665800] overlayfs: unrecognized mount option "/Þperdir=./file0²]‹ú¸>¶Háá’hÜÉW\5 [ 2388.665800] =´" or missing value [ 2388.674554] Call Trace: [ 2388.674579] dump_stack+0x197/0x210 [ 2388.674600] dump_header+0x15e/0xa55 [ 2388.674617] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2388.674631] ? ___ratelimit+0x60/0x595 [ 2388.674643] ? do_raw_spin_unlock+0x181/0x270 [ 2388.674660] oom_kill_process.cold+0x10/0x6ef [ 2388.674677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2388.674691] ? task_will_free_mem+0x139/0x6e0 [ 2388.674711] out_of_memory+0x362/0x1330 [ 2388.674728] ? lock_downgrade+0x880/0x880 [ 2388.674741] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2388.674762] ? oom_killer_disable+0x280/0x280 [ 2388.741553] ? find_held_lock+0x35/0x130 [ 2388.745680] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2388.750543] ? memcg_event_wake+0x230/0x230 [ 2388.754875] ? do_raw_spin_unlock+0x181/0x270 [ 2388.759396] ? _raw_spin_unlock+0x2d/0x50 [ 2388.763568] try_charge+0xec5/0x1490 [ 2388.767312] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 03:45:10 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2388.771848] overlayfs: unrecognized mount option "/Þperdir=./file0²]‹ú¸>¶Háá’hÜÉW\5 [ 2388.771848] =´" or missing value [ 2388.772172] ? lock_downgrade+0x880/0x880 [ 2388.772200] ? kasan_check_read+0x11/0x20 [ 2388.791602] memcg_kmem_charge_memcg+0x83/0x170 [ 2388.796291] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2388.800805] ? __isolate_free_page+0x4c0/0x4c0 [ 2388.805407] memcg_kmem_charge+0x13b/0x370 [ 2388.809662] __alloc_pages_nodemask+0x3c3/0x750 [ 2388.814351] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2388.819386] ? lockdep_hardirqs_on+0x415/0x5d0 03:45:10 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x80, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f0000000280)) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) dup(0xffffffffffffffff) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c2fde7065726469723d2e2f66696c6530b25d8bfab83eb648e1e1926807dcc9575c350a3db400e40fcd717d935b802149558e989ab4acca768db5118c4a27122c12ee3f4885830d6b567f021fa53b00de21a8f7d26ddc9948056756dee634d6db3098c3ff9129298efc7e"]) dup2(0xffffffffffffffff, 0xffffffffffffffff) [ 2388.824000] ? trace_hardirqs_on+0x67/0x220 [ 2388.828349] copy_process.part.0+0x3d6/0x7a60 [ 2388.832859] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2388.838028] ? delayacct_end+0x5c/0x100 [ 2388.842040] ? __delayacct_freepages_end+0xe0/0x140 [ 2388.847075] ? __lock_acquire+0x6ee/0x49c0 [ 2388.851336] ? __cleanup_sighand+0x70/0x70 [ 2388.855589] ? mark_held_locks+0x100/0x100 [ 2388.859961] _do_fork+0x257/0xfd0 [ 2388.863445] ? fork_idle+0x1d0/0x1d0 [ 2388.867179] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2388.873082] ? kasan_check_read+0x11/0x20 [ 2388.877250] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2388.882020] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2388.886795] ? do_syscall_64+0x26/0x620 [ 2388.890785] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2388.896168] ? do_syscall_64+0x26/0x620 [ 2388.900163] __x64_sys_clone+0xbf/0x150 [ 2388.904159] do_syscall_64+0xfd/0x620 [ 2388.907980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2388.913187] RIP: 0033:0x45dd19 [ 2388.916395] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2388.935310] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2388.943041] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2388.950436] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2388.957725] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2388.965010] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2388.972298] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c [ 2389.034445] Task in /syz5 killed as a result of limit of /syz5 [ 2389.041383] memory: usage 307184kB, limit 307200kB, failcnt 1400 [ 2389.048285] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2389.056036] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2389.064881] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfa140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2389.116028] Memory cgroup out of memory: Kill process 30983 (syz-executor.5) score 1103 or sacrifice child [ 2389.138217] Killed process 30983 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:10 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:10 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x60000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2389.227355] oom_reaper: reaped process 30983 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB [ 2389.264455] overlayfs: unrecognized mount option "/Þperdir=./file0²]‹ú¸>¶Háá’hÜÉW\5 [ 2389.264455] =´" or missing value 03:45:10 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfb140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2389.406501] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2389.489555] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2389.515002] CPU: 1 PID: 31303 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2389.522859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2389.532226] Call Trace: [ 2389.534831] dump_stack+0x197/0x210 [ 2389.538483] dump_header+0x15e/0xa55 [ 2389.542221] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2389.542237] ? ___ratelimit+0x60/0x595 [ 2389.542251] ? do_raw_spin_unlock+0x181/0x270 [ 2389.542270] oom_kill_process.cold+0x10/0x6ef [ 2389.542291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2389.565802] ? task_will_free_mem+0x139/0x6e0 [ 2389.570328] out_of_memory+0x362/0x1330 [ 2389.574424] ? lock_downgrade+0x880/0x880 [ 2389.578590] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2389.583710] ? oom_killer_disable+0x280/0x280 [ 2389.588220] ? find_held_lock+0x35/0x130 [ 2389.592319] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2389.597179] ? memcg_event_wake+0x230/0x230 [ 2389.601530] ? do_raw_spin_unlock+0x181/0x270 [ 2389.606052] ? _raw_spin_unlock+0x2d/0x50 [ 2389.610228] try_charge+0xec5/0x1490 [ 2389.613961] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2389.618831] ? lock_downgrade+0x880/0x880 [ 2389.623001] ? kasan_check_read+0x11/0x20 [ 2389.627205] memcg_kmem_charge_memcg+0x83/0x170 [ 2389.631901] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2389.636419] ? __isolate_free_page+0x4c0/0x4c0 [ 2389.641024] memcg_kmem_charge+0x13b/0x370 [ 2389.645287] __alloc_pages_nodemask+0x3c3/0x750 [ 2389.649987] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2389.655025] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2389.659633] ? trace_hardirqs_on+0x67/0x220 [ 2389.663970] copy_process.part.0+0x3d6/0x7a60 [ 2389.668485] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2389.673607] ? delayacct_end+0x5c/0x100 [ 2389.677602] ? __delayacct_freepages_end+0xe0/0x140 [ 2389.682645] ? __lock_acquire+0x6ee/0x49c0 [ 2389.686914] ? __cleanup_sighand+0x70/0x70 [ 2389.691167] ? mark_held_locks+0x100/0x100 [ 2389.695535] _do_fork+0x257/0xfd0 [ 2389.699018] ? fork_idle+0x1d0/0x1d0 [ 2389.702748] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2389.702767] ? kasan_check_read+0x11/0x20 [ 2389.712818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2389.717698] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2389.722484] ? do_syscall_64+0x26/0x620 [ 2389.726476] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2389.731863] ? do_syscall_64+0x26/0x620 [ 2389.735857] __x64_sys_clone+0xbf/0x150 [ 2389.739855] do_syscall_64+0xfd/0x620 [ 2389.743676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2389.748873] RIP: 0033:0x45dd19 [ 2389.752081] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2389.770998] RSP: 002b:00007ffdadc4e778 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2389.778721] RAX: ffffffffffffffda RBX: 00007f3a5ea57700 RCX: 000000000045dd19 [ 2389.786010] RDX: 00007f3a5ea579d0 RSI: 00007f3a5ea56db0 RDI: 00000000003d0f00 [ 2389.793292] RBP: 00007ffdadc4e990 R08: 00007f3a5ea57700 R09: 00007f3a5ea57700 [ 2389.800579] R10: 00007f3a5ea579d0 R11: 0000000000000202 R12: 0000000000000000 [ 2389.807862] R13: 00007ffdadc4e82f R14: 00007f3a5ea579c0 R15: 000000000075bf2c 03:45:11 executing program 2: sched_setattr(0x0, 0x0, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0/file0\x00', &(0x7f0000000340)='./file0\x00') socket$inet_tcp(0x2, 0x1, 0x0) socket$inet(0x2, 0x0, 0x0) write$P9_RRENAMEAT(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) unlink(0x0) accept(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x0) 03:45:11 executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000940)='tmpfs\x00', 0x80, 0x0) chdir(&(0x7f0000000300)='./file0\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x30000, 0x1, 0x11, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, &(0x7f0000000280)) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) dup(0xffffffffffffffff) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="6c6f7765726469723d2e2f6275732c776f726b6469723d2e2f66696c65312c2fde7065726469723d2e2f66696c6530b25d8bfab83eb648e1e1926807dcc9575c350a3db400e40fcd717d935b802149558e989ab4acca768db5118c4a27122c12ee3f4885830d6b567f021fa53b00de21a8f7d26ddc9948056756dee634d6db3098c3ff9129298efc7e"]) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:45:11 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfb210000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2389.851857] Task in /syz5 killed as a result of limit of /syz5 [ 2389.889663] memory: usage 307184kB, limit 307200kB, failcnt 1429 [ 2389.934573] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2389.966671] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2389.973126] overlayfs: unrecognized mount option "/Þperdir=./file0²]‹ú¸>¶Háá’hÜÉW\5 [ 2389.973126] =´" or missing value 03:45:11 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2390.002031] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:108KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:11 executing program 3: prctl$PR_SET_MM(0x23, 0x0, &(0x7f00002d5000/0x2000)=nil) sched_setscheduler(0x0, 0x0, &(0x7f00000001c0)) statx(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x800, 0x0, 0x0) setuid(0x0) tkill(0x0, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8044, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e20, @multicast1}}}, 0x9c) socket$inet6(0xa, 0x3, 0x20000000021) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) sched_setscheduler(0x0, 0x5, &(0x7f0000000540)=0x2) ioctl$TIOCMSET(r0, 0x5437, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000480), 0x14) 03:45:11 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:11 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfc140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2390.113545] Memory cgroup out of memory: Kill process 31303 (syz-executor.5) score 1103 or sacrifice child [ 2390.148647] Killed process 31303 (syz-executor.5) total-vm:72588kB, anon-rss:104kB, file-rss:34816kB, shmem-rss:0kB 03:45:11 executing program 2: prctl$PR_SET_MM(0x23, 0x0, &(0x7f00002d5000/0x2000)=nil) getpid() statx(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x800, 0x0, 0x0) setuid(0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8044, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x3, 0x20000000021) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000540)) ioctl$TIOCMSET(r0, 0x5437, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0xf6}, 0x14) [ 2390.217537] oom_reaper: reaped process 31303 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:11 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x68000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2390.366592] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 2390.388950] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2390.404414] CPU: 0 PID: 7950 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2390.412183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2390.421644] Call Trace: [ 2390.424252] dump_stack+0x197/0x210 [ 2390.427906] dump_header+0x15e/0xa55 [ 2390.431680] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2390.436895] ? ___ratelimit+0x60/0x595 [ 2390.440794] ? do_raw_spin_unlock+0x181/0x270 [ 2390.445318] oom_kill_process.cold+0x10/0x6ef [ 2390.449840] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2390.455419] ? task_will_free_mem+0x139/0x6e0 [ 2390.459945] out_of_memory+0x362/0x1330 [ 2390.463953] ? lock_downgrade+0x880/0x880 [ 2390.468122] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2390.473251] ? oom_killer_disable+0x280/0x280 [ 2390.477765] ? find_held_lock+0x35/0x130 [ 2390.481859] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2390.486927] ? memcg_event_wake+0x230/0x230 [ 2390.491269] ? do_raw_spin_unlock+0x181/0x270 [ 2390.495918] ? _raw_spin_unlock+0x2d/0x50 [ 2390.500112] try_charge+0xec5/0x1490 [ 2390.503855] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2390.508716] ? lock_downgrade+0x880/0x880 [ 2390.512898] ? kasan_check_read+0x11/0x20 [ 2390.517127] memcg_kmem_charge_memcg+0x83/0x170 [ 2390.521820] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2390.526350] ? __isolate_free_page+0x4c0/0x4c0 [ 2390.530957] memcg_kmem_charge+0x13b/0x370 [ 2390.535218] __alloc_pages_nodemask+0x3c3/0x750 [ 2390.539917] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2390.544959] ? find_held_lock+0x35/0x130 [ 2390.549146] ? copy_page_range+0x13b3/0x2030 [ 2390.553575] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2390.559242] alloc_pages_current+0x107/0x210 [ 2390.563675] pte_alloc_one+0x1b/0x1a0 [ 2390.567493] __pte_alloc+0x2a/0x360 [ 2390.571138] copy_page_range+0x16d0/0x2030 [ 2390.575411] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 2390.580275] ? __vma_link_rb+0x279/0x370 [ 2390.584357] copy_process.part.0+0x56f3/0x7a60 [ 2390.588985] ? __cleanup_sighand+0x70/0x70 [ 2390.593259] _do_fork+0x257/0xfd0 [ 2390.596738] ? fork_idle+0x1d0/0x1d0 [ 2390.600475] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2390.605255] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2390.610030] ? do_syscall_64+0x26/0x620 [ 2390.614023] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2390.619408] ? do_syscall_64+0x26/0x620 [ 2390.623471] __x64_sys_clone+0xbf/0x150 [ 2390.627472] do_syscall_64+0xfd/0x620 [ 2390.631297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2390.636596] RIP: 0033:0x45991a [ 2390.639809] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2390.658735] RSP: 002b:00007ffdadc4ea10 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 03:45:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000380)) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) setsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={0x0, 0x839}, 0x8) ftruncate(r3, 0x200004) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f00000000c0)) sendfile(r0, r3, 0x0, 0x80001d00c0d0) 03:45:12 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) [ 2390.666466] RAX: ffffffffffffffda RBX: 00007ffdadc4ea10 RCX: 000000000045991a [ 2390.673754] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2390.681042] RBP: 00007ffdadc4ea50 R08: 0000000000000001 R09: 0000000002972940 [ 2390.688325] R10: 0000000002972c10 R11: 0000000000000246 R12: 0000000000000001 [ 2390.695608] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdadc4eaa0 03:45:12 executing program 2: getpid() perf_event_open(&(0x7f0000000900)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) close(0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x7, 0x35}, 0xd8) bind$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback, 0x1}, 0x1c) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000000)) r2 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x20601, 0x0) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, r2, 0x0, 0x3, &(0x7f0000000000)='&}\x00', 0x0}, 0x30) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @local, 0x4}, {0xa, 0x0, 0x4, @mcast1}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @loopback}, {0x2, 0x0, 0xffffffc1, @dev={0xfe, 0x80, [], 0x16}}, r5}}, 0x48) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x20601, 0x0) ioctl$RTC_AIE_ON(r6, 0x7001) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r3}, 0xc) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000240), 0x0, 0xfffffffffffffffe) socket$inet_udp(0x2, 0x2, 0x0) add_key$user(&(0x7f0000000700)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000080)='\x00', 0x1, 0xfffffffffffffffd) 03:45:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfcffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2390.778600] Task in /syz5 killed as a result of limit of /syz5 [ 2390.786888] memory: usage 307072kB, limit 307200kB, failcnt 1454 [ 2390.808828] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2390.836813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2390.860218] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:56KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2390.913030] Memory cgroup out of memory: Kill process 7950 (syz-executor.5) score 117 or sacrifice child [ 2390.938310] Killed process 7950 (syz-executor.5) total-vm:72456kB, anon-rss:104kB, file-rss:35792kB, shmem-rss:0kB 03:45:12 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:12 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x6c000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:12 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfd140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:12 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:13 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) 03:45:13 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x74000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfe140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:13 executing program 2: r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast1, 0x800, 0x0, 0x2, 0x1, 0x1, 0x7}, 0x20) 03:45:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfeff0000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:13 executing program 2: 03:45:13 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfeffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:13 executing program 2: 03:45:13 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:13 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:13 executing program 2: 03:45:14 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xff0f0000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:14 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) [ 2395.001166] audit: type=1400 audit(1580269516.380:184): avc: denied { map } for pid=31865 comm="syz-executor.5" path="/root/syz-executor.5" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 2395.119464] IPVS: ftp: loaded support on port[0] = 21 [ 2395.223494] chnl_net:caif_netlink_parms(): no params data found [ 2395.312414] bridge0: port 1(bridge_slave_0) entered blocking state [ 2395.319167] bridge0: port 1(bridge_slave_0) entered disabled state [ 2395.321890] device bridge_slave_0 entered promiscuous mode [ 2395.370965] bridge0: port 2(bridge_slave_1) entered blocking state [ 2395.377464] bridge0: port 2(bridge_slave_1) entered disabled state [ 2395.386230] device bridge_slave_1 entered promiscuous mode [ 2395.409645] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 2395.465367] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 2395.485639] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 2395.495318] team0: Port device team_slave_0 added [ 2395.551357] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 2395.561244] team0: Port device team_slave_1 added [ 2395.582802] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2395.589135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2395.614406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2395.683960] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2395.690617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2395.716879] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2395.729930] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 2395.791434] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 2395.844137] device hsr_slave_0 entered promiscuous mode [ 2395.889946] device hsr_slave_1 entered promiscuous mode [ 2395.984300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 2395.992808] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 2396.159208] bridge0: port 2(bridge_slave_1) entered blocking state [ 2396.165801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2396.172800] bridge0: port 1(bridge_slave_0) entered blocking state [ 2396.179548] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2396.270866] bridge0: port 1(bridge_slave_0) entered disabled state [ 2396.289255] bridge0: port 2(bridge_slave_1) entered disabled state [ 2396.374147] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2396.386926] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 2396.452913] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 2396.459817] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 2396.474092] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2396.488209] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 2396.495260] 8021q: adding VLAN 0 to HW filter on device team0 [ 2396.549377] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 2396.557265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2396.567599] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2396.576549] bridge0: port 1(bridge_slave_0) entered blocking state [ 2396.582971] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2396.600911] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 2396.653215] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2396.663106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2396.672411] bridge0: port 2(bridge_slave_1) entered blocking state [ 2396.678820] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2396.744564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 2396.752561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 2396.769350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 2396.779634] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 2396.823415] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 2396.831786] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 2396.842672] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 2396.854565] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 2396.906880] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 2396.914573] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 2396.925053] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 2396.986481] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 2396.994436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2397.004887] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2397.020719] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 2397.028045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2397.038289] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2397.097230] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 2397.104418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 2397.167449] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 2397.180239] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 2397.187165] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2397.194915] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2397.243894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2397.326864] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 2397.343343] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 2397.351408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2397.362926] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2397.465721] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 2397.475381] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 2397.483652] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 2397.545692] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 2397.553398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2397.563406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2397.574694] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2397.583475] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2397.644476] device veth0_vlan entered promiscuous mode [ 2397.662619] device veth1_vlan entered promiscuous mode [ 2397.669557] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 2397.683808] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 2397.726574] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 2397.740428] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 2397.748065] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 2397.757906] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 2397.767258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2397.777442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2397.827242] device veth0_macvtap entered promiscuous mode [ 2397.835129] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 2397.847908] device veth1_macvtap entered promiscuous mode [ 2397.856878] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 2397.873317] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 2397.925643] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 2397.939870] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2397.950732] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2397.960361] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2397.970875] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2397.980495] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2397.990632] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.000502] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2398.011007] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.020650] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2398.031102] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.041162] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 2398.051848] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.063591] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 2398.071642] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2398.135284] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 2398.144452] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2398.153760] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2398.163311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2398.178308] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.188936] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.198065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.208620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.217743] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.228315] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.237513] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.247592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.257185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.266994] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.276627] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 2398.286418] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2398.297483] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 2398.305428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2398.363686] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2398.374465] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 03:45:20 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x7a000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:20 executing program 2: 03:45:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xff140900, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:20 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) socket$key(0xf, 0x3, 0x2) 03:45:20 executing program 4: syz_extract_tcp_res$synack(&(0x7f00000014c0)={0x41424344, 0x41424344}, 0x1, 0x0) syz_extract_tcp_res$synack(&(0x7f0000001500)={0x41424344}, 0x1, 0x0) syz_emit_ethernet(0x2ab, &(0x7f0000000480)={@local, @dev={[], 0x36}, @val={@void, {0x8100, 0x5, 0x1, 0x2}}, {@ipv6={0x86dd, @tcp={0x1, 0x6, "ed6d83", 0x271, 0x6, 0x7, @mcast1, @loopback, {[@srh={0x33, 0xa, 0x4, 0x5, 0x1, 0x0, 0x4000, [@ipv4={[], [], @multicast1}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @empty, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty]}, @srh={0x66, 0x4, 0x4, 0x2, 0x4, 0x20, 0x324c, [@loopback, @local]}, @srh={0xc, 0xc, 0x4, 0x6, 0x20, 0x18, 0x2, [@mcast2, @mcast1, @remote, @empty, @remote, @mcast1]}, @dstopts={0x32, 0x11, [], [@jumbo, @hao={0xc9, 0x10, @empty}, @enc_lim={0x4, 0x1, 0x1f}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x10001}, @calipso={0x7, 0x58, {0x1, 0x14, 0xf9, 0x5, [0x1ff, 0x140000000000, 0xfffffffffffffacb, 0x7, 0xfff, 0xc000000000000000, 0x2, 0x20, 0x3, 0x0]}}, @enc_lim={0x4, 0x1, 0xf8}, @pad1]}, @routing={0x3c, 0x2, 0x2, 0x80, 0x0, [@empty]}, @hopopts={0x89, 0x2, [], [@calipso={0x7, 0x10, {0x3, 0x2, 0x7, 0x3, [0xffffffffffffffff]}}]}, @fragment={0xc, 0x0, 0x1, 0x0, 0x0, 0x1a, 0x69}], {{0x4e21, 0x4e22, r0, r1, 0x0, 0x0, 0x12, 0x2, 0x8, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @nop, @timestamp={0x8, 0xa, 0x3, 0xffff}, @exp_fastopen={0xfe, 0x10, 0xf989, "6fd6167857ca9abca8abb9ec"}, @exp_fastopen={0xfe, 0x6, 0xf989, "b27c"}, @generic={0xfe, 0xf, "c02c5a7c63d55ff412caeb9b2d"}]}}, {"544adf66c0223682dec3442035c441ac3f867c59f9ec770402a95a7fc3dc75c01cbb96f20d1a44b24d05c05d1f2c3d19debbca519c958e1ff5f2c25283b6599a3fc3621cf04df47ce73491a1d26ea582de764a472760f8f2caac2d245a635a8d6573980c283296bcc8"}}}}}}}, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x400, 0x0) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9c0000000906010200000000000000000c0000023200000000000004000700000005000100070000006c0007800900120073797a300000000021001a0c747275737465643a73656c66297d766d6e6574312373656c662b2c2500ffed000c00184000000000000004001100148008000140ac1e00010c001b4000000000000000400a001100aaaaaaaaaa31000008000a400000000200000000000000"], 0x9c}, 0x1, 0x0, 0x0, 0x44000}, 0x20000800) 03:45:20 executing program 2: 03:45:20 executing program 1: pipe(0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:20 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xff7f0000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2399.029914] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:20 executing program 2: 03:45:20 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {0x2, 0x3}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000080)=0x6000, 0x4) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2399.188134] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2399.224247] CPU: 1 PID: 31992 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 03:45:20 executing program 1: pipe(0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) [ 2399.232111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2399.241565] Call Trace: [ 2399.244171] dump_stack+0x197/0x210 [ 2399.247819] dump_header+0x15e/0xa55 [ 2399.251550] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2399.256672] ? ___ratelimit+0x60/0x595 [ 2399.260580] ? do_raw_spin_unlock+0x181/0x270 [ 2399.265096] oom_kill_process.cold+0x10/0x6ef [ 2399.269613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2399.275348] ? task_will_free_mem+0x139/0x6e0 [ 2399.279872] out_of_memory+0x362/0x1330 [ 2399.283873] ? lock_downgrade+0x880/0x880 [ 2399.288039] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2399.293164] ? oom_killer_disable+0x280/0x280 [ 2399.297677] ? find_held_lock+0x35/0x130 [ 2399.301766] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2399.306632] ? memcg_event_wake+0x230/0x230 [ 2399.310980] ? do_raw_spin_unlock+0x181/0x270 [ 2399.315497] ? _raw_spin_unlock+0x2d/0x50 [ 2399.319666] try_charge+0xec5/0x1490 [ 2399.323394] ? lock_downgrade+0x880/0x880 [ 2399.327564] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2399.332424] ? rcu_read_unlock+0x33/0x60 [ 2399.336631] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2399.341499] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2399.347587] mem_cgroup_try_charge+0x259/0x6b0 [ 2399.352199] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2399.357151] wp_page_copy+0x430/0x16a0 [ 2399.361081] ? follow_pfn+0x2a0/0x2a0 [ 2399.364902] ? do_raw_spin_unlock+0x181/0x270 [ 2399.369410] do_wp_page+0x57d/0x10b0 [ 2399.373133] ? lock_acquire+0x16f/0x3f0 [ 2399.377110] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2399.381795] ? kasan_check_write+0x14/0x20 [ 2399.386050] ? do_raw_spin_lock+0xd7/0x250 [ 2399.390316] __handle_mm_fault+0x2305/0x3f80 [ 2399.394748] ? copy_page_range+0x2030/0x2030 [ 2399.399634] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2399.404324] handle_mm_fault+0x1b5/0x690 [ 2399.408410] __do_page_fault+0x62a/0xe90 [ 2399.412492] ? vmalloc_fault+0x740/0x740 [ 2399.416564] ? trace_hardirqs_off_caller+0x65/0x220 [ 2399.421592] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2399.426533] ? page_fault+0x8/0x30 [ 2399.430088] do_page_fault+0x71/0x57d [ 2399.433899] ? page_fault+0x8/0x30 [ 2399.437452] page_fault+0x1e/0x30 [ 2399.440916] RIP: 0033:0x410398 [ 2399.444122] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2399.463039] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2399.468442] RAX: 000000005417b8f5 RBX: 000000003bd92199 RCX: 0000001b34520000 [ 2399.475722] RDX: 0000000000000000 RSI: 00000000000018f5 RDI: ffffffff5417b8f5 [ 2399.483009] RBP: 0000000000000009 R08: 000000005417b8f5 R09: 000000005417b8f9 [ 2399.490294] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 [ 2399.497584] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000009 [ 2399.589396] Task in /syz5 killed as a result of limit of /syz5 [ 2399.595893] memory: usage 307200kB, limit 307200kB, failcnt 1534 [ 2399.617256] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2399.636832] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2399.650144] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:128KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2399.672213] Memory cgroup out of memory: Kill process 31992 (syz-executor.5) score 1103 or sacrifice child 03:45:21 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x87a00000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:21 executing program 2: 03:45:21 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f00000000c0)={{0x4, @local, 0x4e62, 0x1, 'sh\x00', 0x22, 0x0, 0x6e}, {@loopback, 0x4e21, 0x0, 0xe17e, 0x2, 0x28}}, 0x44) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000080)=0x41ec) 03:45:21 executing program 1: pipe(0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:21 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) 03:45:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffff1f00, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2399.687357] Killed process 31992 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2399.702088] oom_reaper: reaped process 31992 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:21 executing program 2: [ 2399.749389] IPVS: set_ctl: invalid protocol: 4 172.20.20.170:20066 03:45:21 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffa888, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2399.908805] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:21 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @mcast1, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:21 executing program 2: [ 2400.001117] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2400.052026] CPU: 0 PID: 32290 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2400.059960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.069323] Call Trace: [ 2400.071928] dump_stack+0x197/0x210 [ 2400.075575] dump_header+0x15e/0xa55 [ 2400.079306] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2400.084419] ? ___ratelimit+0x60/0x595 [ 2400.088320] ? do_raw_spin_unlock+0x181/0x270 [ 2400.092831] oom_kill_process.cold+0x10/0x6ef [ 2400.097339] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2400.102887] ? task_will_free_mem+0x139/0x6e0 [ 2400.107400] out_of_memory+0x362/0x1330 [ 2400.111393] ? lock_downgrade+0x880/0x880 [ 2400.115549] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2400.120663] ? oom_killer_disable+0x280/0x280 [ 2400.125177] ? find_held_lock+0x35/0x130 [ 2400.129259] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2400.134113] ? memcg_event_wake+0x230/0x230 [ 2400.138453] ? do_raw_spin_unlock+0x181/0x270 [ 2400.142961] ? _raw_spin_unlock+0x2d/0x50 [ 2400.147127] try_charge+0xec5/0x1490 [ 2400.150872] ? lock_downgrade+0x880/0x880 [ 2400.155052] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2400.159910] ? rcu_read_unlock+0x33/0x60 [ 2400.163992] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2400.168858] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2400.174941] mem_cgroup_try_charge+0x259/0x6b0 [ 2400.179547] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2400.184496] wp_page_copy+0x430/0x16a0 [ 2400.188410] ? follow_pfn+0x2a0/0x2a0 [ 2400.192235] ? do_raw_spin_unlock+0x181/0x270 [ 2400.196746] do_wp_page+0x57d/0x10b0 [ 2400.200479] ? lock_acquire+0x16f/0x3f0 [ 2400.204463] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2400.209145] ? kasan_check_write+0x14/0x20 [ 2400.213393] ? do_raw_spin_lock+0xd7/0x250 [ 2400.217649] __handle_mm_fault+0x2305/0x3f80 [ 2400.222074] ? copy_page_range+0x2030/0x2030 [ 2400.226535] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2400.231218] handle_mm_fault+0x1b5/0x690 [ 2400.235300] __do_page_fault+0x62a/0xe90 [ 2400.239387] ? vmalloc_fault+0x740/0x740 [ 2400.243470] ? trace_hardirqs_off_caller+0x65/0x220 [ 2400.248506] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2400.253449] ? page_fault+0x8/0x30 [ 2400.257010] do_page_fault+0x71/0x57d [ 2400.260826] ? page_fault+0x8/0x30 [ 2400.264385] page_fault+0x1e/0x30 [ 2400.267852] RIP: 0033:0x410398 [ 2400.271055] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2400.289970] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2400.295346] RAX: 00000000ed3764ca RBX: 00000000c68a3309 RCX: 0000001b34520000 03:45:21 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2400.302631] RDX: 0000000000000000 RSI: 00000000000004ca RDI: ffffffffed3764ca [ 2400.310018] RBP: 0000000000000004 R08: 00000000ed3764ca R09: 00000000ed3764ce [ 2400.317300] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 [ 2400.324589] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000004 [ 2400.341135] Task in /syz5 killed as a result of limit of /syz5 03:45:21 executing program 2: [ 2400.355811] memory: usage 307200kB, limit 307200kB, failcnt 1564 [ 2400.401868] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2400.433905] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2400.451978] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2400.517267] Memory cgroup out of memory: Kill process 32290 (syz-executor.5) score 1103 or sacrifice child [ 2400.578325] Killed process 32290 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2400.607385] oom_reaper: reaped process 32290 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:22 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x97ffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfffff000, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:22 executing program 2: 03:45:22 executing program 4: syz_emit_ethernet(0x136, &(0x7f0000000080)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x100, 0x3a, 0xff, @remote, @mcast2, {[@fragment={0x57, 0x0, 0x8, 0x1, 0x0, 0x0, 0x67}, @routing={0x87, 0xa, 0x1, 0x9, 0x0, [@empty, @remote, @loopback, @ipv4={[], [], @broadcast}, @loopback]}, @dstopts={0x29, 0x1, [], [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x2}, @pad1]}, @routing={0x5c, 0x8, 0x2, 0xba, 0x0, [@loopback, @empty, @rand_addr="1a475686fd936908af7abce07e1072bb", @mcast2]}], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:22 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:22 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) 03:45:22 executing program 2: 03:45:22 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe7dfb01083d166154000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) 03:45:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffff7f, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2400.865177] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 03:45:22 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(0x0, 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2400.913440] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2400.961896] CPU: 0 PID: 32670 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2400.969745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2400.979109] Call Trace: [ 2400.981732] dump_stack+0x197/0x210 [ 2400.985383] dump_header+0x15e/0xa55 [ 2400.989142] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2400.994267] ? ___ratelimit+0x60/0x595 [ 2400.998187] ? do_raw_spin_unlock+0x181/0x270 [ 2401.002709] oom_kill_process.cold+0x10/0x6ef [ 2401.007219] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.012768] ? task_will_free_mem+0x139/0x6e0 [ 2401.017293] out_of_memory+0x362/0x1330 [ 2401.021292] ? lock_downgrade+0x880/0x880 [ 2401.025445] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2401.030556] ? oom_killer_disable+0x280/0x280 [ 2401.035063] ? find_held_lock+0x35/0x130 [ 2401.039149] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2401.044005] ? memcg_event_wake+0x230/0x230 [ 2401.048344] ? do_raw_spin_unlock+0x181/0x270 [ 2401.052856] ? _raw_spin_unlock+0x2d/0x50 [ 2401.057020] try_charge+0xec5/0x1490 [ 2401.060758] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2401.065620] ? lock_downgrade+0x880/0x880 [ 2401.069786] ? kasan_check_read+0x11/0x20 [ 2401.073959] memcg_kmem_charge_memcg+0x83/0x170 [ 2401.078649] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2401.083169] ? __isolate_free_page+0x4c0/0x4c0 [ 2401.087766] memcg_kmem_charge+0x13b/0x370 [ 2401.092016] __alloc_pages_nodemask+0x3c3/0x750 [ 2401.096710] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2401.101745] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2401.106339] ? trace_hardirqs_on+0x67/0x220 [ 2401.110685] copy_process.part.0+0x3d6/0x7a60 [ 2401.115202] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2401.120316] ? delayacct_end+0x5c/0x100 [ 2401.124312] ? __delayacct_freepages_end+0xe0/0x140 [ 2401.130041] ? __lock_acquire+0x6ee/0x49c0 [ 2401.134297] ? __cleanup_sighand+0x70/0x70 [ 2401.138549] ? mark_held_locks+0x100/0x100 [ 2401.142810] _do_fork+0x257/0xfd0 [ 2401.146280] ? fork_idle+0x1d0/0x1d0 [ 2401.150014] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2401.155995] ? kasan_check_read+0x11/0x20 [ 2401.160153] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2401.164920] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2401.169693] ? do_syscall_64+0x26/0x620 [ 2401.173684] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2401.179059] ? do_syscall_64+0x26/0x620 [ 2401.183050] __x64_sys_clone+0xbf/0x150 [ 2401.187039] do_syscall_64+0xfd/0x620 [ 2401.190852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2401.196042] RIP: 0033:0x45dd19 03:45:22 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2401.199239] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2401.218264] RSP: 002b:00007fff632615a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2401.226008] RAX: ffffffffffffffda RBX: 00007fe2dbc49700 RCX: 000000000045dd19 [ 2401.233288] RDX: 00007fe2dbc499d0 RSI: 00007fe2dbc48db0 RDI: 00000000003d0f00 [ 2401.240569] RBP: 00007fff632617c0 R08: 00007fe2dbc49700 R09: 00007fe2dbc49700 [ 2401.247847] R10: 00007fe2dbc499d0 R11: 0000000000000202 R12: 0000000000000000 [ 2401.255128] R13: 00007fff6326165f R14: 00007fe2dbc499c0 R15: 000000000075bf2c 03:45:22 executing program 2: [ 2401.394972] Task in /syz5 killed as a result of limit of /syz5 [ 2401.428755] memory: usage 307172kB, limit 307200kB, failcnt 1590 [ 2401.447287] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2401.464429] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2401.477880] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2401.530051] Memory cgroup out of memory: Kill process 32670 (syz-executor.5) score 1103 or sacrifice child [ 2401.547238] Killed process 32670 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2401.564012] oom_reaper: reaped process 32670 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:22 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x9effffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:23 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x8000, 0x200440) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = dup3(r2, r3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r4, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB="02009446", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x7a, &(0x7f000059aff8)={r5}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000000c0)={r5, 0x4d, "f5bd450d42cc4db73b7d06b42a92edbbf81302c609d901168abb10da5d55bc0907daee9fc5c2c4c02d13654442cb6a811a9391d298974aea9b2b09c8868a84c673dba3ac75ad2069497ad3bdbd"}, &(0x7f0000000140)=0x55) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000180)={r6, 0x9, 0x1000, 0x79}, 0x10) 03:45:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffff9e, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:23 executing program 2: 03:45:23 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) ioctl$BLKSECDISCARD(0xffffffffffffffff, 0x127d, &(0x7f0000000240)) 03:45:23 executing program 2: [ 2401.733978] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:23 executing program 2: [ 2401.785422] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2401.814976] CPU: 1 PID: 32727 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2401.822832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2401.832200] Call Trace: 03:45:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffffc3, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2401.834806] dump_stack+0x197/0x210 [ 2401.838456] dump_header+0x15e/0xa55 [ 2401.842181] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2401.847294] ? ___ratelimit+0x60/0x595 [ 2401.851198] ? do_raw_spin_unlock+0x181/0x270 [ 2401.855709] oom_kill_process.cold+0x10/0x6ef [ 2401.860266] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2401.865812] ? task_will_free_mem+0x139/0x6e0 [ 2401.870327] out_of_memory+0x362/0x1330 [ 2401.874335] ? lock_downgrade+0x880/0x880 [ 2401.878503] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 03:45:23 executing program 4: connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x5, @any, 0x400, 0x1}, 0xe) syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0900aaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe800000000000004e4c4b25fc7e424e5c00000000000000aa0203d5f2c1e36282dfc7cd13ce6138"], 0x0) [ 2401.883617] ? oom_killer_disable+0x280/0x280 [ 2401.888118] ? find_held_lock+0x35/0x130 [ 2401.892191] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2401.897033] ? memcg_event_wake+0x230/0x230 [ 2401.901361] ? do_raw_spin_unlock+0x181/0x270 [ 2401.905871] ? _raw_spin_unlock+0x2d/0x50 [ 2401.910036] try_charge+0xec5/0x1490 [ 2401.913767] ? lock_downgrade+0x880/0x880 [ 2401.917934] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2401.922792] ? rcu_read_unlock+0x33/0x60 [ 2401.926871] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2401.931724] ? __pte_alloc+0x1bf/0x360 [ 2401.935631] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2401.941731] mem_cgroup_try_charge+0x259/0x6b0 [ 2401.946340] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2401.951288] __handle_mm_fault+0x1e50/0x3f80 [ 2401.955714] ? copy_page_range+0x2030/0x2030 [ 2401.960162] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2401.964841] handle_mm_fault+0x1b5/0x690 [ 2401.968916] __do_page_fault+0x62a/0xe90 [ 2401.972993] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2401.978914] ? vmalloc_fault+0x740/0x740 [ 2401.982982] ? trace_hardirqs_off_caller+0x65/0x220 [ 2401.988008] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2401.992956] ? page_fault+0x8/0x30 [ 2401.996515] do_page_fault+0x71/0x57d [ 2402.000331] ? page_fault+0x8/0x30 [ 2402.003877] page_fault+0x1e/0x30 [ 2402.007334] RIP: 0033:0x40e4fc [ 2402.010538] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2402.029452] RSP: 002b:00007fff632616e0 EFLAGS: 00010217 [ 2402.034833] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b349 [ 2402.042119] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 2402.049407] RBP: 000000000075bf2c R08: 00007fe2dbc49700 R09: ffffffffffffffff [ 2402.056688] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2402.063976] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c 03:45:23 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:23 executing program 2: 03:45:23 executing program 4: ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, &(0x7f0000000080)={@any, 0x7}) syz_emit_ethernet(0x76, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff02000000000000000000000000238305ce72331100018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fdf947ec55dbd9851fb04dc6e6b5d261a6518d7b60d398527f794bf59021436dfe7e879e47314f96990d4e8b8dfe81acae04b1e270facf1a592da81e6fa7d9aedabed57efe6242dddd936a8bd68b35d5607a28272cca101770db857b966fe82485130620ce6093303d928754d75d3308f38e2bd8eacc3b647941648caf555e7089164b9d6d8a62e085da511a996ddb16accfbfc3fbe09d3fae8f8b892f600dc763f9c80ce7c6fb91bf73bfe0e7068a44976f2848f54ea9a634cc4d8d6d625f7a7d934d2ca7fa869d5411e9ebaed61a124bed8d08275614e5c185abfb64fc91867f3482eeb78b04918bbd47e30e3774fbaa4ed267c482d9b607b9d3db0d31a542a830ff71262d3d18ad74face893bfbc139bd7180b8b88550adbde09fd95908f6113d89debe6fce91bb7523f4d7822b9a6fd71e45887df12c058a8f2f30d98a753b12dd1b863b41f3bd3677b799ae6819587a7b0e41a56d49e07a6dda6fe81c404336fd5e29298f3299c92e6e6fd04e24554e977fb81f0f2f55d8068c5e6b24"], 0x0) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000100)) [ 2402.151574] Task in /syz5 killed as a result of limit of /syz5 [ 2402.188616] memory: usage 307200kB, limit 307200kB, failcnt 1620 [ 2402.227038] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2402.245822] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2402.253769] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2402.309203] Memory cgroup out of memory: Kill process 32727 (syz-executor.5) score 1103 or sacrifice child [ 2402.326888] Killed process 32727 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2402.351894] oom_reaper: reaped process 32727 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:23 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xbc0e0000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:23 executing program 2: 03:45:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffffe4, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:23 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:23 executing program 2: [ 2402.487443] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:23 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaa8c00403afffe8000000000000000000000000000bbff02000000000000000000000000002498fb1e53543601890090780000b99c94fb0007000000000000000000000000000000bbfe8000000000000200000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a"], 0x0) [ 2402.539448] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2402.553643] CPU: 1 PID: 493 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2402.561337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2402.570702] Call Trace: [ 2402.573309] dump_stack+0x197/0x210 [ 2402.576952] dump_header+0x15e/0xa55 [ 2402.580861] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2402.585992] ? ___ratelimit+0x60/0x595 [ 2402.590017] ? do_raw_spin_unlock+0x181/0x270 [ 2402.594643] oom_kill_process.cold+0x10/0x6ef [ 2402.599167] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2402.604722] ? task_will_free_mem+0x139/0x6e0 [ 2402.609244] out_of_memory+0x362/0x1330 [ 2402.613231] ? lock_downgrade+0x880/0x880 [ 2402.617395] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2402.622520] ? oom_killer_disable+0x280/0x280 [ 2402.627028] ? find_held_lock+0x35/0x130 [ 2402.631209] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2402.636065] ? memcg_event_wake+0x230/0x230 [ 2402.640405] ? do_raw_spin_unlock+0x181/0x270 [ 2402.644918] ? _raw_spin_unlock+0x2d/0x50 [ 2402.649078] try_charge+0xec5/0x1490 [ 2402.652809] ? lock_downgrade+0x880/0x880 [ 2402.656976] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2402.661828] ? rcu_read_unlock+0x33/0x60 [ 2402.665902] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2402.670754] ? __pte_alloc+0x1bf/0x360 [ 2402.674759] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2402.680838] mem_cgroup_try_charge+0x259/0x6b0 [ 2402.685437] mem_cgroup_try_charge_delay+0x1f/0xa0 03:45:24 executing program 2: 03:45:24 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000080)={0x10000, 0x3, 0x80000001, 0x0, 0x1a9c, 0x1, 0x9}) [ 2402.690394] __handle_mm_fault+0x1e50/0x3f80 [ 2402.694829] ? copy_page_range+0x2030/0x2030 [ 2402.699272] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2402.703957] handle_mm_fault+0x1b5/0x690 [ 2402.708026] __do_page_fault+0x62a/0xe90 [ 2402.712184] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2402.718271] ? vmalloc_fault+0x740/0x740 [ 2402.722351] ? trace_hardirqs_off_caller+0x65/0x220 [ 2402.727728] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2402.732699] ? page_fault+0x8/0x30 [ 2402.736263] do_page_fault+0x71/0x57d 03:45:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfffffff0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2402.740079] ? page_fault+0x8/0x30 [ 2402.743645] page_fault+0x1e/0x30 [ 2402.747113] RIP: 0033:0x40e4fc [ 2402.750327] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2402.769244] RSP: 002b:00007fff632616e0 EFLAGS: 00010217 [ 2402.774649] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b349 [ 2402.781933] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 2402.789222] RBP: 000000000075bf2c R08: 00007fe2dbc49700 R09: ffffffffffffffff [ 2402.796512] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2402.803802] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 2402.884660] Task in /syz5 killed as a result of limit of /syz5 [ 2402.891318] memory: usage 307200kB, limit 307200kB, failcnt 1646 [ 2402.897898] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2402.905738] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2402.913845] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2402.937359] Memory cgroup out of memory: Kill process 493 (syz-executor.5) score 1103 or sacrifice child [ 2402.948171] Killed process 493 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2402.960814] oom_reaper: reaped process 493 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:24 executing program 4: r0 = accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14, 0x80800) connect(r0, &(0x7f0000000100)=@in6={0xa, 0x4e22, 0xd, @mcast2, 0x5}, 0x80) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:24 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:24 executing program 2: 03:45:24 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xe4ffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:24 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:24 executing program 2: [ 2403.135514] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2403.217400] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2403.223824] CPU: 1 PID: 622 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2403.231481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2403.240850] Call Trace: [ 2403.243454] dump_stack+0x197/0x210 [ 2403.247098] dump_header+0x15e/0xa55 [ 2403.250833] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2403.255954] ? ___ratelimit+0x60/0x595 [ 2403.259859] ? do_raw_spin_unlock+0x181/0x270 [ 2403.264381] oom_kill_process.cold+0x10/0x6ef [ 2403.268901] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2403.274457] ? task_will_free_mem+0x139/0x6e0 [ 2403.278974] out_of_memory+0x362/0x1330 [ 2403.282966] ? lock_downgrade+0x880/0x880 [ 2403.287130] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2403.292253] ? oom_killer_disable+0x280/0x280 [ 2403.296763] ? find_held_lock+0x35/0x130 [ 2403.300850] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2403.305720] ? memcg_event_wake+0x230/0x230 [ 2403.310166] ? do_raw_spin_unlock+0x181/0x270 [ 2403.314680] ? _raw_spin_unlock+0x2d/0x50 [ 2403.318951] try_charge+0xec5/0x1490 [ 2403.322687] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2403.327547] ? lock_downgrade+0x880/0x880 [ 2403.331712] ? kasan_check_read+0x11/0x20 [ 2403.335886] memcg_kmem_charge_memcg+0x83/0x170 [ 2403.340576] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2403.345091] ? __isolate_free_page+0x4c0/0x4c0 [ 2403.349687] memcg_kmem_charge+0x13b/0x370 [ 2403.354053] __alloc_pages_nodemask+0x3c3/0x750 [ 2403.358760] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2403.363809] ? trace_hardirqs_on+0x67/0x220 [ 2403.368144] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2403.373174] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2403.378729] alloc_pages_current+0x107/0x210 [ 2403.383161] pte_alloc_one+0x1b/0x1a0 [ 2403.386984] __pte_alloc+0x2a/0x360 [ 2403.390633] __handle_mm_fault+0x340b/0x3f80 [ 2403.395066] ? copy_page_range+0x2030/0x2030 [ 2403.399510] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2403.404198] handle_mm_fault+0x1b5/0x690 [ 2403.408279] __do_page_fault+0x62a/0xe90 [ 2403.412351] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2403.418254] ? vmalloc_fault+0x740/0x740 [ 2403.422346] ? trace_hardirqs_off_caller+0x65/0x220 [ 2403.427382] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2403.432419] ? page_fault+0x8/0x30 [ 2403.435984] do_page_fault+0x71/0x57d [ 2403.439808] ? page_fault+0x8/0x30 [ 2403.443371] page_fault+0x1e/0x30 [ 2403.446839] RIP: 0033:0x40e4fc [ 2403.450058] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 94 4d ff ff <83> 05 01 1b 55 00 01 80 7c 24 59 00 74 0b f6 44 24 08 01 0f 84 98 [ 2403.469094] RSP: 002b:00007fff632616e0 EFLAGS: 00010217 [ 2403.474473] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b349 [ 2403.481773] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 000000000075bf28 [ 2403.489061] RBP: 000000000075bf2c R08: 00007fe2dbc49700 R09: ffffffffffffffff [ 2403.496344] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bf20 [ 2403.503632] R13: 0000000000000005 R14: 0000000000000000 R15: 000000000075bf2c [ 2403.558853] Task in /syz5 killed as a result of limit of /syz5 [ 2403.565303] memory: usage 307200kB, limit 307200kB, failcnt 1671 [ 2403.572427] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2403.584287] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2403.591441] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2403.614595] Memory cgroup out of memory: Kill process 622 (syz-executor.5) score 1103 or sacrifice child [ 2403.625805] Killed process 622 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2403.646694] oom_reaper: reaped process 622 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:25 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:25 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:25 executing program 2: 03:45:25 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) socket$inet6_udplite(0xa, 0x2, 0x88) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r4, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r5 = dup3(r2, r0, 0x0) ioctl$DRM_IOCTL_VERSION(r5, 0xc0406400, &(0x7f0000000200)={0x7, 0x240000, 0x7, 0x90, &(0x7f0000000000)=""/144, 0x3c, &(0x7f00000000c0)=""/60, 0xff, &(0x7f0000000100)=""/255}) 03:45:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xfffffffe, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:25 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xf0ffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:25 executing program 2: [ 2404.345522] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2404.447923] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2404.486103] CPU: 1 PID: 843 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2404.493784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2404.503148] Call Trace: [ 2404.505763] dump_stack+0x197/0x210 [ 2404.509413] dump_header+0x15e/0xa55 [ 2404.513154] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2404.518281] ? ___ratelimit+0x60/0x595 [ 2404.522200] ? do_raw_spin_unlock+0x181/0x270 [ 2404.526742] oom_kill_process.cold+0x10/0x6ef [ 2404.531259] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2404.536820] ? task_will_free_mem+0x139/0x6e0 [ 2404.541351] out_of_memory+0x362/0x1330 [ 2404.545360] ? lock_downgrade+0x880/0x880 [ 2404.549526] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2404.554661] ? oom_killer_disable+0x280/0x280 [ 2404.559170] ? find_held_lock+0x35/0x130 [ 2404.563262] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2404.568131] ? memcg_event_wake+0x230/0x230 [ 2404.572482] ? do_raw_spin_unlock+0x181/0x270 [ 2404.577010] ? _raw_spin_unlock+0x2d/0x50 [ 2404.581172] try_charge+0xec5/0x1490 [ 2404.584911] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2404.589946] ? lock_downgrade+0x880/0x880 [ 2404.594109] ? kasan_check_read+0x11/0x20 [ 2404.598278] memcg_kmem_charge_memcg+0x83/0x170 [ 2404.602965] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2404.607484] ? __isolate_free_page+0x4c0/0x4c0 [ 2404.612084] memcg_kmem_charge+0x13b/0x370 [ 2404.616341] __alloc_pages_nodemask+0x3c3/0x750 [ 2404.621030] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2404.626065] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2404.630656] ? trace_hardirqs_on+0x67/0x220 [ 2404.635003] copy_process.part.0+0x3d6/0x7a60 [ 2404.639524] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2404.644648] ? delayacct_end+0x5c/0x100 [ 2404.648641] ? __delayacct_freepages_end+0xe0/0x140 [ 2404.653678] ? __lock_acquire+0x6ee/0x49c0 [ 2404.657943] ? __cleanup_sighand+0x70/0x70 [ 2404.662205] ? mark_held_locks+0x100/0x100 [ 2404.666466] _do_fork+0x257/0xfd0 [ 2404.669952] ? fork_idle+0x1d0/0x1d0 [ 2404.673689] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2404.679583] ? kasan_check_read+0x11/0x20 [ 2404.683743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2404.688520] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2404.693289] ? do_syscall_64+0x26/0x620 [ 2404.697273] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2404.702655] ? do_syscall_64+0x26/0x620 [ 2404.706651] __x64_sys_clone+0xbf/0x150 [ 2404.710650] do_syscall_64+0xfd/0x620 [ 2404.714473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2404.719689] RIP: 0033:0x45dd19 [ 2404.722917] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 03:45:25 executing program 2: r0 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 03:45:25 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0xffffffff, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:25 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r4}]}}}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000180)={'batadv0\x00', r4}) bind$xdp(0xffffffffffffffff, &(0x7f00000001c0)={0x2c, 0xa, r5, 0x33, r0}, 0x10) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f00000000c0)={{0x87, 0x7f}, 'port0\x00', 0x19, 0x10000, 0x5, 0x294, 0x1, 0x101, 0x8, 0x0, 0x2, 0x7}) 03:45:26 executing program 2: perf_event_open(&(0x7f00000000c0)={0x2, 0x70, 0xea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_extract_tcp_res(0x0, 0x0, 0x0) [ 2404.741848] RSP: 002b:00007fff632615a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2404.749576] RAX: ffffffffffffffda RBX: 00007fe2dbc49700 RCX: 000000000045dd19 [ 2404.756865] RDX: 00007fe2dbc499d0 RSI: 00007fe2dbc48db0 RDI: 00000000003d0f00 [ 2404.764136] RBP: 00007fff632617c0 R08: 00007fe2dbc49700 R09: 00007fe2dbc49700 [ 2404.771398] R10: 00007fe2dbc499d0 R11: 0000000000000202 R12: 0000000000000000 [ 2404.778670] R13: 00007fff6326165f R14: 00007fe2dbc499c0 R15: 000000000075bf2c 03:45:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2404.913248] Task in /syz5 killed as a result of limit of /syz5 [ 2404.920475] memory: usage 307168kB, limit 307200kB, failcnt 1701 [ 2404.927138] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2404.935326] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2404.970313] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2405.043650] Memory cgroup out of memory: Kill process 843 (syz-executor.5) score 1103 or sacrifice child [ 2405.073141] Killed process 843 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2405.093577] oom_reaper: reaped process 843 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:26 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') socket$key(0xf, 0x3, 0x2) 03:45:26 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000900000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x456c43, 0x0) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f00000000c0)) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/btrfs-control\x00', 0x20200, 0x0) setsockopt$pppl2tp_PPPOL2TP_SO_LNSMODE(r1, 0x111, 0x4, 0x1, 0x4) 03:45:26 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:26 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:26 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xfdffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, '\x00', "00000000000000000000000400", "20040100"}, 0x28) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) mmap(&(0x7f00000be000/0x3000)=nil, 0x3000, 0x2, 0x100132, r3, 0x0) sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) 03:45:26 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2405.339660] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 2405.372954] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2405.389177] CPU: 1 PID: 1196 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2405.396942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2405.406308] Call Trace: [ 2405.408916] dump_stack+0x197/0x210 [ 2405.412573] dump_header+0x15e/0xa55 [ 2405.416310] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2405.421450] ? ___ratelimit+0x60/0x595 [ 2405.425350] ? do_raw_spin_unlock+0x181/0x270 [ 2405.429867] oom_kill_process.cold+0x10/0x6ef [ 2405.434388] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:45:26 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) sendmmsg$nfc_llcp(r0, &(0x7f00000034c0)=[{&(0x7f0000000080)={0x27, 0x0, 0x1, 0x1, 0x0, 0x8, "da16c43a1c01ae4817adcf2717b38c1b87410b5dcab770f8ce3d7485534d2427dd71a4293f311482cb562fb86a569d9fa43b4349f6e88bb93f431e452d08a4", 0x6}, 0x60, &(0x7f0000002580)=[{&(0x7f0000000100)="67e1d2b36ab6d2fddf3ef4b044409c796767a294f199e74ec6cf0dc004e38a1d861ba5a655d1ea984550df43191ff43e916b29aef10d79dcaf1e5c181ccb9679bc0a4f7055598fb404cb775537c3ca42a9f73d602d047b5acf0ad3d643bdbed9d565620334f657c8c83792de25bd6bfb784134ee1b63e102416f2bb049b3af5b29e9b49936a868e6a2f47b5521437c0bb055ecbbd14d64f4f8f537f8bc241b3c6e5bd6b98fd5df988d464d12c9094b849aa45b083ac346f11694770f232176cb85feb94ccbffaf4bc94997ad8421e0d3b443ab3bc7bc896a82464de79721ebbb5b81cb19d22e0ed6f6c2ffaf8112d553bf6c230d978acd38b3d35feb60a9b38fc334e03e7830ce0e9aad977d85d3846604ca7c335c7a035891fb9591a7977afc20065a5e5535ac339d7ee80cd003f45ef0f36eac0ee63c0aca1df880d06720d9c1569be5be263e0eb85fec3bdc7f44e65871138e4d8631b7e558932344227fccbe9495c9ffcd8cf28bb13ad42089f4ec104e6cc037d191349e03a40b257a670f43f823fa9067d2e02fa02746a94615c544c005a1facd06c735ec3a857fe14a8ba048178c2e2b50b72115eeb843a3451822e0a893866dba86c69a7f068cdcbae031608bdf87415c4826bd478b2b2dc54806698b92cfe83c14faf25d9516f294599990ea691ec65a6be0c6047951bb4455d9b0ae179cf791771c61651f10da5ee4793f50978d95ccf14461c8f552bb79dfd716abbb543d6bea1049f6ae2b55fa9b1991e6037567d7ce0f02f364ce1b1dcd49442d37cffa5feb64b101b36300bc5eb58e9313e8523032f355d738c3efad4de266b99492e305fd7157d512b25809acc82a257e45208411f6d909d864e19ce73461298762e71b53c198723fb7aba77b07b6f4c1922269d7847d47be2b19b9f97a6ca61508094482fe8bb943113fbfd2cf93315afb89820a92ac4172494a23f482dea84590aa8620c2f5eb3176027c1b7d84e3dd89dd3583be5879a4c3f8d73321664fa64369449eb7526d903edb89ee32ba03c23a38cedf0976477fd893fe44af864cbbb683ba526017bfc09e6df8b3b1b06a3dec7c901fbe6a742e285c5ef988d4478b5bd387e385bb70ec16c887fede906276ba03883434a8f77acf0b28afdfc5cdadc0fed15a145dea8b86bad6784f145e0065ded056ae646082c539537bcbd99c2a9eb68ae406524137e1777f7081c2a432c561f29fab08d55be636bf0d77445e81f84878150c8c6bb06fdeddbded8ebf7fbc0f1bb8d1a9a54242ab0a976e766302a8ce2c33f57dfd17254bf27a4f1652653b4618fce2ebc795c355261843e3217ee02c41686326d08694c816e28818a7a8121c9c11d2fdc90cbb6aee8d69e9451bae1b12d48662649e1f2a081b2b4560df0e1649733edf9817d754a0cdaf375cfd9040ff04cc44fbc760221e9e8cc6137ae7073adc684ed00363e4851b935944f0aba70356b93d70000ae33d905913b4cfcdb81baea0cc479c19dc118d686923325ef7188326923d0d6d6365c23fc92eeb731b69b12118d73b47cb0fb029fd2cfaf7f755edb71384715c241eccba1c7029c06aa7ce45ce4893f35b5656862c7df86f304c03e9a1b600b0e1d1d89f5d48d3e8cf17881800f03acc8dab26011bc68e791cfb806ad35d0943ff0abf2502894b54d8011f89ccb5c107d398d4e009abe54940448954b7fe7aeecc02ef436961679e643d37416cfe346731b04a43b29f0a902e6f5eaa443c81b862e5f5435dabd73e17f39651cd208fb7d9248387d25a68e9529847fff722a95797267060e1915786124b92b10db644118417a07d350ca3246d27fdd154804605dfff029f7736cecee02ac1af32e134f9e2165ef6a9baf7381156d3000e5d8578a2cb43476b2c5e6a2dd721fa6e1216a06ba814498b84e56f2e6dcac9e0d976a83f7ec061943b1977881713572b42adcebb1da6a102a8cbfd484e2d8ab6ba5f5b7a5934e7e9a338fcf86480ace01c850cd890b19d6c0b09d2ba2a2ce5038c77f4a206fb3b601b2c6c4a72a9e4ca562243967ad698c12c2702dfbc0772cb04973887441a97843b70463be0ef912a12e5b0adda7933a1ea59b0177a4ac4ad1d6e1244ee9dd903315c19ace6410750867f2cc2fa546ca76053a56a4be9144ee546daaa537399da3796af014f7a33c78de6ff7eaf6a53825f7284c77aaeb881944a0d28679fb824de1ec0c17ef9fa9a613bb1f36c69ece592e4eae1b5b02414d1015f01fd42a45788c80d818594b2982634d9186f7b7aa468bc9e6931a365f6367339be0a34db5c066becaa0ad61999e33c5a2e5a121aa585e6c07aded151c82c4d910b4b77ba55d1758419f6eefad153d33b6d07c19e0b1b012f147c8b13eaed89e9729bd07acc587f243c6c4c45bc3ed342045330f8675a1324c2372abd693cb347616334f309ebec92a9ae02d6ba5ef7f28fdeca47147daba0923fca91472ac3c682867ad77c75d329c79f934ab5e8e9fbbe6bf0b89f91aa78152c50156459ca7f37822056f5f3b52ba78ad5b5ca10ed1a737f347d44bf80d7f38aa43231417bb3016df2d3b5e9fed7c1ffbc1bb6b6fc7cbd73aa51572e6e4c301f293e371c199e96e9b0c798bcd0fcdd78067e44a388da83848514ffc0711ba5c8858bd5417dcbff89d05c0bfbefcfeafbe3b11c3a48f8505e876ae7ff2bd914a7dc2a99e0e91c5a30fa89507353c7eb3c8e0433fc2630a76a4220744c0987daecf6fd5757cb7607b04f2dca69852f073676f925008ef59186e45cffb1c7ad9206362d1e33e712c0c5b4c43381d29b3bd68e5500160a6e640804379cd5e935e0d738b9911aba714cc3c5b4ea4c79a30513ebaaadcd379c563323e6e385488d54f48496d62cdd8c01b9a650d4cbfef5eabf111b6b879d60f90e1be1831df594e8affca0ba6148745e8e16b9b8b405bcb7e31bce4516f2298d7ba094bd0f9a15520bc36a3824c9406a5b4cad83b4481a33722779c5b749dc98eb555827eb623b48c68c55648b7e332ef71d5f4c956f726b20fc4c18bb40fb7b69dd52bb7e80b74a98b365456648705ff017ac4806c0ed580ea2768cd591dc89c31ddf1c355d357c9c60a2d5345b282eea0e99a93d598a0c6e9f8f238c30e4e5822af3968608ef60aa9b6c2f993a4c00c66140626a9d71b86920cf115b8d156dd2df5a4919424d7a0c2757824da715badcc259081159022bcfd10a0c655627790e62d0d0ec7c8e209027d69837b6a93727adef3f62aa84faa03941d5aa6ee1e032b20eabe7f0c12c147c7a581eceffc42e0225cd70af9e42eb85b7ffb254d85229d52b36645598fc827463f908dd74af07531d09903861b4e5567952221f87ab5a14ec3f2e2c5e4684878bd38f36805fb8424b4bdd1709c61d7c566551a5f2b26274621fcc6c63fd0f522d8e946e42696d3d923cba5541b606b36a1b41e206e30a426edbb653f00c814cd993a67328c53a8ab59bed323bad821aa4465e0fdfacb3fe0d591a58ff5391fa75d0a157306db6de36ef8555f2eb445bb7a777918aab8830483f8e43b1199493baaffa77e846675c30ce9de02d8908115a53a97d4f80fcfc37a6119834ef22cc2961d8db5dd7c83c2c3a551b83c4978a4cd6262c48301b83ada106103c8b30ce5874bcbd2ea795f6e68f7d832b97bb6a7c91638d3307c8659efab6a590767ba417d2b924a09b18ddbf77b0085bace82c223031a434a7d3ee36a3521e8d55397c2da52faf214152aae8b73e23171d58a0f31371f02f8f7b9ac568407100b9c3be37b8aec50381c91c2c172489244619de974480bdfcbd0902faa1d6cfa74d7a71ec8ee4824d612fb8c52324d1866233fb1190dc820c131b92b2a1fd297a0239d77e30c5913dd6ca134ba2c98dc3204fde1230119cd29a4b099ab46f3c9f8a9fa9a01ef0e8f07bc234784fff7b9bc0bb0b208f41d701ab634779662cd25dc9e9abe68fafd1ac398e96a575009ca5a28eb1f0b592bcc1e002bbd2b342457c2e6004b9e510732c0e915be5173f78c8a5ab00dfb302d12a0187ef3f00d2cafd38bf12edca3879470fca226daf54b8d05f4786b17c28e19daffde9adabf43e28ebd3bec559e7dadb5b55c32d984dd6192e8f7b51d713119053f36055d0a8ff502c9ad3f912e170b45e91a0683518dfb4eb3f7abde90c86172c56f452906cbd85a6bb7cd79f21f46c0411270b8bda38848da4f3c40fae6c2ea7751bf7f45082180beabfcea0c65ce2c45566dd8fb807ef977e903dd0d5b744a04a2d32170f2c8bd3727d6ca79f540540d7de45540ab1f3a63e09c4e201f6cbfabd31102fa2f0871d0c949ec602699c3b3619e36698687fdfe48ef1459e8e7d5f389bf0c0cefff0369d0382910dc22a77bf39ab57083430c08918ab31779b1fb43eda9b735bf0925c3966b0da2bea17925db7bedce1ff5306491a66964887f9440c02c97f4888a7f22c70e78a5785b965eb2a2303c77803bf762094eb852f0bf7de026434a88a624afce7f00d9442b8254adaf0d353d3970b9717645c9f14777dc32f9b1edaa8552f90564d770dad22300a166c0399c76a6dd3ddad0944569c3ff347ca5eaa678ebe09d198f3bfd0ae80525ed3351768a070abddd23f90f6ec5d5f1ace1d00b8c1b256b548eb95d9380dbc764457a13373a4b10ac2ed649c120f42d17f1c24b2ff6d182a98a9654e57fbb2835535002852bb181d257a480f7cb7cee9bae190126ab9b763beb6d7dc644873833eb94e921f4015b034942ee05c768059ee1b94a8bfd0692a379b196716e1e9b7299beff7b04d675af5f1b12c967bd9d71eeaae3ec93db130aa1567f4c187dbb277c91ced2b36a41d267a461966bb21bddd654843a663c42f06a55fb23d9c53c41aa3ad712f0e4adc9bf3dfbf433f1589dac29d510c571e85e19cd5e72442a031def0d7ab089cb541d27558aa5c1f19b8c26042c1b33e2c983795e320b1f20320e01734c4951e3a5aa9ac054f24a1e1a82f7b3567943a43a5efb4b045547dfec750e6fdb5a4002d139f5471ad068f020f07b01526d92e2189aae4e1d1a023374e5d5a55a93fa361dc3a461693f6cd17aa78a5b718343d7be7beecd72bd3d21dab7872e87faae949f433946e1b7cae75a69b4de5d96592bd8157d4e834213454c6aef8cc884ffdd92e0c3892e562d413fae6cb8c7715bde20520f85a4e68cd94bc3db6522e1eadcba37548a4e554fa23cb7245c90c24c93a26ae333d719025f5cd15e69a7903307b6f607d417e677c77ef3876943fcd6974fab6c6ddf651a1f7d366bbc2f1575671841b2a24cf2b304469b127797f9d340d9dcb2afb1210474a3cbb89d94581295ec083bcc4ee1790f5675589a1970e92052b683eeebd746e7cd27b824fcc732c51a7018ec827c218ac9ae62b8f52e434567a8aac0193dd11a66e13a0787f94ac0bcf92ee3a7e11936a01ac08c2e3684875facff916c414492bebe08f0d5889e01a4d274fe3c38833edecc9792baa32009f92e0c86ea7293925b9fe3d81587e179c806fbb70fa446305d4e2d3aaccf6672871d77187e9e11458682fe7f4de322dda087f6907d60636b64e9dcec9bde8d510895a4d24092dc87e6284c1d8e94d39796fbadd1499e8117ee3e8aa8e5a4a6d5ab30b7ae558605033a18a276e458d35c369ec68f374712a7815be14f98b2e09871c9a831ee65607e2bc32cd14a5b641513317124361ce320527a204cc80a945596566e36f028b6b54100a03fad1a5586ea11e47fd32fd89f7569519d45c2491b13344d776ed6a62498b", 0x1000}, {&(0x7f0000001100)="97ef9a7629f0e3575eb3f6c968cf55622cbec0454264760feb7114b44b19e1cc5701a2a31fa6d5483a66f6f15a6716f7a292cc850a01d794374087fb3dd3c72ecfaa60143ee7527674362b492d6a13645a87a0a14664518c111e7bb2632e387ce970574362b8ee057eb6f8bfd00ee6ff281cae1499f45694dba924e22ec1864e74a632ca431ec869a1b8a36e1ab06a9b3d7b0bbbd043a21235ce3cd72ddbb532dd57239b67eb9d5f472d734a1a6c169e8302703ae36246b65c4106e7b6cc11431738f9adfd643f6872e07ad25501fbda386ef0680067", 0xd6}, {&(0x7f0000001200)="86c3ff1b0d3c7ed0b024b5bae3a861d67f035a8c879f43c83b19532568fc3e4ed4f45c5d11570b2cb29616cd5d69a6a21daecbfab2043d74ccfd374253ebf568a6fd3285f2a89be4561c81c8ff2965277b667b0ad4bb79dae907cd0c5d9592bca8e2c86dddb7e26acee3748699caff574fed21e2686319130401db9eebe8e55486dc995ccee393f807936f33359ecf9ea5897d5f6bf01be532e651135bcfb219c7e2e4a0601b3e890937fb3ce8d7191d0e9610aca8ed30807446c4ab0c8c7092dade5c6c5731c31a55188b2a8cb49d5698d410ba", 0xd4}, {&(0x7f0000001300)="28447f9573d97387405c85dc790161f5d1b1dd78ba4d691dbc93f755848596ce2bed4983074a8948963a5edc5717dae42772e75f22de7bee6ce505a6e8c59c96c83d0bd8c134c800c126b2a4e5b4f5e4d0fdfe83408d5c70b0794d0a1b720be3393539b2b1507b4ffda9ff6afec8c7a9f3b61e314f55974cc39aab25d589be2944", 0x81}, {&(0x7f00000013c0)="e8ab6e2cf192d077860dce8c1e3358a9ec545bc88f46a0385e87b11307fc8016b95d0fb769b99978aca03ffa09ad7a2acb824247994b4f4568b1310f51b94cd6d4aa448a41b25ad4964037481d87d605f8e8a40a1810b93d4bb657bdd1568e41fd137d0f5aa40ad4e473d6bddae18884abfd8301a6be230bc780bb8b4bbaf65ff07b", 0x82}, {&(0x7f0000001480)="d24b373ff27d6ff28088e24e61def23e391b56ea60018a127fc6766d11e144c6e17626160bd30a755db88da2d0b32b0039a9788cc2b21760332db7a3c5f0b0bda8bd32819df87aeeecd973c35e940f2d3571cd11fc5379e64038e2e58644b8b2b76004d72cb6231c33e23716f0b9ee2f777b556cf9a2ff17e41e1e98a4d96cd3869ac73311088fda69df6a66900d44abf4ec5dfe255097c738867d11e892a99d84a3fe4ab592dec69d124d732204b1d51885932bb0ddb3c706e5bd7eb778aaed977dd437114c15656e3b15d5fe0f6b06a82d64a851ba12322555e2638e7b60b3fad8261a0299c28cb4ca15dac813d45f47c6ec3c478de9c1dbbc276f94e2d787835880daaa13b393de2a2a958f4bb76a4550aaa32f0e62a2d8d29b3d1d13f8ba201ebcb6069f8a93497b025f452bfe535df222ce043c547fbb22639a2f404605de9615d0be86cc6d78be57445763474991b97733071f21bf6e824c4c37e6d56cb312eace72f2242bc4b9f22f4ea4014caa0ce5896dfae21065b7ea81a0394f298e54d36c46deca72fe4440fc13934652d82d828ccfa8d1cce541a09f2e91cf6b5e98d211f4092194c6bcc60a6d594323ea8fbe705598cc13004fc49def71015ad582835bf259d169e537351216033c4499bc535ef63b903f15f123c1442b01fed71fb37277ded8458ace4136be560ba7533236aecc16a0bf0ccb8372ea807c8ef8bf728c7b4296973c0688aab2db7c22d7c9c1310bb9656de0b4ffd4d9198c69c519e7ebda782bea78decb84e1272c08735e69720ec470e0218a7916dc5486a35d31d695a5c11735073fcd601d30e70429ea5e968b4ad18763d8aed35d1c1f1a94c8f86ab07712a14750d0ae2b2a240f8709fc4bcffc04a4f13b270411936be2c2d022f15c776f40c8f359ba34cb3989d307e1951e5e3efe9fb6e706ecc450ef0f0bae20854996bda55805ff343ebf04dc2ba9ce646df062cca9a24d4e260bfa84ef66ea2678b500f63766b457dea178d62aef7dfef271b68703d0d9ec82d7c2df60f064678515f91e8057b4ce89d7f5eb341dd9c20ea611cb08e029c968f38f4a517dec40aadc3dd25a3fa6779c5595148beb236a2f099d7cf9843f225cc913a0ac00d27e201fd3a8f68afee44520349629c139a5edaa513f5b4159ff42da26e19a786c0cd15025ab36654129b1b3cd694a6e1d238f82f3f22faf6243f5b86b5ca9c408a93fddafb18d6d3e1e1487646a3e6b28781219ea74e38dedc223e4452d44c003ea598f4d20f49a6c3010e7c8d4e49f262db0f62b622b8d88fb7ad11820e8d89f1cebcbb7bcf7fa3f69340de1a9873eb640a608053ff2a53ce50aaa7316c7fa1cc08999b41bbfd9f1f14f73b6066a78d3e408891ab7e1b806eda60830cdaa96365bc96470fbc800e46d33d4afef62edbf0d3851fb3bbe1f85469ef5358ebd4612e2e4a26dcd92124e830c8cde1f08c2d2850cbedc8c96f82f1778f72a1897e7dd7c3c98eed5b20c9a435ea162d0f30af60e0f5f35c4ccb7ce29e544f8544a9b39177e32351f819200af0aea2d5918484583ac905df12fa950c2a63fab8ddcd7e960b926bef97ad9613dbf1790341ddbd0c20eacbe64b0624758ab7d4c7e512a46a0a3fd92c93f676f14ee2c58a397b6cfc75b3ab1d7990b77c0b6b345f9aa7a44e844e6fe6b308caab9e27ffb037e7f63e9ed722f8f6bcb575c894ea2aaa1f1ee2d524850550fa1d0670a19327d1313c918c42e8aef42c4ea845d323586295bd54a5448520e119bedd2272fdb38af3fb5949ac70427e3ceeda8bd22e4ba9e827209a4f5f75440bd53c405a2d161388bab7fd3466f166fe061758e0710cd85f2e94b3a0db513f24a4f0db8f0cd540715e6d0eef21ff2a58bf81d1b2180c3c058717b23087db51c80865801db2f2c71235e48bd8ffe3d00aa5b69a39a347fd60589ef5fea63b830d520ec173b543778ff41186957a3b87ebafcbe06d2b83c34f059f0e2e255b4eeaf468d78df1476408acf334bf53cee0b9867b2ee150ef31c04c3a01881e5e83ddb342874831d8f68c89dd36a37d82e1a92cfa0724ddca5c88628a2c79d23bdfca9e96ce3eeb8e116c96901473dbc33e3fd63f34b5047763d16fd23a8114e7f8aaff4fb6b26061a25508986417fab7d9b9a9768a3404fc4104e5ca1605184fb21223821b69fcb6bf955c31812a935eaf97da35d6f79b9995b544c351988622fef60d2b1e8440d7a4658d7f2d555c496ccf938f515e9be77eb3d71af345eeee8f289f92bf1ca11e2b08066a9cd1f433cd4a2c6244d3669ed73830643ea2b5d90504e2e68f581b93c42a98b96ae3c77f9b060ec98e34254ec1e567c7eb1582c55c418fe5a6069a3ac462bfe685017a7216bbdd82cd171335f1279a24d668014bd800b48729c1c6f263b61877031767214918d9ddb681f11fa66512857f9293153087cd08eb80281fa809848374f8502d41f440195e9306c0a0b5c6a0dfeda06fb9b52115220a4f4de2d0dde595e5ae9e78a016faaafb020b1956a38cd6c40ebdb0a465479e79e43cd43733849138fe1f0c6797ec26f58496d5ce783166062fe458bc9e4ae77a1f6cdac256d1163a378a5f3dae52fe31dcb37d61ca32c3b2763d632bacb5f25f0216db7a1d20b763885d1b7df32b74ed685b065238a0b9fc57384fa2866ccc71f98a1791e03da895a41cc70b2c3bc6f064f3e2f2bf5c5a363506a44ff6da589b1975b0104276a71d14ad1e1bd36197ce02c6305b8a62271cecdc3a1f215d907019ea58371c160dd64be1468db75eb0cd09c452bc551e75a942ea3eab279b517bc5789f9a86a92af9de2af0e043ad761703eb6eada892a1aa439f08366d17a75fda7ac94db90b5023bc81194020500672e9710e3f0adf6da434226c2bf2ae32ecc408879333da305456e056ed9e6c7c7c4430c546b16ffe7374cde99b0e562b0273a5f37c5e9ca541d96e242eebd30febe1834e4aa481522b1230254e7d55155ea38f1875fa3e5ace6a5ff70c9226ea075b531bc1342335dfb34a7f3ef00e8561a417e05293c9cb4d5af6d019d86d54680b8f4f5c5531c62ec89312d4264ab017d809697071dca1b68fa1c637cf5838e4829839972b45cc85fb93c5bdae927e48dc3dde46b627441b50ba2656816631071ee112989b4ac8b3af40e6396446a6dc60ddeefb75b0023d18ede03d64b5df76ba976e076271beadbf2a6c70c5f9a41041d85e1e943da42c1c5a5ae5c92a3eba95db9263728f63616f9481ddc74a21dd655d3726b60df6d4c58d4b4609b93033fc7a6d9a28a37cc369876823e679ec949bec4a49da36585e90c6c229b45cf931c3145bca1d2e8a55a1931355441ded4f29d4541c203a66f0c98ad04c4928401759bcd5bc02d0f2597c2af45c5430a0de343f8a5f45d56c33eebfb2172b26f41a0889d66883f9cffb31a3a37e54cfd773d4d651962d6b7c0da917c0c127248c9cdb557b23b3358f17f3e2cd62fdc1b74b0b5e1246c7e2b944e30701b8d9138fd6a3d29016e760239b53905cacc35dd82a91268302d633e07cd0765c12653b470bc053d09e47cfe63733cd2de717cd40e8ec7aa7b07e098ec34add364fd26db7b6e67223e880cb5a810856797c4369aa4894fe02ae797055bf52b612492c88172b91c8198c452bb749bef42862e15b3505bc9c04f44353ad4aee5a77bbd16c80f08ffa99e2ec8bd0abfda90d2f316bacd3ac9c6204d57d4236e6cad343a54a80c6b038036efb9ddeab2335b6d2fa8c05141fd150098633355939d30882b8c0bce51ef9764bcf4458e0f1c85ab07d462977b00bf624f5393ba95965c29f5154abb8f71310f6278f968e3dde564e263c83201be3db75520df3f967eaff6f99e7c9129e171f5679fdb26c9f624601c76e8523fe842523d0a2bd7e8223ba350a27c5e3b9d082d844ac62a90fe34a825d25532f1529c4427ae98675e90a04fd4f50b1d3811611d2f63a9f7a67009ae4d250a693f4b4c8ea0fc4e6ab4b2ebd0ae27470b939b786adf9422404f038ef868fd354780980b38f4c4768d027af319d18b0c1ef9d1aa3676601f15c655adb4db5857cc2c8ee192e2080a7ecf6489ed659702632af3effd49448eeb1cb68a8aa8dc727f613f75ec97cf262a4386e7bb08c2ab0018e8d7b88bcf2f69ee0a1f6fefca56548c16943407227a2f9a7c3f21f0d6677fc9c1bc613538f8eed3c6cbb16ad3ea3d59d5b3f41309e8060191e1a9f667653dcecf1afde56545770145c4743904ab60d422876653be621912c41796128bb888dbdc4fcb91d909dff1235920ef4e19b9aca1b66b043b0ba0bb0d0b471a6d9b22e74805d778809f18a58a67cf2bf069bbd21935cd9b5af8f828168c9640862374a7694cba05a23503a4b97db7068caaf01efbcba6ce1d9bef47b5c5b54b1d6df24cbea2efb5f327eac9d5596496a69a9ae6a34cb1170e4d53c39ab9abdab6d3c5344fcc699f97b11a0437fc4d23ff3b8cb20a1dd7954f9f83177edb1d522a4f2c9be2d7393f5343c21a860c15d0bb1207cad9381cedc5a4de4f9586dc85b8d95e5436b4c2fdc42c390a2b4e3337aba4a14890e20ab8095b675b81fa050613df5640da0ba3adf1f49a395dfe1051b7b8a73be3cfb26018bad91432cdf00144d2fd4f6b86435a994c7236976f1e6a752334889a3f9f1e25949e754e4d4e363a09a82addb118e3fea4ef7ea071edabe29f9de124005bf758c036975581606da781939d440f9d6d7781c2ee4c77a80d28d9635de9bb89c5317a1e25df5dce5982eae58d26294ff194472bee7b5eea87a04f5e45e903ca9e4d5a867b69242e59a1c3d2ac47c17c15c006f3c4cc4907d1e520131080dd6d65ed0165cdef07aa746a0bcf272b74fd6bb88fef87a576441a8871d0c4a71accfeb6e0463d0da0dea1ddda0bd87410ae7c0cdb6a33fc496134dc8505ed35c997ca0743fc9d9318b3ca3a0fcf94388e2b4e47f5771de50ca3e278924195b6c6a372d41b3721211907d3fdb8d190139b5a829082a8e433a1bdba57995f13e4a08d66d4c8e7ef75b860f5d1f4edf545fb74d71713676540ffb7212077637eded2c422cc04a5815f4a685411206d6cfb22e5c03dcfc27c5bcaba64190755b524aa625bcf90938605e28a34c5b0b43fadb54d63ce106c427e004c1c733b968644912e8bfc350239f9c3795823c337a74ac07b4a3e660010e238501ec35c96ece2145cd60eb82f0a5163898ef55ac77c5d3be20f9bf0a61e4aa60d361e5a29caf3d2431a06a7d6a44c5bc261877abe8e6697cfbf26a0aa1b967136853c77c0af252627bdca609e05eda8241808a1ba54b99e682e7b2247349ae03bb305c6c2dab20f237bedca0cf6f9025ecd31a42e246df005f6b69735be2e37eac2e50482aac82f8820266fd13e6a10277693b6ed95c8a69d52920ed3123da8f00c9a733d7dd84fb47e327e6ee9604605cb0176b83d8a817fb516663e037f709c1f0db85c513bad83fd7b17e3f44a4bcbff371657c13c6805fba742c72bf6244cff58f9394e7e4cd372f86d86ba8fcc3786261c6674375d752c2fecb3a3aae66e5cf8c0a45ba8a5b8d30b74fd559242a6f7a056f9dafb7f82d358d0a77b81fa71b16758b7b138e700148aba15867b18008f2104e84ff442c3d7613296520337e263b0e6bfa79231351d1aac1b1340c5cad7480f230870a13ce8c4bd256b4ef57909381cb23b3226045630e0f0363b4455a6bed5eeee4faf7bdb0adc51b26c3d1ce73f0269d63e39eebbd7fcd4425e0cd8c79cf0ddf7bb", 0x1000}, {&(0x7f0000002480)="fb91a2ce87cc4404fb98a3225e5f71a5968fac662bf1732a1c6908760b039efc73aa9c54f503287e5e430c6f032df454d14e885f1c874399d8de486fed9630138023fc169607052299972a3c62c9cedac48f313de3571a1ef445ef7e4af324ea8560d3c7ba47ee58fd899a4446fc7f4130d56d13ed123b7f7c652d9f7e8d66f6a3cdf0591f4ca6bffff50c1e845eda5164eb57ac5e", 0x95}, {&(0x7f0000002540)="611b976566854bcf24f6fc9487c83573cbb88b2ce122cdc00c636b8f157c8f0526e78e0a670e7b74831abdfd4c90e38e33defb051dcd", 0x36}], 0x8, &(0x7f0000002600)={0x20, 0x116, 0x3b, "7614369f46d6ff3add497b7401e7a0e1"}, 0x20, 0x80}, {&(0x7f0000002640)={0x27, 0x0, 0x1, 0x3, 0x6, 0x4, "9076abe44da5b5ed5cc1c78dedc8ddc3464767a478f1de43bb852f7f8bc67fa0955654d15a228d6779600924abeb070cb6960649299e5a89119e76b6578351", 0x13}, 0x60, &(0x7f0000002b00)=[{&(0x7f00000026c0)="e897a16fe6d464b59232c3c7ceff715668f449330dc012f0ceb6c724c6c6b295a86fd8ed848a324838d8b7684d018be10e86c23aa4eb4cded657b74886895982942c164dd1ab0b88309b6a16b139f8433cabb08c61be4e5b8f312cc28a574efdac", 0x61}, {&(0x7f0000002740)="7684d887c6ca4336b020e187e8816f4f40f38883e42d", 0x16}, {&(0x7f0000002780)="9fa0d01a486f49714089ebc61bb1d0f77628c05a5c5d7b53ddd99d78ea37942383692bb5193384d5ef914f8b21a42301a32c13c1789559307f6cda24626510a459caf9331b06e686efb51c6958f01f83c51dbdceb814fe8b9d0d624edfcc936b010a896818310dd2733b105c8c63a6b34fc5fba8bf4a6ac36fcee61a7b5144884a0bb1e926", 0x85}, {&(0x7f0000002840)="6bc279317ca98b5254a6b2f094fdcd6059ff801f9aa8cecb6cfbe50105483e36363e7133db25ca52bb1a83e430cef574c8230b", 0x33}, {&(0x7f0000002880)="a4ff7e150b050a9d5942aa0de5750093191255631d11c669faa4ecc9ffcd1f1ab40ad5247da310726bd34f164ce4297673bf09987fd219d4f529b20355edf36ac2c416178554d9da", 0x48}, {&(0x7f0000002900)="b28879f14b3d5560f105bc71f5cd55a177eb065e80175642454db657f0e4438851a455031619b6f144768f21a9480065f5b7371a2c0c317d17af2d7e75e2e9130da0b91f6882dd1ca36becfb92d5bd0a5e181c02686734ba656494cdf3f24807110f4aeec08d2535838d6beab63e3b71189d0eee5cd2b4ac63217cc02afeff55840d44ba7e6f27bdc1014c80b6969517b9672f1fd96a53e0426e90b3db453405d2f05e63562efe4af8c164a29a9f93089061fe9a5485d47666068bf0e765fcbef1c265b192e61ab5d5985d6771c417c043e66ca2f3771a2eb64cb5b3364fce08a25c3190e7e8b4", 0xe7}, {&(0x7f0000002a00)="72ec437f2ce63fe503ab4e3c39719f41eeab06587f5cfa3c2ea45cb8c350f7250b16137f7ae8c588df303ad1c7afe28531d3bfc6786029a786707432514e8682f867e352a392e3e0d582c6a07005eef03696371fccd9ecbb827b51dc2d130400309dcdb6d57297f2cd7117ed217eecbeb35c45031646f52434ced360dd5d7bbfc0f24847cf21a489f98182e410", 0x8d}, {&(0x7f0000002ac0)="a79e6f8c2ecdc1a4bfb3115d75e0bf2599111a5a7d6b2fa970a9ca22c8f2b6f41c52663d854b3422c0203e5c2f709e1027a5b266e2426820", 0x38}], 0x8, 0x0, 0x0, 0x4000800}, {&(0x7f0000002b80)={0x27, 0x0, 0x2, 0x4, 0x9, 0x1f, "be7d51a430d93a7562152d45cbc0e1a7e0b38096a8cd89c1f7da5fb255af612e92bb2b7ab56b5773c02876a0f754f58372bda07b20a26722bd76495b36d95c", 0x10}, 0x60, &(0x7f0000003000)=[{&(0x7f0000002c00)="2bcdf44c9bcd64b3425ff6c7a0257e0776cc29926ad3b7a2b9dfc80a4bf585aa0984c1090a8b60", 0x27}, {&(0x7f0000002c40)="daaeed3e15f3449858d90b2d699d88fa11e318af6d4e1284a830a8299aa58d31fc82b4e629a223ab3116b1d68bcf", 0x2e}, {&(0x7f0000002c80)="8c109a39d55505ef5950e770f12385f9beecbf43da8d90eda30ff4036e8b0ce8c9d82ca83f6c5ea3f0af282447e36351242887731694d532dd1b97fb6df351b20e90b81bf6b3963f4b90d5ebdf2b6c26db4a34f5b438bbeecff1d35aff5ad7e9c5bc271dd8f227b43f7513e6bce9416a953b7f81260d2f715bbbf8b59c7bbee7244d085dfd4d71c5d02c5abf8246cc560d15ae4b175e5b807359229c391165cdd34f5d64110c72b964a06d87166d6f3adc7cea647add7782a882eb9c6d559e9187ae89d9fa34033e16d6eaff9ee19fe27459882ff64a4a736c10630abdcc0d5c7e0aa50265ea69a46fed8aa7526211da411dea761c3098b67b", 0xf9}, {&(0x7f0000002d80)="face34b86df7e6377729a6a399fa03791db3019c7c53b10b3ec4453b869170b449ddde08750fc8ed56df8ec18b71c5c975067dd95ae0c64e272b2b11ff36b33e6b3d08981ff78865d0925495242562661d117d4a349174c9aa57ec3edebb1c03b8a1cf2cd9eda7aad6745d5500e94c51c52f03479390dff00f8fe74406a6b29931f00b018bd498aef2c41d56160e22dbf7049b8d131a0e3866d1ae4b5c809a6d8e", 0xa1}, {&(0x7f0000002e40)="b84e1d82e5896c2156ce04f766de1ca385c96a8e8a79cb3137b5459d6151e3d24f0ac2b6255c8458352919936af617956be761de895b6296f94250a06af6555f0aebfa8084eccdbc300c8b83ad24eecad2c866dcdbc2e7994ddf43b430219c9a4d8c6a11a1ea25e551495323e35ac5fc589276eeae4452390e6db2a533fd7c0ce872d85b14c3854f4611f2428578b78df5b324bb31ef3768ccb8db6251701761f20a4d1461abd45bba28d058cb9d398b4c05212b897bc46b47fb", 0xba}, {&(0x7f0000002f00)="e30b0a5bcfca4a1eaf47458fc52b0e263d9b8e189930823867610165f4edbadcd218cc20bf391e5d6d32d8f32fcbfa7d9542302a1347af43c7f7fb72ad098fce48b6a91dcc3605ebfd11fadc316b7999fac11005ec44d1bba1783c132a2803513ec7e260ace64381b22d0ba64a9c0186a2bc780dcf8be8c454cde0142ddeb50e28de3be374455e", 0x87}, {&(0x7f0000002fc0)="32c35401d2e7374c6274b93711dedf6d411553a9c49512f1c21a2f2c77e94e7b4c", 0x21}], 0x7, 0x0, 0x0, 0x8010}, {&(0x7f0000003080)={0x27, 0x0, 0x1, 0x3, 0xc, 0x0, "1caf0f92d436989bb58aa69b93a75557602ec5624a597edd806a45fa61504b2acacb260055a682333d98542f1f5d664b75cfe5897f875d0cda080f63eacdd7", 0x2d}, 0x60, &(0x7f00000033c0)=[{&(0x7f0000003100)="29ed722bbe62c15aab73ace70e604a887f320ea66d3638852e6228b3781741985d1c21d41426a14c93eb3b9295e05dd73befb5f935231b69279bfdad961a4519f779255f7cee3354865a723f9cf5d268f634b259e3cef292a4474da67e7dade2abe4ee3608d6baaab6f156f1acab2fda467eb25dc28f6d1bf204b1923c1c9b4b01c310194b0fa3b2b6778b85beb6f0b57fb2017f57c8ac0571ab83d9ef16417471a1f880d050b7901757340cc0f6cd85487cab5f99d647dc32eadc5ff025bc731b67feeb2dca", 0xc6}, {&(0x7f0000003200)="a7fffe78914d8e34e087990b904f61fd97e6e8ef22546bdfb29a9e4ead25ebfcae39f922ecdda7682eca19f1a8cc619567fa3668eecc95b331dfc942feeda3923bc4c29cb976992ef6a54e8e0fd2d8bb9e7dfafc6f0c1fe43a5bdfff", 0x5c}, {&(0x7f0000003280)="107b6849de02930503a417d2069c0aad56eeba05dcb48fa41dcab4e1075c61b6f73f352e2fce82a71a5c6e121958c04c20a61aab5ef9630541ea637d54616434c2cf5a9456c145a4dd1d91f8c6d71e7154d4bd8cf798a940d523b01ed75b8a2f2bf7f0f563f7be148714ed381d9c4e6a94", 0x71}, {&(0x7f0000003300)="c83f681dc125fd9e81dd6b687e7f7b0ec2b36b0e5486cfd736df7995ccfacb796aebf0eeb70bd1ad32810e943fa7a31371cf0529b531bba7b0c2ddc5c077d72b7661dfc8da6e9aeef32d2fabda14d0d7cede3bc13a46ef805fc72f1138a790a66a459e60107828376a797bab51fad89b05", 0x71}, {&(0x7f0000003380)="8712db", 0x3}], 0x5, &(0x7f0000003440)={0x68, 0x116, 0x4, "0941844d067c53721d313a7cfe6541696d6f2f6525aa2539281893aea5e23332b36369ef8da2eb258934b3fb940eec187a72f4ca2e56f362a7c69420bcb59195ab948d872c75dbb36cbfcd8d290ca982e2374f91"}, 0x68, 0x1000}], 0x4, 0x4008000) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$MISDN_TIME_STAMP(r2, 0x0, 0x1, &(0x7f00000036c0), &(0x7f0000003700)=0x4) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$DRM_IOCTL_MODE_LIST_LESSEES(0xffffffffffffffff, 0xc01064c7, &(0x7f0000003600)={0x7, 0x0, &(0x7f00000035c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0xc00464c9, &(0x7f0000003640)={r3}) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) ioctl$sock_SIOCBRDELBR(r0, 0x89a1, &(0x7f0000003680)='vlan0\x00') [ 2405.439951] ? task_will_free_mem+0x139/0x6e0 [ 2405.444472] out_of_memory+0x362/0x1330 [ 2405.448475] ? lock_downgrade+0x880/0x880 [ 2405.452645] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2405.457768] ? oom_killer_disable+0x280/0x280 [ 2405.462281] ? find_held_lock+0x35/0x130 [ 2405.466370] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2405.471233] ? memcg_event_wake+0x230/0x230 [ 2405.475571] ? do_raw_spin_unlock+0x181/0x270 [ 2405.480083] ? _raw_spin_unlock+0x2d/0x50 [ 2405.484248] try_charge+0xec5/0x1490 [ 2405.487992] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2405.492858] ? lock_downgrade+0x880/0x880 [ 2405.497025] ? kasan_check_read+0x11/0x20 [ 2405.501199] memcg_kmem_charge_memcg+0x83/0x170 [ 2405.505887] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2405.510517] ? __isolate_free_page+0x4c0/0x4c0 [ 2405.515119] memcg_kmem_charge+0x13b/0x370 [ 2405.519374] __alloc_pages_nodemask+0x3c3/0x750 [ 2405.524066] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2405.529106] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2405.533701] ? trace_hardirqs_on+0x67/0x220 03:45:26 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1cd13ce613842fd97e84a673b4e9e04f6f446327b4fdd64797e4979f974c6fb9968b61a670ca7e060113f9b5bdd808f66f67d2b17eb597314adf4d0d3fb7bf99c88428a2d3057cf3d69323455ffa618810c652dd76307cbb640abb318d82a3cee5f59b10dc3dca49e9a636c6463fbd8fd8da0f78138b0ee803b89060ac308aadc0014eeb39fbdc155ef83980000000000"], 0x0) [ 2405.538045] copy_process.part.0+0x3d6/0x7a60 [ 2405.542571] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2405.547691] ? delayacct_end+0x5c/0x100 [ 2405.551687] ? __delayacct_freepages_end+0xe0/0x140 [ 2405.556724] ? __lock_acquire+0x6ee/0x49c0 [ 2405.560984] ? __cleanup_sighand+0x70/0x70 [ 2405.565243] ? mark_held_locks+0x100/0x100 [ 2405.569515] _do_fork+0x257/0xfd0 [ 2405.572991] ? fork_idle+0x1d0/0x1d0 [ 2405.576730] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2405.582650] ? kasan_check_read+0x11/0x20 [ 2405.586819] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2405.591604] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2405.596483] ? do_syscall_64+0x26/0x620 [ 2405.600485] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2405.605989] ? do_syscall_64+0x26/0x620 [ 2405.609996] __x64_sys_clone+0xbf/0x150 [ 2405.614016] do_syscall_64+0xfd/0x620 [ 2405.617851] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2405.623065] RIP: 0033:0x45dd19 03:45:27 executing program 4: modify_ldt$write(0x1, &(0x7f0000000080)={0x8, 0x20000800, 0xffffffffffffffff, 0x0, 0x3, 0x1, 0x1, 0x1, 0x0, 0x1}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2405.626281] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2405.645197] RSP: 002b:00007fff632615a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2405.653447] RAX: ffffffffffffffda RBX: 00007fe2dbc49700 RCX: 000000000045dd19 [ 2405.660731] RDX: 00007fe2dbc499d0 RSI: 00007fe2dbc48db0 RDI: 00000000003d0f00 [ 2405.668012] RBP: 00007fff632617c0 R08: 00007fe2dbc49700 R09: 00007fe2dbc49700 [ 2405.675291] R10: 00007fe2dbc499d0 R11: 0000000000000202 R12: 0000000000000000 [ 2405.682571] R13: 00007fff6326165f R14: 00007fe2dbc499c0 R15: 000000000075bf2c [ 2405.747450] Task in /syz5 killed as a result of limit of /syz5 [ 2405.757903] memory: usage 307152kB, limit 307200kB, failcnt 1732 [ 2405.769451] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:27 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(0xffffffffffffffff, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x3, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2405.798645] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2405.824781] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:104KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2405.968662] Memory cgroup out of memory: Kill process 1196 (syz-executor.5) score 1103 or sacrifice child [ 2406.000224] Killed process 1196 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2406.022905] oom_reaper: reaped process 1196 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:45:27 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') socket$key(0xf, 0x3, 0x2) 03:45:27 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@broadcast, @dev={[], 0xfc}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000240)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="080e26bd7000fcdbdf2502000000060001004e220000060001004e23d37e1400074000000000000000000000ffff000000000500040001000000"], 0x40}, 0x1, 0x0, 0x0, 0x84}, 0x20004040) ioctl$GIO_UNISCRNMAP(r0, 0x4b69, &(0x7f0000000100)=""/84) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x391480, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x8) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) dup2(r3, 0xffffffffffffffff) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/status\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r4, 0xc0405519, &(0x7f00000000c0)={0x0, 0x4, 0x9, 0x0, 'syz1\x00', 0x7}) 03:45:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071") r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_HANDLE={0xc}]}, @NFT_MSG_NEWTABLE={0x14}], {0x14}}, 0x7c}}, 0x0) 03:45:27 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:27 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:27 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xfffff000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 2406.547522] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2406.572667] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2406.579667] CPU: 0 PID: 1669 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2406.587423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2406.596791] Call Trace: [ 2406.599403] dump_stack+0x197/0x210 [ 2406.603054] dump_header+0x15e/0xa55 [ 2406.606786] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2406.611911] ? ___ratelimit+0x60/0x595 [ 2406.615928] ? do_raw_spin_unlock+0x181/0x270 [ 2406.620448] oom_kill_process.cold+0x10/0x6ef [ 2406.624961] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2406.630514] ? task_will_free_mem+0x139/0x6e0 [ 2406.635127] out_of_memory+0x362/0x1330 [ 2406.639134] ? lock_downgrade+0x880/0x880 [ 2406.643299] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2406.648420] ? oom_killer_disable+0x280/0x280 [ 2406.652935] ? find_held_lock+0x35/0x130 [ 2406.657030] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2406.661895] ? memcg_event_wake+0x230/0x230 [ 2406.666245] ? do_raw_spin_unlock+0x181/0x270 [ 2406.670768] ? _raw_spin_unlock+0x2d/0x50 [ 2406.674938] try_charge+0xec5/0x1490 [ 2406.678673] ? lock_downgrade+0x880/0x880 [ 2406.682851] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2406.687727] ? rcu_read_unlock+0x33/0x60 [ 2406.691808] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2406.696677] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2406.702772] mem_cgroup_try_charge+0x259/0x6b0 [ 2406.707448] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2406.712398] wp_page_copy+0x430/0x16a0 [ 2406.716311] ? follow_pfn+0x2a0/0x2a0 [ 2406.720127] ? do_raw_spin_unlock+0x181/0x270 [ 2406.724637] do_wp_page+0x57d/0x10b0 [ 2406.728368] ? lock_acquire+0x16f/0x3f0 [ 2406.732356] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2406.737039] ? kasan_check_write+0x14/0x20 [ 2406.741286] ? do_raw_spin_lock+0xd7/0x250 [ 2406.745538] __handle_mm_fault+0x2305/0x3f80 [ 2406.749967] ? copy_page_range+0x2030/0x2030 [ 2406.754416] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2406.759106] handle_mm_fault+0x1b5/0x690 [ 2406.763190] __do_page_fault+0x62a/0xe90 [ 2406.767270] ? vmalloc_fault+0x740/0x740 [ 2406.771346] ? trace_hardirqs_off_caller+0x65/0x220 [ 2406.776372] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2406.781321] ? page_fault+0x8/0x30 [ 2406.784867] do_page_fault+0x71/0x57d [ 2406.788665] ? page_fault+0x8/0x30 [ 2406.792209] page_fault+0x1e/0x30 [ 2406.795655] RIP: 0033:0x410398 [ 2406.798857] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2406.817773] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2406.823146] RAX: 000000008d3b2b45 RBX: 00000000c04855f0 RCX: 0000001b34520000 [ 2406.830426] RDX: 0000000000000000 RSI: 0000000000000b45 RDI: ffffffff8d3b2b45 [ 2406.837702] RBP: 0000000000000002 R08: 000000008d3b2b45 R09: 000000008d3b2b49 03:45:28 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {0x0}, {0xee00}, 0x0, 0x2}) syz_open_procfs(r7, &(0x7f0000000300)='net/dev_snmp6\x00') socket$key(0xf, 0x3, 0x2) [ 2406.844973] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 [ 2406.852274] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000002 03:45:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) socket$inet6_tcp(0xa, 0x1, 0x0) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000080)={0x9, "44620d64273ce02fe862aa7cd211dc9f24b9d7a87008a49f01331da3cc487365", 0x1}) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x8, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={[], 0x695, 0x0, 0x12, 0x1, 0x0, r6}) r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) ioctl$KVM_GET_DIRTY_LOG(r7, 0x4010ae42, &(0x7f0000000400)={0x1fd, 0x0, &(0x7f0000fff000/0x1000)=nil}) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:45:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x5, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:28 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2406.918828] Task in /syz5 killed as a result of limit of /syz5 [ 2406.949234] memory: usage 307200kB, limit 307200kB, failcnt 1761 [ 2407.019760] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2407.058591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:28 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000100)=@v2={0x2000000, [{0xfe4, 0x8}, {0x40760601, 0x3}]}, 0x14, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self\x00', 0x30b000, 0x0) [ 2407.094931] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2407.137366] Memory cgroup out of memory: Kill process 1669 (syz-executor.5) score 1103 or sacrifice child [ 2407.165158] Killed process 1669 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB 03:45:28 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2407.253235] oom_reaper: reaped process 1669 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x6, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:28 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xffffff7f) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:28 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:28 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd130bce613842fd97e84a673b4e9e"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = accept$ax25(r0, &(0x7f0000000080)={{0x3, @null}, [@null, @bcast, @default, @remote, @default, @rose, @bcast, @null]}, &(0x7f0000000100)=0x48) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000140)={0x3, 'macvlan0\x00', {0x935}, 0x7}) [ 2407.498836] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2407.573805] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2407.593807] CPU: 1 PID: 2187 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2407.601572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2407.610939] Call Trace: [ 2407.613547] dump_stack+0x197/0x210 [ 2407.617196] dump_header+0x15e/0xa55 [ 2407.620931] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2407.626056] ? ___ratelimit+0x60/0x595 [ 2407.629958] ? do_raw_spin_unlock+0x181/0x270 [ 2407.634478] oom_kill_process.cold+0x10/0x6ef [ 2407.638996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2407.644572] ? task_will_free_mem+0x139/0x6e0 [ 2407.649095] out_of_memory+0x362/0x1330 [ 2407.653097] ? lock_downgrade+0x880/0x880 [ 2407.657268] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2407.662394] ? oom_killer_disable+0x280/0x280 [ 2407.666902] ? find_held_lock+0x35/0x130 [ 2407.670988] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2407.675845] ? memcg_event_wake+0x230/0x230 [ 2407.680187] ? do_raw_spin_unlock+0x181/0x270 [ 2407.684692] ? _raw_spin_unlock+0x2d/0x50 [ 2407.688857] try_charge+0xec5/0x1490 [ 2407.692588] ? lock_downgrade+0x880/0x880 [ 2407.696755] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2407.701618] ? rcu_read_unlock+0x33/0x60 [ 2407.705694] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2407.710563] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2407.716672] mem_cgroup_try_charge+0x259/0x6b0 [ 2407.721272] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2407.726210] wp_page_copy+0x430/0x16a0 [ 2407.730117] ? follow_pfn+0x2a0/0x2a0 [ 2407.733940] ? do_raw_spin_unlock+0x181/0x270 [ 2407.738473] do_wp_page+0x57d/0x10b0 [ 2407.742217] ? lock_acquire+0x16f/0x3f0 [ 2407.746330] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2407.751021] ? kasan_check_write+0x14/0x20 [ 2407.755280] ? do_raw_spin_lock+0xd7/0x250 [ 2407.759541] __handle_mm_fault+0x2305/0x3f80 [ 2407.763972] ? copy_page_range+0x2030/0x2030 [ 2407.773314] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2407.778011] handle_mm_fault+0x1b5/0x690 [ 2407.782101] __do_page_fault+0x62a/0xe90 [ 2407.786190] ? vmalloc_fault+0x740/0x740 [ 2407.790283] ? trace_hardirqs_off_caller+0x65/0x220 [ 2407.795337] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2407.800288] ? page_fault+0x8/0x30 [ 2407.803878] do_page_fault+0x71/0x57d [ 2407.807697] ? page_fault+0x8/0x30 [ 2407.811250] page_fault+0x1e/0x30 [ 2407.814708] RIP: 0033:0x410398 [ 2407.817911] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2407.836824] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2407.842203] RAX: 000000008d3b2b45 RBX: 00000000c04855f0 RCX: 0000001b34520000 [ 2407.849486] RDX: 0000000000000000 RSI: 0000000000000b45 RDI: ffffffff8d3b2b45 [ 2407.856768] RBP: 0000000000000002 R08: 000000008d3b2b45 R09: 000000008d3b2b49 [ 2407.864054] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 03:45:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x7, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x420c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0xfffffffc}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fdd000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2407.871345] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000002 [ 2407.948925] Task in /syz5 killed as a result of limit of /syz5 [ 2407.980577] memory: usage 307200kB, limit 307200kB, failcnt 1790 03:45:29 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:29 executing program 4: syz_emit_ethernet(0x26b, &(0x7f0000000180)={@local, @dev={[], 0xfd}, @void, {@mpls_uc={0x8847, {[{0x7, 0x0, 0x1}, {0x8}, {0x80, 0x0, 0x1}], @ipv6=@tipc_packet={0x2, 0x6, "b06f2a", 0x229, 0x6, 0x4, @ipv4={[], [], @broadcast}, @mcast2, {[@hopopts={0xff, 0xa, [], [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @generic={0x6, 0x4d, "de99c75c9e1510c7229148e50573d2b44ca48cfd122d6421facba811163a61203ff6e99c726f40501d6468e6d4a8f134e8a002be1858c359078e356177079e265b574e25d0d3c6b896c11a466a"}]}, @hopopts={0x87, 0x1c, [], [@generic={0x3, 0xe3, "e33afd51540a782b520cd3d66bd4e75cc90cf54e96b99b66393978ec20c6907fad689ab16ae79080415583bb8b8f4b7437a691316954019d93eee104731954f6c9b4f9caeee032ddc0a7123a15eadbeb8e826c353ae7a8447cfd1644ff83f3369856bd3db4cdb7fda8c637427cf9660d95b2dabe6cc80b850280b504a6c8a66b2c7ed0dc69a677400ef9eb0f36dcf630ea2e947658c502bd4b289551b59308080157f88e7cc21e4c845c00ad7c96f7899f0126413af37fe58ba9d65ba5c0a37691e17b93578d4364e0472893a4cf5dbb0770f25a0519ff571498303044e2282fca2c66"}]}, @routing={0x16, 0xc, 0x1, 0x42, 0x0, [@local, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @local, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @rand_addr="3437dab965ad593887bd66feb888b3dc", @dev={0xfe, 0x80, [], 0xc}]}, @routing={0x5e, 0x8, 0x0, 0x3, 0x0, [@mcast1, @mcast1, @remote, @ipv4={[], [], @broadcast}]}, @fragment={0x88, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x65}], @payload_direct={{{{0x21, 0x0, 0x1, 0x1, 0x0, 0x8, 0x2, 0x2, 0x1, 0x0, 0x1, 0x3, 0x1, 0x3, 0x81, 0xfff, 0x1, 0x4e23, 0x4e24}, 0x2, 0x1}}, [0x0]}}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000100)=0x1) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x200000, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x8000) dup(0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f00000000c0)=0x8, 0x4) write$FUSE_DIRENT(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="a0000000000000000800000000000000020000000000000081000000f76574683065746831267070703070726f632d5c7d656d312e5c000000000000030000000000000058000000000000000a000000df0f0000776c616e307d707070310000baddea29fba3fd5b0000000001000000000000000300000000000000160000007ddf00007b626465776c616e31b10000a1bc0a35fca1e724ce740c359ea76654798e4bc2876cc3f9b9a4caab3f5d1153e9c4f43d76caa215d05fb5f0018215405ff6717f9f7f8f6ca073e017a889a6240fedbeedbf8031b25340b02664235bf83fe1b9001721bd21f7487c69322b84a35e178ab88b7f386448286772c9b6ac56d421233ab6f69d875f4e6e9350cce9708a22e48fe960d0b8c02e8cb0e62e602a3157515c9dcc1da03712afce30b0a340acca2bde5cda7ee736d5ed7c65775a35a67270aee10aa1e9608845a8d22e9ae0241855ece6a155673669fbf419d93472d63654e1019a18ebfb22a875d7b437e681aa8d4a72c1318947cca7a616867508f14eff807ab0b43a0763b3268ddbbc1e9cbb117d04efe5081f7947b9d5e58a34056f53bdace628bde4d1a3ec8c00edb653e711e44b8b0f70c76e0a0ec2a313b8559ed88f359b79534a5869cc6a56acae80f27cbc374ad758b608aecd7570a58ac3195f0c9cf5358cc12ec65f61a3cba5e2c210ff9f6eaff2c411814151a92200"/535], 0xa0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$SNDCTL_DSP_GETBLKSIZE(r3, 0xc0045004, &(0x7f0000000140)) [ 2408.006749] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:29 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x8, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:29 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2408.049880] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2408.078056] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:116KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:29 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000560000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) ioctl$DRM_IOCTL_INFO_BUFS(r0, 0xc0106418, &(0x7f0000000080)={0xc4, 0x400, 0x200, 0x8, 0x1e, 0x800}) [ 2408.164651] Memory cgroup out of memory: Kill process 2187 (syz-executor.5) score 1103 or sacrifice child [ 2408.200044] Killed process 2187 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB 03:45:29 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20]}) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={[], 0x0, 0x0, 0x12, 0x1}) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:45:29 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:30 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xffffff97) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x9, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:30 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "8c00", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) ioctl$FBIOPUTCMAP(0xffffffffffffffff, 0x4605, &(0x7f0000000180)={0x1f, 0x4, &(0x7f0000000080)=[0x31, 0xff, 0x8, 0x7], &(0x7f00000000c0)=[0x400, 0x7, 0x401, 0x9, 0x1, 0x9], &(0x7f0000000100)=[0x400, 0x8001], &(0x7f0000000140)=[0x3ff, 0x8a, 0x0, 0x800, 0x6c3e, 0x8, 0x4000, 0x4]}) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000380)=[{0x8, 0x20, 0x81, 0x3, @tick=0xfffffff7, {0x0, 0xff}, {0x3, 0x5}, @connect={{0x8, 0x3f}, {0xd5, 0x20}}}, {0x2, 0x2, 0x7e, 0x8, @tick=0xaf, {0x8, 0x20}, {0x9, 0xff}, @addr={0x45, 0x8}}, {0x6d, 0x2, 0x1, 0x0, @tick=0x1ff, {0x6, 0x80}, {0xe2, 0x1}, @ext={0x90, &(0x7f00000002c0)="b72523495365a7c0a07b6070159f621e5f6f84d77229ef57495803bb5232691aa4019d2ad65eea38dde7542669c5b20cc251724cd8afbd7c6e6ee61ca82f9d19a6b91ef86cda743c59726e76ed2b92e6ed6d905b70aa3c069ca8bc6d63e923a206959e861ca258b8fed4569bdd133fe226e748a92e22c160589e922b7821357472c40efe2eac5b1cf865dde4509fbdf0"}}], 0x54) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_CREATE_BUFS(r1, 0xc100565c, &(0x7f0000000400)={0x8, 0x80000001, 0x1, {0x1, @sdr={0x44495658, 0x3}}}) ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000280)={0x7}) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$inet_dccp_int(r2, 0x21, 0xb, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f00000001c0)={'gretap0\x00', 0x400}) 03:45:30 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:30 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2408.998830] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xa, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2409.052672] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2409.099879] CPU: 0 PID: 2995 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2409.107648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2409.117015] Call Trace: [ 2409.119623] dump_stack+0x197/0x210 [ 2409.123444] dump_header+0x15e/0xa55 [ 2409.127177] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2409.132296] ? ___ratelimit+0x60/0x595 [ 2409.136278] ? do_raw_spin_unlock+0x181/0x270 [ 2409.140789] oom_kill_process.cold+0x10/0x6ef [ 2409.145302] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2409.150851] ? task_will_free_mem+0x139/0x6e0 [ 2409.155367] out_of_memory+0x362/0x1330 [ 2409.159356] ? lock_downgrade+0x880/0x880 [ 2409.163518] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2409.168632] ? oom_killer_disable+0x280/0x280 [ 2409.173135] ? find_held_lock+0x35/0x130 [ 2409.177220] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2409.182077] ? memcg_event_wake+0x230/0x230 [ 2409.186416] ? do_raw_spin_unlock+0x181/0x270 [ 2409.190927] ? _raw_spin_unlock+0x2d/0x50 [ 2409.195094] try_charge+0xec5/0x1490 [ 2409.198823] ? lock_downgrade+0x880/0x880 [ 2409.202987] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2409.207844] ? rcu_read_unlock+0x33/0x60 [ 2409.211966] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2409.216829] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2409.222917] mem_cgroup_try_charge+0x259/0x6b0 [ 2409.227524] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2409.232471] wp_page_copy+0x430/0x16a0 [ 2409.236382] ? follow_pfn+0x2a0/0x2a0 [ 2409.240198] ? do_raw_spin_unlock+0x181/0x270 [ 2409.244714] do_wp_page+0x57d/0x10b0 [ 2409.248443] ? lock_acquire+0x16f/0x3f0 [ 2409.252428] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2409.257113] ? kasan_check_write+0x14/0x20 [ 2409.261358] ? do_raw_spin_lock+0xd7/0x250 [ 2409.265609] __handle_mm_fault+0x2305/0x3f80 [ 2409.270035] ? copy_page_range+0x2030/0x2030 [ 2409.274480] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2409.279278] handle_mm_fault+0x1b5/0x690 [ 2409.283354] __do_page_fault+0x62a/0xe90 [ 2409.287435] ? vmalloc_fault+0x740/0x740 [ 2409.291510] ? trace_hardirqs_off_caller+0x65/0x220 [ 2409.296534] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2409.301473] ? page_fault+0x8/0x30 [ 2409.305030] do_page_fault+0x71/0x57d [ 2409.308847] ? page_fault+0x8/0x30 [ 2409.312397] page_fault+0x1e/0x30 [ 2409.315973] RIP: 0033:0x410398 [ 2409.319174] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2409.338088] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2409.343466] RAX: 00000000ed3764ca RBX: 00000000c68a3309 RCX: 0000001b34520000 03:45:30 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20]}) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={[], 0x0, 0x0, 0x12, 0x1}) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2409.350748] RDX: 0000000000000000 RSI: 00000000000004ca RDI: ffffffffed3764ca [ 2409.358028] RBP: 0000000000000004 R08: 00000000ed3764ca R09: 00000000ed3764ce [ 2409.366267] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 [ 2409.373549] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000004 03:45:30 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = getpgrp(r1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x5, 'syz0\x00'}, 0x0, 0x200, 0x5, r2, 0x9, 0x706d, 'syz1\x00', &(0x7f0000000080)=['ð0\x00', 'vmnet0)\x00', 'em1^ppp1]\x00', '-!\x00', '@bdev\x00', '{GPL\x00', '$ppp0\x00', 'nodevmime_typeJ\x00', 'em1)posix_acl_accessnodev\x00'], 0x56, [], [0x1, 0x4, 0x5, 0x9685]}) 03:45:30 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xc, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:30 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2409.545563] Task in /syz5 killed as a result of limit of /syz5 [ 2409.553643] memory: usage 307200kB, limit 307200kB, failcnt 1799 [ 2409.560765] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:45:31 executing program 4: syz_emit_ethernet(0x2, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa0086dd604d3faf00003afffe8000000000000000bb0000000000bbff0210000000000000000000000000018900907800000000000000000000c6fe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e000000000000000000000075dd00000000b717db1a10af15978fc19a977ac2ca0791503794365524be347bbb259ee89941c3099df3e9a5a042148a59934d46e42790ba3979b4c87f803ac9f704aefbb6a95b20142d37e3f140f0cbaaa7f022c1d73d55a0a73b9fb14af5609c650229e21cde5805f2334e54496a08c246d3786898f9ab9a892605133deb5455bbebdeb43647493b13f1ffd3bc695303ebb9dab9e765e3ca15bbf8d98c51d8770e80141b70659d267dfa202102c1151155aa491d0137393dae4feff76cae165b8514f0a08dbf793591e44012db6092d182605afb5056b11f27a9", @ANYRESHEX=0x0], 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) write$eventfd(r0, &(0x7f0000000180)=0x5, 0x8) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setfsuid(r1) r2 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) [ 2409.589846] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2409.608825] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2409.735479] Memory cgroup out of memory: Kill process 2995 (syz-executor.5) score 1103 or sacrifice child [ 2409.751585] Killed process 2995 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2409.786999] oom_reaper: reaped process 2995 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:31 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xffffff9e) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:31 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x10, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xe, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:31 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:31 executing program 4: syz_emit_ethernet(0x108e, &(0x7f0000001180)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaa0086dd604d898c10583afffe8000000000000000000000000000bbff0200000000000000000000000000010001000000000000c204000001003f00869d11ffd73c4f98661af548f3f495bef2d7a35cea164fc0a9adbf53567bacc440783fcda0919b6819d54fb893a1c8f281c3f3ea1138d60a3fd8ab656ed68e04fca0e93afcff47658dc81540f4355dfa3e7ccd3d217a88891fb745556eb7da46fcb075973ec2853ef08d09057ce220a315b59cf2be1729c02e7a251eecfa83b85df013900cd9b33a463e7c93049b7e21ff913b286c29fd92359e3bce7db53173eb55db434aff4bc909c81bf48fd057a5dfe220ae4159fca28de1863e7a1170483f18c29af066cc501c1113f7b6b79be1993f20fb2ffef73a74acb6cf932d3001a0c8d4e4481aed53c2757f779973684a65be09e97a42953edc8760eec8877b48fc087b68ea0e0368b2a5f0db620061d4d6daf0bb9b3c2871c08507210e7efdd496f1aa36c68502247d3cca2468fb53647b58545add50a632f7da6fe733556bcf83d2fa8821665c953ebb93d004566fcfc8063ddc24a29f8a791822a88d3b1a858af9b647f1e9f909c4e9af4a03696e83a11dc4a2ce22b4c62ebc38b1f69fa3f8e06b55432e5dc973b58e168b2115dca096b6f606c45a2efda44e01c2667d03171aaa2cc44f723d3a7d89f3f6ba5c6a68bb3491eff449d307335dcc06ad69893f0bc3ad35693a3288f4655994be8e2ce0addd3e3f941187ce12322369a1ffd59c18d27ccf4a1ef663e98b083be484cdbec11afe66c8882cc9b4544602d7f46fb9a117de31921778f35c330d3eb18e3b3bfe2ec7cc63df20be8bed45261b1e718d4ab365c46d7532529b7cfe25e707b69ee316b414365c4c77dfb72ca12aa0fac04a47648157e0e63493bdc391d559e3b05ed5f6edbf56bf731022a2a8dc4726f66dda061419733a06a56e61159d22fa0c5d2e55a05e41aaa3b6833d05c5af2eaffce1ea6434698acd9b7d74cb53be9125bcd355667b0568094b60f48562af19d94080f0f2050cbfbbc6ba8ef6f8c4774294e7e74d3fd7fb5cf1c3de62ae94a2661830cccfb17a87c3953d6348e9ce0c9ff4a8b66c4d92fa61021a84458e41468ad1c16e4b18484bcd0d8ec527042020d42e54fbe9f848b02b02245986f116f8b9149d5d486513523692cf49d5d32f994e9cc1c51f8a8fba05d4e271885021d77b53c1c8b7332f2f3dcf9ee4fbdeb6ff0acc6aae94c365b0a7ff514c925218085667b7fafc2e24af0eec5e2fc61493eb5f7f5331dec4ec1fc2bbf3ab8c1951a1e0b8d93ee1fcc2be711800fe05a93d1cfcd15d95a25042e4fb8cac906f949bf790fe07641c25606528e080a7a5001914a908513cc8b4da9c82a70b64a721be8e15f7b65c77cdd89ba7c4df30f9dbd17fe2df7d5c1495a49738d3e8631c321349023b4a2fd93739e0bf45a00de2cb1d184483ddd39bf16640b67fcdef59e88cc7ed0a49ece4ca1606aff019a5a55a6be1dd40c7c732a54745f01b0e502ca507383a7f5a194b5c35832eb5f61a13e25b7eb3eda58c5291381b86935ed5f73f5d6ea51249f62e5abc18af6a2e772f167d02855892005dc9bbfe416ff20786fbb35318dd4939f9b3b9c99932078d301720d7ca71651ec3855bed6463336107ba844c8c775e84c4f63cdf7cf5c9325d1b548ca00e80a6a2c01c804a5f5e2719231aca66af3621031783947f778bd177764a39dba7b21b9b7872d844df0d21d246fada5ef16cd293a99b0f2f3f6a9d3a01046eecebeea41bce8c4cabca67870c4002c8ecbce6927687d0ab3ca734fd013f2c1fa63091ea8d1ae1dd964382a6d392f9cd15256e4107047c33dc33f49942187ab283c160b068ea321f5110e59f07557444215d30bacc3e64020caaaa0549f01d4acc2267a85922589274f19458c9a884c297e4ba753ecc19fcb0c4f6a7bfc64cfc624dc8b543c1541e1bc9ef7306715d07d346c7de19a614890bcf351a0ca61c87816cd932324164e5ccbd8c8d7f460fd9eb67cfae83d7d8917f33ad08343654d2e84d3c7e0e53b141b45f6751827ef2cfe061d738d9d2f05a50e8445a05d0222597d05ecbe469c72b93d1c41d24907fa1a193a2ae4abf2880c5a30fd33665315a5ab1234b9680c85eca23ebf6b68ba3e527c629cfa1dd8cfd65acc86c304a5cfe994a5288e2b86ccb37e838a4919c36bd1ead95ad10ed8009be17ea28a6eca6a3d5666237f6e2a1fedbe7989bba01a68fa93a1dd87d4085d9e33040de7bd9d457249fba454f71d59dd6f40ec6375c392085165140df920317d715ff7623e6c0c94674b75566a40ccf7b7eb3508f4c8e3a06ac39ad7f5ac7040e356f95ce71533b479b0df98360eb05a41a2061c014df5606dc86248e68c4939ac2d8a070dac5c3c791f3213fbcf25e25de09a54891a4f9e531446bd8cb6b60ace2d69768ff8177287362350195d031c943f0ca55b9243b03e00a577f9e32615e9b5ff4344567491206b16534a6ad8ce4f804168ebab1bed1b836e741d3604453945548110a1844f3a76ccc90be5ed65dc3d3e18f4b15c3aed06b559f664dec43c2bab01adcd61164d0c9302582c6c4e9cb39bd6ea1c705954239f6e092f1d03d4584d29dbf70937a97de38a60a8c30a34bb84d1e7da1c0130a3130cd1f1c12450bf10f06637ce0501601de5bc170995a5abbd2091db3d5efb4b6bf5ae3d8e8036f17f5680afe11fb665da197b2791914f3d476ea43b675987855d938e763f8af4f1f6952de5eab796d84df47e6fa39852f1aa148f49d5da7820732ed59b9a3221c85c86c948d0747aee7882d2ce9872a9b56dd08c50654bdef517bdb161edb01fe5dfd717140a5a7dc133c99e483fe1eea29de3b441f53b0e1b4353d0c372dc09201394ce28d9a0b0e37443bf31415a3bbe5d8c704daf9a6cbe0469e8118aebfa11ed9b2b270ac940d9c50bf6791e1be07e0de409a7d77a4077f14f04e038b68f89f7022a0fc21b7b88dcf76a9f0bcf4293c3a5e40a49759a4677f163207f2dc6bb7e9977b7c3b0a669214e939eb53fa7db083ab3c209a8ee6c411ccdbca2eb1458262bfb0c0883b51ecada1fbe1b3d09c0bd1f60e99a74b193edbe21c8c5d4955d14f4fbe9ada1453bda44a0e853aecbe1656c58cfee4c1cbae64724afed14f84a63d8809bee3d15fd76ed6fa293421d66c1514face94b4805b67e2f531f8bc9930254e5c014eefcae9d5dbc71bc3f521601e1150c847822e01a1a45e771ec0f78b99b90007e7e5a403f4f12f6a5d0cc93749caf1dc73cb507a0f10a754c0f87a524dd7487b026d0800e1db6fb3e1f1b06b7492d6ed738c9e651ceef1c8ef7c1dfc1524a7e3907d556db3ba9edae7846d0e2d2ad45ecddaed9fcfa3d7ed44504a714e457685983fc570f83d740965b5af4d4734ac3e2b0c76bc327a36252e16b42dcb5f814e856a5816ea9392a0b4faea02f00386b555ca7447cd3f92cc1ff9546fa99167a2143f2a52e4e56f4d30a802a3f0ccf17faee445848ac46620ca46decd1cb9426c4ffac2aa0a25e2e4592b0a57af5a3bdead98881e3151aee32da439cbd41f120bcafa1122f3195b0e46eb90101b6805d199c645a421bd3fbfca12158bb2fc6ffb42b5070d48889e98fc4dda99d38e565daf69ecd6f14eabd38d7a9192a3de58f92321b3d8a73cf92e7e5c4f575b13de9c39f1be83dbf7f94bb4e04faddde5d37c9550a0dbff0072f0e7daa5fb375943fb9471328aaabff2cb9a7986a65b10b86e6adc1132dac2b7ec91ff362239531f6f2b631f0b0f795623c906d48900f9a559d238a9c77b9a0c17e336f6936e65dcf8f38dea6c0738971e08ac995a2591ffa86d0d5844be76304ec048368fcdea35fefbb8a7aa6817ed61299c5feb3b6c492d8a1477596dc4afba1b47f6617859dadcfb35bfd476e6f011959fad6d175f1bc41afe8436bf2c3261b3cab00bc2e3b9ba57e439ec040fa6b9589cbddf60d903dfe5ed83e9ee304279ab89296b513efa53bd0d646b7f928770e781f31821dd4c392f0e405aacec77e0f463e6a7a69eadecada37c1bba9d6df1ea188c74a6b7142c8c04da945fa212bc41d6416ebe2dae1bfec35142805d7791b1df653fb538612ae03875277cd92a4fd764b1cf714dec2b3aba572042811678e40c5284fa81ce21dc346301e77f2c37157972481bd6e719e6719dc5b56c63fb9401320bb715496d7649fa9d26a5127ea375bbc785f9f0cd825bad27e89563749f0bba84d5436fcd3ec129a0e8dd215217d9e9a620e8aa743a01d0a9d4a4eaded0cf75c1c1faa76047534ca9680986a40b7fa29e719e15708f8f45517652f8515b0839599c2985cdfa82361ed1735dd6625a3faeac5159b1c42b710eae55500cbf8956462593ab4a4e80b76f916177e19cf2d9a3735dbcf9d2b82d72ac5bcfa5842e2fbbc7b9aa77e7bec66f3516abb4dd7b28a7ddab88aef3d1a8fc519e61ddcf5661f46a2e28f1d005d09aca1ff674df8c7839cd0b961193cc0f667527adb8c969f655aeca46104ded93ff5d3cb095d43363ad97d91e08139bb73ef8e0cae11864274f2eee527d6a864c9cc5285d4bd63afd6965fa10dddea9d3a45d1871adf8291c17d83e675aaa948d88e99f82f573d52ef3d7f4b39a315dcd391a3e00ea58eb62e9a0c5417dace3c84b43e0bccd14c762e3279ef39aed31bf54e1ff288f51a5dac7307146837ee7d403c7a6a1b99a91980744d2288186a22c9f35bfd48672c1457b1af57fe4c63b85dfd25e106b54b6ebcf9fff6fa67f0d542e5582730c804a60f1038e21d7f756efec9fdebd836f3539f29f8174015b20abca7fdbcf03509b5b8881e08b6e9c76bb972c93180c66f8c1b3336582e6fe3571502d528fdef6d3a49a161a45c520d427bc53ed07a11cb0119df35bb7f3b4ca084d9ccb2e9bad61a80a64ac06ab0cee2f17e00b9d0bb75ad3e67cdc095140bcc8ccfa3db90e2a3c79b2a1c725f11654d0507e88684912aaf98e64c56aa11501b5d00aff186701c6592875a6168fce945fb4b847761564ca337ec088df27ee4aa87eb8a7dc50cf46d31af9700b69e4e7cfe6f9f47ecb050d6d5fc1203fc9de2b0ebc992b1b40c454166e4bb3a06642b042147d5711ec605c686563c569b9e597e55983bc3de13bc977acc9475fb6facbb7bc38dc277e8c23e9d18f18feb1673da8653f9830188ca98fd61c244e6f83923e7d3edcb1315d904908dadb924f990e846aed7d9fd896bd3ee646deb0d066b6a403b2a4332cd1d07617f7d313177e4d47d31722928cd04b6cd9579dd29eb27a393d63477f0b16d50985b6ed5bf97cb4ea80b642e96d62194e3e15a5cdda56115693ebf1b2989aa37547bd37d8b9bd25bb45782b4032b30800a758aad5b78ea900120cba94ed9b6573f10293ae2a2a86d2589582288e7a8c1a616c130549ae3be76ea615f2b28accb039150a4dea12b88c2cfe6ba277f52224459e287be95d6bb4f85c1b218f16f248ee63fe4ed1c40fe95d527d4169d7c346092ba443169caee3293a3f8a51a89ead9f4bbce24ce8b91f98bc606b782466ea1942d69b7d983b40700ce051caa925b0d3a844a6d512b031743c136324f3a20b64fd59bf598a1fed57c8fde9f48e818cdee6b6852fdebbe5f98525b0b47631c179a519aa0b6e6e3ae6b2d5a602c2093d0b5acc9f2ebf5d45b919334ad0a7725e8b66415bf770384c1614ce4e506523cd81a4978bcc0fc86283e57bcfa86b3f3e8c6103fdf98ee5e20e3380cd5ce3c5a5f303109e898197f69cdd3a55424e4370d79e093ebb185a9eb364328ee0e94d73963e766445057608e1ab5f241def037e52003afb643ee2080ab467b5b421efb0880b08c991eb12050200c000000000890090780000000000000000000000000000000000000001fe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e6524c4a2a4c893a6340b4106910acc3260452c9cd016905a987cb8a60f5626c634b79f198d3a2c718691c6ab39819f79a8a7f8da9b2721161fc093fb8649abe88554c4"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') fcntl$getflags(r0, 0x401) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4f15}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xc7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x60}, 0x1, 0x0, 0x0, 0x24000000}, 0x14) 03:45:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xf, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2410.054099] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:45:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20]}) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={[], 0x0, 0x0, 0x12, 0x1}) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2410.096922] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2410.103760] CPU: 1 PID: 3610 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2410.111498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2410.120870] Call Trace: [ 2410.123480] dump_stack+0x197/0x210 [ 2410.127132] dump_header+0x15e/0xa55 [ 2410.130874] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2410.135989] ? ___ratelimit+0x60/0x595 [ 2410.140015] ? do_raw_spin_unlock+0x181/0x270 [ 2410.144532] oom_kill_process.cold+0x10/0x6ef [ 2410.149051] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2410.154616] ? task_will_free_mem+0x139/0x6e0 [ 2410.159141] out_of_memory+0x362/0x1330 [ 2410.163138] ? lock_downgrade+0x880/0x880 [ 2410.167305] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2410.172432] ? oom_killer_disable+0x280/0x280 [ 2410.176951] ? find_held_lock+0x35/0x130 [ 2410.181046] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2410.185910] ? memcg_event_wake+0x230/0x230 [ 2410.190257] ? do_raw_spin_unlock+0x181/0x270 [ 2410.194768] ? _raw_spin_unlock+0x2d/0x50 [ 2410.198942] try_charge+0xec5/0x1490 [ 2410.202680] ? lock_downgrade+0x880/0x880 [ 2410.206859] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2410.211782] ? rcu_read_unlock+0x33/0x60 [ 2410.215875] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2410.220745] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2410.226838] mem_cgroup_try_charge+0x259/0x6b0 [ 2410.231451] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2410.236403] wp_page_copy+0x430/0x16a0 [ 2410.240321] ? follow_pfn+0x2a0/0x2a0 [ 2410.244146] ? do_raw_spin_unlock+0x181/0x270 [ 2410.248663] do_wp_page+0x57d/0x10b0 [ 2410.252489] ? lock_acquire+0x16f/0x3f0 [ 2410.256482] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2410.261175] ? kasan_check_write+0x14/0x20 [ 2410.265429] ? do_raw_spin_lock+0xd7/0x250 [ 2410.269696] __handle_mm_fault+0x2305/0x3f80 [ 2410.274207] ? copy_page_range+0x2030/0x2030 [ 2410.278687] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2410.283482] handle_mm_fault+0x1b5/0x690 [ 2410.287574] __do_page_fault+0x62a/0xe90 [ 2410.291667] ? vmalloc_fault+0x740/0x740 03:45:31 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x10, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2410.295749] ? trace_hardirqs_off_caller+0x65/0x220 [ 2410.300786] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2410.305738] ? page_fault+0x8/0x30 [ 2410.309306] do_page_fault+0x71/0x57d [ 2410.313134] ? page_fault+0x8/0x30 [ 2410.316690] page_fault+0x1e/0x30 [ 2410.320152] RIP: 0033:0x410398 [ 2410.323363] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 75 0c 4c 00 31 c0 e8 13 1b ff ff 31 ff e8 5c 17 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ae 22 66 00 [ 2410.342287] RSP: 002b:00007fff63261610 EFLAGS: 00010246 [ 2410.347672] RAX: 00000000ed3764ca RBX: 00000000c68a3309 RCX: 0000001b34520000 [ 2410.354957] RDX: 0000000000000000 RSI: 00000000000004ca RDI: ffffffffed3764ca [ 2410.362248] RBP: 0000000000000004 R08: 00000000ed3764ca R09: 00000000ed3764ce [ 2410.369541] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bfa8 [ 2410.376828] R13: 0000000080000000 R14: 00007fe2ddc4a008 R15: 0000000000000004 03:45:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20]}) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x0, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000280)={[], 0x0, 0x0, 0x12, 0x1}) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:45:31 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) 03:45:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x12, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:32 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018940ffff00000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e01e0b2e4e03cbece4406369123bbbfe5ea041bd904897e6d1d68f2220d4cca37abf2836e1f453e703c8724fef923e21a251a292b9c07dd48e60f52790ea67e5b2b3b4a7040a88909c4352cafa754569ec7b6a8"], 0x0) [ 2410.739944] Task in /syz5 killed as a result of limit of /syz5 [ 2410.746841] memory: usage 307164kB, limit 307200kB, failcnt 1831 [ 2410.753934] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2410.763271] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2410.772945] Memory cgroup stats for /syz5: cache:128KB rss:48KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:120KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2410.893429] Memory cgroup out of memory: Kill process 3610 (syz-executor.5) score 1103 or sacrifice child [ 2410.912189] Killed process 3610 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2410.929274] oom_reaper: reaped process 3610 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:32 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xffffffe4) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:32 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x10, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:32 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x26, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:32 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9eaa3e65000a0efe3bc58befeb3ea5c5226fe3765605ec9f5950ee042ad8b37188826dc4abf1e3248328d7b0c9fd1f2bf1681eeddcb9ae88465d0600000000000000b481a6ed32d40028305242b291778cbada9e566f1a786f09497694d4e7e54335d9f9ec6d2f21f737328e4e6a9500c1558abec5a232cd056dbe774fa66c262c20f71730ae35bd598eb109ab768f1247817e5980177c84f3ad2be3288fb1a20e46e6b2232f7cdc4c7da2c37b08af2a9be3a63b519c45a91243527d9927ffacdaffe9855a310265a1536da8988f90bd11ae7d9b78d5a525c7bf7ff4b931b425ee461ef2a754a98e61fef7219398177fa7595e4885a5980ee0d873ed1c"], 0x0) 03:45:32 executing program 2: r0 = socket$inet(0x10, 0x2000000002, 0x0) sendmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="240000002e0007031dfffd946fa2830020200a0000000000000000e50c1be3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea966cf0554edc7de8ddeb133c2b3ce9fad90f15a36a15", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000002540)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:45:32 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)=0x8, 0x4) sched_getaffinity(r0, 0x8, &(0x7f0000000080)) 03:45:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000004, &(0x7f0000000280)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "e8d56e5937aba6de", "896ff00c0500778bcb7df9ac0948cdbafda42954457f3e034638ff1ea8ac8a3e", "aed892a8", "85a42a4ae69146e4"}, 0x38) sendto$inet6(r0, &(0x7f00000005c0), 0xe0ffffff, 0x0, 0x0, 0xd8) 03:45:32 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2a, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2411.365907] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2411.410016] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2411.416023] CPU: 1 PID: 4017 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2411.423764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2411.433130] Call Trace: [ 2411.435743] dump_stack+0x197/0x210 [ 2411.439397] dump_header+0x15e/0xa55 [ 2411.443137] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2411.448263] ? ___ratelimit+0x60/0x595 [ 2411.452173] ? do_raw_spin_unlock+0x181/0x270 [ 2411.456700] oom_kill_process.cold+0x10/0x6ef [ 2411.461228] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2411.466787] ? task_will_free_mem+0x139/0x6e0 [ 2411.471313] out_of_memory+0x362/0x1330 [ 2411.475317] ? lock_downgrade+0x880/0x880 [ 2411.479495] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2411.484623] ? oom_killer_disable+0x280/0x280 [ 2411.489146] ? find_held_lock+0x35/0x130 [ 2411.493243] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2411.498119] ? memcg_event_wake+0x230/0x230 [ 2411.502465] ? do_raw_spin_unlock+0x181/0x270 [ 2411.506986] ? _raw_spin_unlock+0x2d/0x50 [ 2411.511165] try_charge+0xec5/0x1490 [ 2411.514900] ? lock_downgrade+0x880/0x880 [ 2411.519185] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2411.524049] ? rcu_read_unlock+0x33/0x60 [ 2411.528136] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2411.533006] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2411.539090] mem_cgroup_try_charge+0x259/0x6b0 [ 2411.543697] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2411.548652] __handle_mm_fault+0x1e50/0x3f80 [ 2411.553098] ? copy_page_range+0x2030/0x2030 [ 2411.557553] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2411.562244] handle_mm_fault+0x1b5/0x690 [ 2411.566327] __do_page_fault+0x62a/0xe90 [ 2411.570414] ? vmalloc_fault+0x740/0x740 [ 2411.574500] ? trace_hardirqs_off_caller+0x65/0x220 [ 2411.579547] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2411.584493] ? page_fault+0x8/0x30 [ 2411.588062] do_page_fault+0x71/0x57d [ 2411.591883] ? page_fault+0x8/0x30 [ 2411.595450] page_fault+0x1e/0x30 [ 2411.598912] RIP: 0033:0x412b3f [ 2411.602115] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2411.621028] RSP: 002b:00007fff632615f0 EFLAGS: 00010206 [ 2411.626417] RAX: 00007fe2dbc08000 RBX: 0000000000020000 RCX: 000000000045b39a [ 2411.633701] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2411.641107] RBP: 00007fff632616d0 R08: ffffffffffffffff R09: 0000000000000000 [ 2411.648398] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff632617c0 03:45:33 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) socket$inet6_tcp(0xa, 0x1, 0x0) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000080)={0x9, "44620d64273ce02fe862aa7cd211dc9f24b9d7a87008a49f01331da3cc487365", 0x1}) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x8, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 2411.655701] R13: 00007fe2dbc28700 R14: 0000000000000001 R15: 000000000075bfd4 03:45:33 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:33 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaafc86dd604d898c00403afffe8000000000000000000000000000e37a8000000000000000000000000000aa8900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0303d5f2c1e36282dfc7cd13cee47449e197e84a673b32dc"], 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) bind$ax25(r0, &(0x7f00000000c0)={{0x3, @null, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) write$UHID_INPUT(r0, &(0x7f0000000140)={0x8, {"37712b2607fbacef7a0e12cb8822a7458c3ca8d1ef72c1f422ab2360b61e975667b3658f7b10a69d29e7361fd8ff844256bf36feebba3871e29c62ffeabfb9bbe610dc75201d887ffb9d57d04f28915c396d6c1092928a45b1c0e15a9bb8a47307fac91a01005fa11a1de5f7f782263dcf202d9ea7bcea0b41c10867a5ccaae365964e4895d75a112162536b717a93f3d5255f119419496cea391ab3edf856e3f815031cdb3b79935c764de3619afb604f3e88012bf7b04702539d698e2358a390a0516d970cb6ea42e2772a9856df509de5fc94cd0ccfaea1426254f9b299d7f9f8c7aef9a67d7b85911d9b9c6031db1e0af544e9d2af62645da83c760e34ccd11e02e226dfe72453edab40a88ef69103c39b78556e2b83032d2305137d755cdce4c1df63a2c70687bc2cda0b44e05b5a0f97673eb222abf8bfb8a2ef7c2ea7b12d428060846e5007fe5bb8697cf0d1c42674cb214db5962e1e17f3320611b1586875faa5c11f3f8ba3a3a297b40660a6a1c5fa4e114e3f55a9f45f2de88c7bd8cdd51800e6a1eb7c046d421606c29edff36772f2173c6b6905b04ac0903095c8847729b5865df696a9f92126657653fb44195d9cc99c367f93ae0c87f74686bce9ba5a4389f0412588f9b1ce7d00597671be10a949df52a732ff0cf5392ed137a5b3f3de08c78847232087aed8574e537d4c45955c70e684268e36a2514fcb84b987030eda624609a8666ee12d32a37c6250de359cc8af7071f3e3a22aa8ba7b611d843320e6b74419e2a18b07ab20556534560524307f10eefa95dec98b3c7c98ed1178edc5bb2d8a0d597f74671ef126c171e92e8ceab84927bc81e4c32742f04d7cc6ce3c2fa541ea9f16da4c9dee0039646d67b542ebae035ac02e0b6e130b31400af4ae77268cc8cc5eb22be23b0fcbc1d338578487df035701d0c1a9aebc69888f7b963808c1d5ff7351ec6902349409bc3fcc0fb6780494d9cbd87d4ec55e1b5efb6ab754648ba68eae3515a6ea8762162e9532022ef09e7e786066f0c5ba53e8035b01b4fb9e7187892d03f797b6470c2775b2c161d60d8004bb5064569927800eefcc5cd109f0d19eb29e090dbbb2fabf226599a611f49139d1c344cdcfe8ebeb870b91e79c8b3a827b46a077f5eb9102cf88faa76ddb5425dfa4181c142efc82a0b6112d8996f510a4a94771ddd6e427502919d5c78368b440393df409e750d052e0d86489cf4a7776c7eade68a2eaf151405dc846fd1d8b362982afe09c07356d3dfe17880e9ea189657eaa736ff32da0a736de2fb8498d5add107d902b4541895e83e2986dd3f1a186d023878ad54512c4561fb40806840245d1782f3acbdb7f57b25a1a9b49e02c7e1e13bfac2dac3ac06048c4b88f1a290ee27c038848b8191136707007a5401740595837ad6a246fc50665465e01b71ef5886ec16bcd691d0b5bbb83fd72f658b7947eb435f01d456f5f0ade91e717246e88c367fe3beb0048ee9257e0729293483502de7932ca3e2f3d91f492c46853b3eb536ad4f4588a16ab1a2e1bb4ac7332216461aa8a6d6825dca0642be844db2963cf75ebb1466d59d27f44a8b19a57bc9b8dd23e84197fc252cb482cfaf332f12808629bc3d0a996593f69d205c8ab8c8eb706e6c138b47d2bf8ad67d72ade06fe6bbceb5db8e8cd314438ae2cb0ac4b04d1ee795ad22c42a8aa9e19529719e4761d9f4d591275b70540bfcbe35222f1460bdd9da1811e6a05b6b4dbc9544e3f8a4f54caa1db24614c2915236bbafd651dad3dd6c0a03da0f139c771d766e9c5fcc3e0c729015c7886dc64b9afee2121291d777dab9a79d4835f4f5dc94b73a67cf39913315ad499d4eab16c3f1c2ccb5810267e2cd01d0376de31d559d2f8830eef56c67c8dcbf32adc037c1bf26c4a4aa19b77fb690a4c788227ae206ffcd889bb8ce2b97a39c5f6e59035c99ae3e5361e8170abd3ab06ffe474d6e2825d9b8a6b76be2a0b2411aaee5782af7539d2681ef3f39e9358a33dc71bbef7e46dc4a8a3e5026861eec5aab58fa2787cd42578db41a013aee202a3f9c7a0636ceae93f0db93f4aacb305a6327ae991c85f03c2dfc0893fab52d2804c3edc57197ca4a026a7e4d20fbe1c828ec5527c53b9cceafdbf47f842835b407be15eb1c5970ee3aed9831749fec08289a79b6378ecb9e8844eb60d3bc5b3973be46b3db234f399585842592bf12c2e9efb993df5c992b93ca0c6bf6c1a34e298a34087692a0f485b986e3645e25373e6e5d616701352dc469dc0ebeb52d258703a043439e7f5b80c0d69e019746607fb7f9aa5782791563df17cffffe999d0d477774cee086ba99d1cbd5cab1c999957c4e66975cb929e68e4a889693a62a39f811beb02282425d2f2e74c29a904be6ce3cf6a6b178f290a4d7070d186ca650fe077e754a537f4edc7f3e68007b481e8a1793bba298677124c3d58ca6f05d1ef5e74dcc3b9880c257b8459e841ac12ea1f43a502a60a5ca60c681d878cea142ff69d7d5b59b837a7e91c00e110b59f792a0d0f5d109be0d1283356448ba76a21a3f9337c5c63d687d1a7c983f3cbf45706c8be60a47aff76f5fac47795f6e2e279c4ed8b3554e20d0642a2e4cd675ef7bc0efa85cf48bc8531580e74e5d38d3b58bd3d00350f15bd0dc6c14763d8aebd2aeaf3565b1112308ab9035aedf8c6575949e5181ea384f05122d7d498bd848141b79479ba617bcf1b498e79af9278ca2d1db961f9d982f42f6135555c653ea61c9c0d584d73c6c049ee5057762286e51b033f6744a14ab5ed07eba9977db0f644aa12ca39db56765e73c792870798f5be83fc9856b4f1edd176487cdc1af428720eea169522a6ff181917b28c7e732ea8162812c74eae42a975ca0b4c37a0a3d26e195180d1947947fdcae2e3b3ae67198d7af94750a9991172e0094932d9e50b34c2927f1f42971111521b55731832345de23a0444a1a65bc80983931885a835f617a7582051a155ff84253f0ee23f566dd49293b2f6960949a20d34685d35d6bb3529b91e9363741b0287fbfb149328689d2849f4696b73e3e4f4861b96c1f0963eafabd7df25b7108ef1087b5627c1c920be8802bc133d528e71cd22785da0448dccb4d51f1fb41a4c8827b5d678ab50d6f54e0580d4292a08c5be7d1e0680c07c66f89bdf3b32ec06d4426752276d90981b36e2797334ba1fe32b205f5ddc27f9c72bf41dd6955adf83de7fb975435d10133abbf599e76543c1b74aea57fd13823fa2f159fcb2194751d6b246811bbac3bf8875be5c6d2e7dd297649c4fe05448a480be63f5d7693d4f0f1a213859e7f77c1b8c44bd1b6af993c7675e3776d960884561ebae0f784f966ea8487b45b251715f90c73bbe56e095dbdf870d4c66cbe42e74841ec95f8d2eb49f89002f0937928d90a6650b3d9ef553f0521a5be6c841a2486b5f65375b7aeb68fe0f86de2273038de5e6685af55c5967731336bc4eef074487ee6c4cc673445a5dd11add44c3dcca932de67662b061d57300639fa6310661360a8d2c84f5bd84d5774f65d89a0a7d8b305e09c09f92c7e994de0209537cb1b194bcc234ce75a4ea8d7a9689f2a0ade84c37caaf3ce81c25d51251b65d86007b3f8838bcb9e33d30055a3d7ac7e1eca646039dc3dece86a88b2b2d85fc9adfec1dcf34c005da305a5ad3dced9e5871ab346b20e519690443934643fd8d9ec28c5dd7321d85123b95064e9eec27d7f3a39424da849bce0e4c1bea5f04d242f40a0e388939c3498946a09bc7601235d70d9590aa69d7608d849434f19cb7b2d027b7765e58f4696b2386773d20cd8644efc7276ebaee93701033069e857b94552e3be5ed7f356a3ba6ca800a4fe2a2fddb90370e5afbdba28f348c5007fee2702e0748e8fe5dab75689b6801c7f02670cca9ed72210a115446c60d8d148372e9a34340ecfbc91be9eeaa5dffc1915539c5efe74a3301f1ee018bd108633ec8c0cd9d668453d6f2be95d126e847056307d4a56a90fe7b360143b0c6d7a47362c028d9330a72064621ae161bc449bbdf135220d8ee18ec263a8d3782cca318937548408e4ba3c498237a87f156563848945b73c21af3d4d0fd92931ad0de8e1930ef56ae6b2b5b4e148f68d5ad1e8d480151783db65bd028e5d927f5e36be0d098cce5fecef979f282c5de7c2c6eb743f68d432270f1205cc7a29960d8c5662e71f2ff4076042897dbec56e6580fe40b5b90ec91c5825a14f249f3304bef7d56261ba4f0c43d0f9b65a3be3ec3e3958f88d53944e7dd514efe8fc3823142693991cf31e148ed0c731063cda43001181158cf0b9d364954318efc2567acefc8d6dd27313cadbe785b4fbf1c6915cc3f085bedb313c834b4ab65bef970cc1a4d669a1162d2ee86bb000c7992169f71aef0eef086e2f4aa05cd2fb58d192517c56c90a80ee20cbd8e9011c708cd0cbf44c67bc1800b3d888be1bef98cd8a8b4dd39c3d3e4ac7fd3d7120003edd19498bf7bbf77f3f4714afae1f79fbb965aaab96c341e20acfdbc36008340ad03e282c3527ccc3805e4e7637e35160b227ab90c7acf53657540f6035cf2cdf0374d009c59d10616dac412d337e4f6d7b5ea2a51d9166ac975ca89cbe45b93e4ba905e255464bbac4e599c9e9d20fad8b0da7a9565b7404c979ddb47bc71850700a3fec8ae2959f7a09c37807d84436a6b2aab956d3f93b4f81d6bb390d7587c30b68e91c5b26d5e4096a9991beb834c6d7014aeaf3763369b1226e029130127fa37bd41bd3344ffd4f3f9981046d387202b23e49893313172debec5eebbda138ddab76cfe31808f59160dae7c929d9811304b8704931928045e137b4a77901f7520ad18e50e693d74aafa0ad955b0c9c47608fa7fa399abfe6677901b900ebb7fdf1689ccbe54f70fc5eae3708ebac279a7fb15399abc5a84a8a88087f8bc076279b202a0d54316806915c601ef86e8c116db19cd4927b482051f61e7c64ccc84d47772532a8ea780d19ab1b0bd8288c726702fbd2149b97a48d28e2063fe77041e92bd8bf3fa63bd89be370e5f0ae6e0c6092c3aa029996ea5c5cf5b69da29c27b0fb7f1fe2b247a7a7880a6d9cb88c82034e4b7e1565e237da645ffbeaac10f5005a3378571a81e796374dfb8d783583da1f7d38d642547c2006da8731478b72243343c679ece67bc32ef54eae141bf7ca28e4a2563bc3d178e69fd3caf06aedd7054e3f2462df03812bfe0087000ec906d14b2f6703c2cfb66fb1752e8c7683625f8e86f297c9fa86b44c0d11d27e197a4831a75cd3703cc537af4379688cf39ebc191fa1ac8980d34893f808595b01757ecc674b9ef96534127c604dd577c59d556d9453d1c26cc0001598781e2272f8de3a7724b3aa53d079b35f06a866b49e9c2ab8a5a4f9d62ac50c4366e21f1be2b0c8ddf5870a3b38d1a29dc504233e06363fe40b7035d8178fcb351409014eccde8cd5bc7a1ee03455cdc39be851927458849728ea5b7bf1b4365f9965a9c8ae66a5a77d20845f9c020e664c0d82757054f202c8505c27f427df2ebde80a262b7b073d01c97ebd370c3c7ac6711f84d0e6840b784a353e7b1a95480881c76c28b1f8b4728e23f17193cd3e2306b38a9d12b47f7f5452f26937642ebd909f28b1bbd8c1aa09c5a5e6d5a009ae4aa029804a3b59a05274d107bcf0d91d0a7b91ac1f054aa221f27ac887e00cf9ffbb55d303cfa2fb12e9a915e1a7c77cda2ce855455fa72f13b829e5d1c91674301c13db85aa2fb", 0x1000}}, 0x1006) [ 2411.857187] Task in /syz5 killed as a result of limit of /syz5 [ 2411.873198] memory: usage 307200kB, limit 307200kB, failcnt 1842 [ 2411.881497] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2411.915892] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2411.965853] Memory cgroup stats for /syz5: cache:128KB rss:180KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:152KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2412.010165] Memory cgroup out of memory: Kill process 4017 (syz-executor.5) score 1103 or sacrifice child [ 2412.020414] Killed process 4017 (syz-executor.5) total-vm:72720kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2412.039333] oom_reaper: reaped process 4017 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:45:33 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xfffffff0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:33 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x38, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:33 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x10, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:33 executing program 4: syz_emit_ethernet(0xf2, &(0x7f0000000080)={@remote, @empty, @void, {@generic={0x888e, "def845e23349813ed19aa4c0cce2d0f6d8dab8798e09afc411580ff931ac26f539097de360c3ff1ec5648b5f20135b03487289b5f61a5ec185ab895602aa922c09ee8a4e3ba664719b792f48725d54da8f920331cf7ff14aa09e31843ff04ac5f3aa874f9de7cd15a0fbb119a8af9ff597116353169c92352f322c32c54a9715a721f92cb067ff42986d7c65c3a5fcef465ba28cf8f5aa6689a8d9a0a4b8ac1c3d0730933bea5663902b36bf58252be808588d4ec144e2dca327a4274ec81857423edc7a780cbc977e85296ea5e29bd813573a6b698771cf8b8b2371e2326b6bde29018c"}}}, 0x0) 03:45:33 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$VIDIOC_QUERYBUF(r2, 0xc0585609, &(0x7f0000000100)={0x2, 0x2, 0x4, 0x4000000, 0xacce, {0x0, 0x7530}, {0x1, 0x0, 0x96, 0x5, 0x1, 0x7f, "7ef03e70"}, 0xc9, 0x1, @fd, 0x6, 0x0, r0}) ioctl$EVIOCGID(r3, 0x80084502, &(0x7f0000000180)=""/23) write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, 0x7, {0x7, 0x1f, 0xfffeffff, 0x1040000, 0x6, 0xe4, 0xfffffffc, 0xfffffffd}}, 0x50) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:33 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x48, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2412.264069] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2412.328852] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2412.338371] CPU: 1 PID: 4542 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2412.346125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2412.355600] Call Trace: [ 2412.358210] dump_stack+0x197/0x210 [ 2412.361888] dump_header+0x15e/0xa55 [ 2412.365618] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2412.370736] ? ___ratelimit+0x60/0x595 [ 2412.374633] ? do_raw_spin_unlock+0x181/0x270 [ 2412.379145] oom_kill_process.cold+0x10/0x6ef [ 2412.383665] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2412.389224] ? task_will_free_mem+0x139/0x6e0 [ 2412.393749] out_of_memory+0x362/0x1330 [ 2412.397749] ? lock_downgrade+0x880/0x880 [ 2412.401917] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2412.407042] ? oom_killer_disable+0x280/0x280 [ 2412.411550] ? find_held_lock+0x35/0x130 [ 2412.415641] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2412.420504] ? memcg_event_wake+0x230/0x230 [ 2412.424850] ? do_raw_spin_unlock+0x181/0x270 03:45:33 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2412.429364] ? _raw_spin_unlock+0x2d/0x50 [ 2412.433625] try_charge+0xec5/0x1490 [ 2412.437379] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2412.442249] ? lock_downgrade+0x880/0x880 [ 2412.446428] ? kasan_check_read+0x11/0x20 [ 2412.450619] memcg_kmem_charge_memcg+0x83/0x170 [ 2412.455323] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2412.459851] ? __isolate_free_page+0x4c0/0x4c0 [ 2412.464460] memcg_kmem_charge+0x13b/0x370 [ 2412.468728] __alloc_pages_nodemask+0x3c3/0x750 [ 2412.473545] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2412.478592] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2412.484163] alloc_pages_current+0x107/0x210 [ 2412.488601] pte_alloc_one+0x1b/0x1a0 [ 2412.492429] __pte_alloc+0x2a/0x360 [ 2412.496085] __handle_mm_fault+0x340b/0x3f80 [ 2412.500528] ? copy_page_range+0x2030/0x2030 [ 2412.504977] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2412.509674] handle_mm_fault+0x1b5/0x690 [ 2412.513769] __do_page_fault+0x62a/0xe90 [ 2412.517865] ? vmalloc_fault+0x740/0x740 [ 2412.521955] ? trace_hardirqs_off_caller+0x65/0x220 [ 2412.526998] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2412.532051] ? page_fault+0x8/0x30 [ 2412.535625] do_page_fault+0x71/0x57d [ 2412.539447] ? page_fault+0x8/0x30 [ 2412.543008] page_fault+0x1e/0x30 [ 2412.546478] RIP: 0033:0x4006c4 [ 2412.549694] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 2412.568617] RSP: 002b:00007fff632616a0 EFLAGS: 00010202 03:45:34 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe80006eea1306956a5ae590000000120000000000000000bb0203d5f2c1e37382dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) [ 2412.574002] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000020000080 [ 2412.581291] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 2412.588577] RBP: 0000000000760420 R08: 0000000000000000 R09: 0000000000000000 [ 2412.595936] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bf20 [ 2412.603219] R13: 000000000024ceba R14: 0000000000760428 R15: 000000000075bf2c 03:45:34 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) syz_extract_tcp_res(&(0x7f0000000080), 0xfffeffff, 0x8) [ 2412.771316] Task in /syz5 killed as a result of limit of /syz5 [ 2412.796044] memory: usage 307200kB, limit 307200kB, failcnt 1878 03:45:34 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffc, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x100000000000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) socket$inet6_tcp(0xa, 0x1, 0x0) eventfd2(0x0, 0x0) ioctl$VIDIOC_ENUMAUDOUT(0xffffffffffffffff, 0xc0345642, &(0x7f0000000080)={0x9, "44620d64273ce02fe862aa7cd211dc9f24b9d7a87008a49f01331da3cc487365", 0x1}) r4 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x1100082) r5 = memfd_create(&(0x7f0000000080)='t\bnu\x00\x00\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f0000001140)='\'', 0x1}], 0x1, 0x1081804) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, "0eb61538a462ee812ba43ffc89bf1173dc3d06375d14638fb21b49d26972d96ef0b4b2e6d730ad6a7562b478c2974a9896747dccb30e7f63a1b51ec059554277", "1d0e47f158fae68f4d2aa224439c30eb3b3e468dfc3035d92c0929eeee707650bb008bd2cfa188d8954a0ede9661149d95659eff1ce2212f115951f98f736335", "3edea3fa98ed88e7de49fc2596c78e888e955cdca02efa85c8116766d8f71310", [0x0, 0x6]}) sendfile(r4, 0xffffffffffffffff, 0x0, 0x0) r6 = getpid() openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x500c0, 0x0) sched_setscheduler(r6, 0x5, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x20a29, 0x0, 0x8, 0x0, 0x0, 0x80000004, 0x1000}, r6, 0x5, 0xffffffffffffffff, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/cachefiles\x00', 0x208040, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(0xffffffffffffffff, 0x112, 0xa, &(0x7f0000000040), 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 03:45:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x4a, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2412.831064] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2412.873399] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2412.885328] Memory cgroup stats for /syz5: cache:128KB rss:40KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:34 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2412.948903] Memory cgroup out of memory: Kill process 4542 (syz-executor.5) score 1103 or sacrifice child [ 2413.024535] Killed process 4542 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2413.140262] oom_reaper: reaped process 4542 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 03:45:34 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xfffffffd) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:34 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0xe3, 0xfd, 0x0, @tick, {0x0, 0xff}, {0x0, 0x7d}, @connect={{0x8, 0x6}, {0x8, 0x20}}}], 0x1c) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000000)=0x2) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000080)={0x6, 0x8, 0x1, 0x0, 0x0, [{{r2}, 0x1}]}) 03:45:34 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x4c, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:34 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:34 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000740)=ANY=[@ANYBLOB="440100001800130700000000000000007f000001000000000000000000000000ac1e000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f0000000000000000000ffffffffffff0000000032000000ac141400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c00", @ANYRES32=0x0, @ANYBLOB='\x00D\x00\x00'], 0x144}}, 0x0) [ 2413.416988] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 2413.435073] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2413.443795] CPU: 0 PID: 5114 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2413.451555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2413.460931] Call Trace: [ 2413.463539] dump_stack+0x197/0x210 [ 2413.467192] dump_header+0x15e/0xa55 [ 2413.470925] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2413.476157] ? ___ratelimit+0x60/0x595 [ 2413.480066] ? do_raw_spin_unlock+0x181/0x270 [ 2413.484584] oom_kill_process.cold+0x10/0x6ef [ 2413.489108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2413.494663] ? task_will_free_mem+0x139/0x6e0 [ 2413.499188] out_of_memory+0x362/0x1330 [ 2413.503181] ? lock_downgrade+0x880/0x880 [ 2413.507351] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2413.512472] ? oom_killer_disable+0x280/0x280 03:45:34 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000080)) syz_mount_image$afs(&(0x7f0000000000)='afs\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x7, &(0x7f00000009c0)=[{&(0x7f0000000100)="f04cb6d8c5b01c3d1717f9e51791f1f8e421d6af8ee7c2674a9e2d9cba73fc2a51e9b0360ba5d7c40ccd1b23744e488f67b5e947e2e7e063a85068d2282d8ca005bdaca0aa32dce9c22f7762b70e6e89d5c128cc1d1edf1f2a95dab95b8441ad2f6d1329c36a0ae0b9aed07ff8b19a52", 0x70, 0x3}, {&(0x7f0000000180)="bc074c1ad46f5b96edbcae71b33bf9f730a9b020635c41595ac1da", 0x1b, 0x7fff}, {&(0x7f0000000780)="3e1e1e63eda82020ecc5b8bbf4ccc87d51ce8bc238a279aa26fefa43ad89ca2b278d579ee11e3dd6b23e5013c5043b6bc5cf116eaae58aaca186fa8db675a2779d1576bda3e8adf8b19e156202ac83dc193abf1bfcd82ca53b97391ce5d0bfa6bc5625577125e266e0eef5cc34d94610d5baa408", 0x74, 0x1ff}, {&(0x7f0000000800)="f850473829adc4ccdd314fe7a29945cfd2335265525e27bd6d9b703244c990f9418b0ab36595b2dbb3c54da8e1eedd73ce1e0866fd5eff21f271e435cd49d6fc1535e690c324a3b0393a400904a1050ca019bb650364906f31972c5540488a6b788ce9a7", 0x64}, {&(0x7f0000000880)="fb5e97c025d4c2954d9db393ba3416fde295971b8ce810a290194831b2e21b4f544e0fa72d517a373d569d88fa0b916b0428037b91d9737090196059d9f7167533e58569adfddc2a7c0df3451593a2d9578353cf", 0x54, 0x7770}, {&(0x7f00000001c0)="109c20353fef6fba0e2879371aa0c56b71e290052f500266f068dde0dbdd3f88c171a8b2db2cf65ae869140c", 0x2c, 0xff}, {&(0x7f0000000900)="5b56fa0f0fd828055bf35db75d6618b6f4b19840f2d175b016ceb9c39a191a86a5ff59484aac8a873d9ae49b64f5ce24a9b13d2419b1e834b6b05451083b83f9aaa5dfa528dceacff06da84aa9e6ea86ee140f1afe21b51c88d110eacff0c7084faaceb676d8ff8ee158e2ce37fa180d963994b05ef5e18f14a4184236e23ffb69763c95bd7a29549878e0b6a7157281de", 0x91, 0x5}], 0x0, &(0x7f0000000a80)={[{@autocell='autocell'}, {@flock_openafs='flock=openafs'}, {@flock_write='flock=write'}, {@dyn='dyn'}]}) [ 2413.516986] ? find_held_lock+0x35/0x130 [ 2413.521083] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2413.525952] ? memcg_event_wake+0x230/0x230 [ 2413.530410] ? do_raw_spin_unlock+0x181/0x270 [ 2413.534928] ? _raw_spin_unlock+0x2d/0x50 [ 2413.539101] try_charge+0xec5/0x1490 [ 2413.542228] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2413.542831] ? lock_downgrade+0x880/0x880 [ 2413.542857] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2413.542873] ? rcu_read_unlock+0x33/0x60 [ 2413.542893] ? get_mem_cgroup_from_mm+0x185/0x510 [ 2413.569366] ? __mem_cgroup_largest_soft_limit_node+0x500/0x500 [ 2413.575546] mem_cgroup_try_charge+0x259/0x6b0 [ 2413.580159] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2413.585201] wp_page_copy+0x430/0x16a0 [ 2413.589117] ? follow_pfn+0x2a0/0x2a0 [ 2413.592940] ? do_raw_spin_unlock+0x181/0x270 [ 2413.597448] do_wp_page+0x57d/0x10b0 [ 2413.601182] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2413.605865] ? kasan_check_write+0x14/0x20 [ 2413.610115] ? do_raw_spin_lock+0xd7/0x250 [ 2413.614374] __handle_mm_fault+0x2305/0x3f80 [ 2413.618805] ? copy_page_range+0x2030/0x2030 [ 2413.623255] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2413.627949] handle_mm_fault+0x1b5/0x690 [ 2413.632123] __do_page_fault+0x62a/0xe90 [ 2413.636200] ? vmalloc_fault+0x740/0x740 [ 2413.640266] ? trace_hardirqs_off_caller+0x65/0x220 [ 2413.645284] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2413.650229] ? page_fault+0x8/0x30 [ 2413.653782] do_page_fault+0x71/0x57d [ 2413.657592] ? page_fault+0x8/0x30 [ 2413.661128] page_fault+0x1e/0x30 [ 2413.664568] RIP: 0033:0x40db08 [ 2413.667761] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 d8 2c 00 00 8b 05 02 a5 32 00 48 8b 15 73 4b 66 00 83 c0 01 <89> 05 f2 a4 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2413.686663] RSP: 002b:00007fff63261670 EFLAGS: 00010202 [ 2413.692033] RAX: 0000000000000001 RBX: 0000001b33520014 RCX: 0000001b34520000 [ 2413.699301] RDX: 0000001b33520000 RSI: 0000000000001a07 RDI: ffffffff113afa07 [ 2413.706571] RBP: 0000001b33520018 R08: 00000000113afa07 R09: 00000000113afa0b [ 2413.713843] R10: 00007fff632617b0 R11: 0000000000000246 R12: 0000001b3352001c [ 2413.721112] R13: 000000000024d34e R14: 000000000075bf20 R15: 000000000075bf2c [ 2413.736055] Task in /syz5 killed as a result of limit of /syz5 [ 2413.742503] memory: usage 307192kB, limit 307200kB, failcnt 1901 [ 2413.749169] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2413.758771] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2413.775597] Memory cgroup stats for /syz5: cache:128KB rss:40KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:140KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2413.853232] Memory cgroup out of memory: Kill process 5114 (syz-executor.5) score 1103 or sacrifice child 03:45:35 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x60, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x40000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000580)="6676070000053c07bc337600361c405cb400000000000000005a1f648e119bdfba2bf06cbd", 0x25}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:45:35 executing program 4: ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000000)={0x2, 0x9, 0x4, 0x0, 0x3, {0x0, 0x7530}, {0x3, 0x0, 0x1, 0x8, 0x5, 0x4, "b2ee2820"}, 0x7fffffff, 0x4, @fd, 0x5, 0x0, 0xffffffffffffffff}) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000000100)={0x10001, 0x100000000, 0x200}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) write$midi(r1, &(0x7f0000000240)="dd6366e5fd238acc155268c4d8f8dac679d1c45f66f05728b32de53ead43d36349bef8e70ad23017465e008923e4165d88f6b5e7a5ef2bb62fbe3be31b544a0996d30644ad29423f28786840845a896d28bab8620eb02048111795a02726c6ab1605f613edbdad215be531597171a77211ae002f3a8b18e6c40a20c94932f0855cc21eedfce96dd8d63e1d9b5aff17ed41fbfaa449e8864fe6885ceeb14449ecabb1336b9fcbdd37e0541bcafef809758c5414c02f6342fd210b630ba4292cfe8be6eba7400992b20218d44e79577a8bfa950c601d1bf46ef69971592867e87cdceccb8b5c42524a580c0f9738d884d6eeb66c4995a087286d11c9ad2c7976", 0xff) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000140)={0x9, 0x35d0c799, 0x1}) syz_emit_ethernet(0x7a, &(0x7f0000000080)={@local, @dev, @val={@void, {0x8100, 0x5, 0x0, 0x4}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) [ 2413.898661] Killed process 5114 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2413.924596] oom_reaper: reaped process 5114 (syz-executor.5), now anon-rss:0kB, file-rss:33920kB, shmem-rss:0kB 03:45:35 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x800000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x20, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 03:45:35 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x62, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:35 executing program 4: syz_emit_ethernet(0x3f1, &(0x7f00000012c0)={@local, @dev, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "8ba876", 0x3bb, 0x2f, 0xff, @mcast1, @local, {[@routing={0x87, 0x4, 0x1, 0x20, 0x0, [@rand_addr="b15d7d92cdcec6c5ee0a9db393bf9f1b", @ipv4={[], [], @multicast1}]}, @routing={0x2b, 0xc, 0x2, 0x0, 0x0, [@mcast1, @rand_addr="f176deec2627cc4f5f2fdd9ca0fc1f92", @mcast2, @dev={0xfe, 0x80, [], 0x27}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @rand_addr="b630252b6f60aef8f196e1e981e38b85"]}, @dstopts={0x73, 0x24, [], [@hao={0xc9, 0x10, @mcast2}, @enc_lim={0x4, 0x1, 0x2}, @enc_lim, @hao={0xc9, 0x10, @empty}, @calipso={0x7, 0x58, {0x1, 0x14, 0x1, 0x7, [0xce, 0x2, 0x7, 0x8, 0x7e, 0x100, 0x0, 0x8001, 0x5, 0xfffffffffffffffa]}}, @generic={0x20, 0x9e, "6d168868cb1de7aeafad14f42c6e4ac4bfd79cb02d84cd0174d4592d16d4101c94044d97dc68f53f74e7b346bfbed85f8334c991349b53b05c247a66aa1a3c8a034b445a09e09e8919c75e86e093a3837c11808a2de94363e7d7c6b5f0e3ed6992584e4382e90cdd676a9eb722169c36f83b3e3eef3ffcf69e7dfbe332ccbe030ffd915f1dc68c91f5105e65dba846c36241b8149c6df9a774f1b79df669"}, @pad1]}, @routing={0xff, 0x6, 0x0, 0x20, 0x0, [@initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, @rand_addr="6211a90d4f36ea8a87516433e3b98b00"]}], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0xe8, 0x0, [0xffff, 0x7ff], "978610f6ef0442c23045402afcb1302ebd707c29ea2565d2bbf5a2c2c2e788f455c2e8aecf1fd8b18b461ffb4eb58e9f6ec5cf6039d73ab4baf2c771163b9f83aa0cec6a7c2e529405da2c75dfa865c4de36dd8a9a28b01beaa89df9336d61a0187c827b00ea840f0f013c05fe787fe36c9ed9e75c38249467e583f1e7a10ce36e7680e0249b4f0891dc50a59886de41f5d6817f29b637de3e38a7b8b504bec2e10c6ad95d0f90e01b7b513fbc60a76edbf8a8770c88514c55c7302d99c30144dc65c8997957264d6225e730ce2218a6b48b282ff4073464f82d6b5309f52bbfc39325f682a3d959"}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x800, [0x20], "1a0ec270328b28ede16e07a1c76ee5231d4e22db89f9ca3120345f802016053f"}, {0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x86dd, [0x5]}, {0x8, 0x88be, 0x3, {{0x8, 0x1, 0x2, 0x3, 0x1, 0x1, 0x5, 0x6}, 0x1, {0x20}}}, {0x8, 0x22eb, 0x3, {{0x6, 0x2, 0x20, 0x0, 0x0, 0x0, 0x7, 0x9}, 0x2, {0xb5f, 0x9, 0x1, 0x5, 0x0, 0x0, 0x3}}}, {0x8, 0x6558, 0x2, "9c2cf31e08db793e0a9315708ab734bf52312cd1a569d04b32c59738c0d0c9cb285e2730467253372a61f286f10ff2905128057f3439760c405c79b34568e73dce147fd9f5b1bc4ca6289121fed08b54853f20d4b2456241f200e9d6d5fce10440a9603c3c1cce2406d6ebc54577a5"}}}}}}}, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000080)=""/4096, &(0x7f0000001080)=0x1000) r0 = dup(0xffffffffffffffff) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000001100)='fou\x00') r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r2, 0x6, 0x15, &(0x7f0000000000)=0x401, 0x4) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f00000016c0), &(0x7f0000001700)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001140)={'batadv_slave_0\x00', 0x0}) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000001280)={&(0x7f00000010c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001240)={&(0x7f0000001180)={0x88, r1, 0x20, 0x70bd2d, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x5, 0x2, 0x2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e21}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @dev={0xfe, 0x80, [], 0x39}}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0x7ff}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e24}, @FOU_ATTR_PEER_V6={0x14, 0x9, @loopback}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @loopback}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}]}, 0x88}}, 0x40045) 03:45:35 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:35 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:35 executing program 2: socket$inet_smc(0x2b, 0x1, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) [ 2414.268082] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 2414.371039] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2414.385508] CPU: 1 PID: 5449 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2414.393270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2414.402635] Call Trace: [ 2414.405245] dump_stack+0x197/0x210 [ 2414.408892] dump_header+0x15e/0xa55 [ 2414.412623] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2414.417857] ? ___ratelimit+0x60/0x595 [ 2414.421765] ? do_raw_spin_unlock+0x181/0x270 [ 2414.426285] oom_kill_process.cold+0x10/0x6ef [ 2414.430804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2414.436376] ? task_will_free_mem+0x139/0x6e0 [ 2414.440897] out_of_memory+0x362/0x1330 [ 2414.444899] ? lock_downgrade+0x880/0x880 [ 2414.449068] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2414.454181] ? oom_killer_disable+0x280/0x280 [ 2414.458689] ? find_held_lock+0x35/0x130 [ 2414.462773] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2414.467636] ? memcg_event_wake+0x230/0x230 [ 2414.471972] ? do_raw_spin_unlock+0x181/0x270 [ 2414.476470] ? _raw_spin_unlock+0x2d/0x50 [ 2414.480632] try_charge+0xec5/0x1490 [ 2414.484372] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2414.489223] ? lock_downgrade+0x880/0x880 [ 2414.493373] ? kasan_check_read+0x11/0x20 [ 2414.497538] memcg_kmem_charge_memcg+0x83/0x170 [ 2414.502225] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2414.506739] ? __isolate_free_page+0x4c0/0x4c0 [ 2414.511338] memcg_kmem_charge+0x13b/0x370 [ 2414.515598] __alloc_pages_nodemask+0x3c3/0x750 03:45:35 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000100)=ANY=[@ANYBLOB="aa16aaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe9115000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e152e4860fd793e2d49b4ed68cde79f41dbd73a6f171f866894c127826e2c13c040c1c8ff34fb28379f434bfa39e03b2275e1e88fc8895dc9c0053fa545e7ad03ccc8bdeec11170b1387f45185bde3e4908b3796a71afd2bfc576"], 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4400, 0x140) ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f0000000200)={0x60, &(0x7f0000000080)="4fb4c74cfdbc2021216090b4da9dd0254b79ec7a3fec9366db3553eeff964722156a4a71c022027d8a87093335b194a0354a39780fcc1784080aca05e9f34ad4dc3390da51fb141efce680822c0cf03d28b96c2575fd5c82e45a165454170da4"}) setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f0000000040)=0xd4bc, 0x4) [ 2414.520290] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2414.525335] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2414.530897] alloc_pages_current+0x107/0x210 [ 2414.535324] pte_alloc_one+0x1b/0x1a0 [ 2414.539147] __pte_alloc+0x2a/0x360 [ 2414.542793] __handle_mm_fault+0x340b/0x3f80 [ 2414.547223] ? copy_page_range+0x2030/0x2030 [ 2414.551665] ? count_memcg_event_mm+0x2b1/0x4d0 [ 2414.556352] handle_mm_fault+0x1b5/0x690 [ 2414.560436] __do_page_fault+0x62a/0xe90 [ 2414.564604] ? vmalloc_fault+0x740/0x740 03:45:35 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000180)) syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa35c0970ddf38164216aaaaaa02b8dd604d89fc6b5dc7a4d843739d8c00403afffe8100000000000000000000000000bbff0201000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e3"], 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) recvfrom$l2tp(r1, &(0x7f00000000c0)=""/65, 0x41, 0x20, &(0x7f0000000140), 0x10) [ 2414.568675] ? trace_hardirqs_off_caller+0x65/0x220 [ 2414.573709] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2414.578658] ? page_fault+0x8/0x30 [ 2414.582221] do_page_fault+0x71/0x57d [ 2414.586036] ? page_fault+0x8/0x30 [ 2414.589591] page_fault+0x1e/0x30 [ 2414.593043] RIP: 0033:0x4006c4 [ 2414.596233] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 2414.615161] RSP: 002b:00007fff632616a0 EFLAGS: 00010202 [ 2414.620542] RAX: 0000000000000000 RBX: 000000000075c9a0 RCX: 0000000020000080 [ 2414.627826] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 2414.635130] RBP: 0000000000760420 R08: 0000000000000000 R09: 0000000000000000 [ 2414.642410] R10: 00007fff632617b0 R11: 0000000000000246 R12: 000000000075bf20 [ 2414.649692] R13: 000000000024d661 R14: 0000000000760428 R15: 000000000075bf2c [ 2414.677969] Task in /syz5 killed as a result of limit of /syz5 [ 2414.684619] memory: usage 307176kB, limit 307200kB, failcnt 1920 [ 2414.691517] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2414.699026] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2414.705799] Memory cgroup stats for /syz5: cache:128KB rss:40KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:148KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:36 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:36 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x68, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2414.732640] Memory cgroup out of memory: Kill process 5449 (syz-executor.5) score 1103 or sacrifice child [ 2414.743567] Killed process 5449 (syz-executor.5) total-vm:72588kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2414.757357] oom_reaper: reaped process 5449 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:45:36 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x40, 0x3a, 0xff, @mcast2, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x18, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:36 executing program 2: r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r0, 0x48280) r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$P9_RREMOVE(r1, &(0x7f0000000280)={0xfffffffffffffcd2}, 0xff7f) r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000200)={0x0, r1, 0x0, 0xffffffe5, 0x10000000}) 03:45:36 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2414.973828] syz-executor.5 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 03:45:36 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev={[], 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:36 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2415.080868] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 2415.132413] CPU: 1 PID: 6095 Comm: syz-executor.5 Not tainted 4.19.99-syzkaller #0 [ 2415.140182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2415.149544] Call Trace: [ 2415.152151] dump_stack+0x197/0x210 [ 2415.155799] dump_header+0x15e/0xa55 [ 2415.159527] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2415.164643] ? ___ratelimit+0x60/0x595 [ 2415.168541] ? do_raw_spin_unlock+0x181/0x270 [ 2415.173054] oom_kill_process.cold+0x10/0x6ef [ 2415.177564] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2415.183108] ? task_will_free_mem+0x139/0x6e0 [ 2415.187623] out_of_memory+0x362/0x1330 [ 2415.191611] ? lock_downgrade+0x880/0x880 [ 2415.195770] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 2415.200990] ? oom_killer_disable+0x280/0x280 [ 2415.206081] ? find_held_lock+0x35/0x130 [ 2415.210162] mem_cgroup_out_of_memory+0x1d2/0x240 [ 2415.215104] ? memcg_event_wake+0x230/0x230 [ 2415.219443] ? do_raw_spin_unlock+0x181/0x270 [ 2415.223955] ? _raw_spin_unlock+0x2d/0x50 [ 2415.228115] try_charge+0xec5/0x1490 [ 2415.231854] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2415.236715] ? lock_downgrade+0x880/0x880 [ 2415.240892] ? kasan_check_read+0x11/0x20 [ 2415.245161] memcg_kmem_charge_memcg+0x83/0x170 [ 2415.249859] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2415.254368] ? __isolate_free_page+0x4c0/0x4c0 [ 2415.258968] memcg_kmem_charge+0x13b/0x370 [ 2415.263233] __alloc_pages_nodemask+0x3c3/0x750 [ 2415.267925] ? __alloc_pages_slowpath+0x2870/0x2870 [ 2415.272969] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2415.277565] ? trace_hardirqs_on+0x67/0x220 [ 2415.281917] copy_process.part.0+0x3d6/0x7a60 [ 2415.286430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2415.291546] ? delayacct_end+0x5c/0x100 [ 2415.295548] ? __delayacct_freepages_end+0xe0/0x140 [ 2415.300587] ? __lock_acquire+0x6ee/0x49c0 [ 2415.304857] ? __cleanup_sighand+0x70/0x70 [ 2415.309115] ? mark_held_locks+0x100/0x100 [ 2415.313382] _do_fork+0x257/0xfd0 [ 2415.316857] ? fork_idle+0x1d0/0x1d0 [ 2415.320584] ? blkg_prfill_rwstat_field_recursive+0x100/0x100 [ 2415.326488] ? kasan_check_read+0x11/0x20 03:45:36 executing program 2: socket$inet_smc(0x2b, 0x1, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x2a, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) [ 2415.330659] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2415.335431] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2415.340198] ? do_syscall_64+0x26/0x620 [ 2415.344183] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2415.349559] ? do_syscall_64+0x26/0x620 [ 2415.353550] __x64_sys_clone+0xbf/0x150 [ 2415.357538] do_syscall_64+0xfd/0x620 [ 2415.361345] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2415.366541] RIP: 0033:0x45dd19 [ 2415.369750] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2415.388674] RSP: 002b:00007fff632615a8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2415.396408] RAX: ffffffffffffffda RBX: 00007fe2dbc28700 RCX: 000000000045dd19 [ 2415.403697] RDX: 00007fe2dbc289d0 RSI: 00007fe2dbc27db0 RDI: 00000000003d0f00 [ 2415.410986] RBP: 00007fff632617c0 R08: 00007fe2dbc28700 R09: 00007fe2dbc28700 [ 2415.418279] R10: 00007fe2dbc289d0 R11: 0000000000000202 R12: 0000000000000000 [ 2415.425563] R13: 00007fff6326165f R14: 00007fe2dbc289c0 R15: 000000000075bfd4 [ 2415.459386] Task in /syz5 killed as a result of limit of /syz5 [ 2415.465888] memory: usage 307200kB, limit 307200kB, failcnt 1958 [ 2415.472939] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.482787] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2415.489634] Memory cgroup stats for /syz5: cache:128KB rss:172KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:160KB inactive_file:0KB active_file:0KB unevictable:0KB 03:45:36 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4) syz_emit_ethernet(0x1b2, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tipc_packet={0x9, 0x6, "14ff18", 0x17c, 0x6, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @empty, {[@srh={0x2b, 0x6, 0x4, 0x3, 0xfd, 0x2c, 0x401, [@initdev={0xfe, 0x88, [], 0x1, 0x0}, @empty, @ipv4={[], [], @rand_addr=0x5}]}, @srh={0x2c, 0x6, 0x4, 0x3, 0xff, 0x10, 0x8, [@mcast2, @loopback, @ipv4={[], [], @broadcast}]}, @srh={0x3a, 0xc, 0x4, 0x6, 0x8, 0x8, 0xf46d, [@dev={0xfe, 0x80, [], 0x2a}, @remote, @remote, @mcast2, @ipv4={[], [], @multicast1}, @mcast2]}, @dstopts={0x5c, 0x8, [], [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @pad1, @generic={0x7, 0xe, "779b780a54284f8b3247f7801568"}, @generic={0x3f, 0x18, "2300635efc14753f40de03ec6c84bc72344c0b084ccd1d7f"}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0x39}}]}, @dstopts={0x3b, 0x0, [], [@jumbo]}], @name_distributor={{0x44, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x8001, 0x0, 0x0, 0x81, 0xec, 0x2, 0x4e23, 0x4e21, 0x0, 0x0, 0x0, 0x0, 0x1}, [{0x55, 0x2c21, 0x7fffffff, 0x8, 0x80000000, 0x2, 0x5, 0x80}]}}}}}}, 0x0) [ 2415.511416] Memory cgroup out of memory: Kill process 6095 (syz-executor.5) score 1103 or sacrifice child [ 2415.523811] Killed process 6095 (syz-executor.5) total-vm:72720kB, anon-rss:96kB, file-rss:34816kB, shmem-rss:0kB [ 2415.537090] oom_reaper: reaped process 6095 (syz-executor.5), now anon-rss:0kB, file-rss:33856kB, shmem-rss:0kB 03:45:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x6c, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:37 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:37 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) personality(0x8) 03:45:37 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xa087ffffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:37 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x70, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:37 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:37 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:37 executing program 4: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x10a81, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="f485de760d4729d9685c365d7add5fcb", 0x10) fstat(r0, &(0x7f0000000100)) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:37 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:37 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:37 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x74, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:37 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:37 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:37 executing program 4: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x100) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f00000004c0)={0x3, 0x0, 0x1, 0x6, 0xa6, &(0x7f00000000c0)}) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:37 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:38 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:38 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000080)={{{@in=@multicast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f0000000180)=0xe8) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000001c0)=r1) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:38 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:38 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:38 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:38 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x60000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:38 executing program 4: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x6, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f00000000c0)={0x1, 0x0, {0x5, 0x4, 0x5, 0x1000}}) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:38 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:38 executing program 2: ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x7a, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:38 executing program 2: ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:38 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x7c, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:38 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:39 executing program 2: ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:39 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r4, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r5, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) syz_emit_ethernet(0x3, &(0x7f0000000400)=ANY=[@ANYPTR=&(0x7f0000000300)=ANY=[@ANYRESOCT=r0, @ANYRES64=r1, @ANYRES64, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYPTR, @ANYRESOCT, @ANYRES16=r5, @ANYRESDEC=r2, @ANYRESHEX], @ANYRESDEC=r3], @ANYPTR64, @ANYPTR64=&(0x7f00000003c0)=ANY=[@ANYPTR64=&(0x7f0000000380)=ANY=[@ANYRES16, @ANYRESDEC=r4], @ANYRESDEC=0x0]], 0x0) 03:45:39 executing program 2: r0 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:39 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:39 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xf0ffffffffffff) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:39 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = socket$xdp(0x2c, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x3, r1, 0x27, r2}, 0x10) 03:45:39 executing program 2: r0 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:39 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:39 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x94, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:39 executing program 2: r0 = syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:39 executing program 4: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x40, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0)=0x9aa, 0x4) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x98, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:40 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x100000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:40 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:40 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:40 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:40 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:40 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:40 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:40 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000300)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e0bca8f52660429147fb6c0e6fd566e2b03e7d29a4d12840530456b4ec484b765b7b90d43229c2659"], 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x80040, 0x0) r1 = creat(&(0x7f0000000040)='./bus/file0\x00', 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0, 0x0) linkat(r1, &(0x7f00000000c0)='\x00', r2, &(0x7f00000002c0)='./file1\x00', 0x1000) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge_slave_1\x00'}) setsockopt$bt_hci_HCI_TIME_STAMP(r3, 0x0, 0x3, &(0x7f00000000c0)=0x81, 0x4) ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000400)={0x0}) ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f0000000140)={r4, 0x8}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r0, 0x4010641c, &(0x7f0000000140)={r4, &(0x7f00000000c0)=""/89}) 03:45:40 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:40 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) sendmsg$key(0xffffffffffffffff, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:40 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) write$tun(r0, &(0x7f0000000240)={@void, @val={0x1, 0x3, 0x3f, 0x3, 0x8, 0x3}, @eth={@broadcast, @empty, @val={@void, {0x8100, 0x6, 0x0, 0x3}}, {@ipx={0x8137, {0xffff, 0xac, 0x1f, 0x5, {@random=0x6, @broadcast, 0x7}, {@random=0x6, @current, 0x46}, "e30795ec4d7cc3e947fc604d774921333c422b02ed171bc1f4b8d8399675ab680cf7f08ea91f7f72ab70972505043783ac4ee845f1c55089de6d2421e1320bedda07a7a50ea48918f8282aa6d9098607fd40e0a9ddad4655ed7cdaf0dacdcd8294ec48027ae00bb3886312944f7e8fb807060dd70e00cf3a15e4f9644a1229fccdaab48f3ef90da27d0d802a9293"}}}}}, 0xc8) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x20, 0xff, 0x6, 0x100, 0x7, 0x8, 0x1, 0x7, 0x0}, &(0x7f00000000c0)=0x20) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000100)={r2, 0xde, "3aa6cf6c07885bdaa2e9ca6e0fb611d818a4a429e730a199237a4cde90d0574462f2b92dcfab835190df3b8dd959983f7f1454ade3c28577ad53ac6d2dd320c6ca37917ebc6ff95d3fd45cb1abaaf6e4aa50516c9e68fae0ce997518ca557b119865d87bd83752ac0de3e2710ef3f64d65bd984e12926b76638ef043b00b93e16eda8bf01320b24ce097137890ef7e1dcdb7a9ed5291075b8c6fafd57549ab9d48e83126e2b2367d1184f3284f142aac80b891be0522e8df00740b270f63c421d6764cb13ed5422b60f6b9aaab36ce0c779b8ec68c484b1a772bf8cbd0a9"}, &(0x7f0000000200)=0xe6) 03:45:40 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x9e, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:41 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x200000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:41 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:41 executing program 4: syz_emit_ethernet(0x1fb, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "7edc50", 0x1c5, 0x0, 0x1f, @remote, @empty, {[@routing={0xff, 0x0, 0x2, 0x6}, @routing={0x87, 0x2, 0x1, 0x4, 0x0, [@dev={0xfe, 0x80, [], 0x30}]}, @dstopts={0x2f, 0xf, [], [@generic={0x7, 0x5d, "44f650f67a34683de75031e3b4cf582de59bb5eb26f81b56fc1e8de4a0fc136e7735dd88b8320ce473683bea9616170421d9df78ecb0b8dc149100daf2accd4b8feee99ffdcf2f11385ca02179754d17c18b2c4d3e6a14a39ec5c32106"}, @calipso={0x7, 0x10, {0x3, 0x2, 0x40, 0x0, [0x2]}}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}, @routing={0x2f, 0x14, 0x2, 0xf4, 0x0, [@rand_addr="f078140568ae82e9916291a6d2a23c8e", @mcast2, @remote, @dev={0xfe, 0x80, [], 0x13}, @remote, @mcast1, @empty, @ipv4={[], [], @empty}, @dev={0xfe, 0x80, [], 0x20}, @mcast1]}], "77996cdb458f75f741ed5dedb7dfdbf00f5be2166722f4eba8826f73179c37bc75892947ca82809197ee3d91872a1cc6ce3c8bdcd7d1403590aa81a085f640a6541ab99e7c25edef274994fcd265d47a6e524411c17945ca4b798bc45fc7c543c85941066d656444aa12cbdd74f5f0596483c39793"}}}}}, 0x0) 03:45:41 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) sendmsg$key(0xffffffffffffffff, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xa0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:41 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:41 executing program 4: syz_emit_ethernet(0xe1, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0000043300000045c27c8137f94c2c4d76e072867ea85c6c04c4fc646430cf0ae58261a7a2b2fde70c520293df30563357f07369f8ac2a2882ccca3f59415e36ad431797d3ba3f2ed62632d7cb08bc0e476ec38b609888a99176720a48846e0da90ecdfe68f133fbf18edc3e36a0019e1ac24bbe055a2321ab1e40c62db4efc97ed207610a10f00c322145f26826ee2836230e6da0abffe2cd275e41b597a0c9ec37314d9b3f5dbe292fbeb96416d66026901b44af03a7fa5bfbc94c4ea45f4e71dcc651c91f83136c60099c9597a40c9276e0393d32"], 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x800) 03:45:41 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:41 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xec, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:41 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x0, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:41 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) fcntl$addseals(0xffffffffffffffff, 0x409, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000080)={0x40, 0x0, 0x3}, 0x10) syz_emit_ethernet(0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="a2aaaaaaaaaaaaaaaaaaaa8107c4a0357ac9034e0086dd604d898c00403afffe8000000000000000000000000000bbff020000000000000047000000000040018900907800000000fe8000000600000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e00000000000000aaa72af4394524646f81fd5c8dc2dd7f385f94f0102e5952c0b5e42779b8c9a1faacf5005b3249f2a11085b28d4914e5174060b54c29fc05bee8c0eb31f52664fcf746a3ed26c0aecc11f969bb3e4fe83b830b9b2843ab8b97beff3f9b20f71776a312e2f20069e32e095081b0e8da5179f0c3652b6cab14b8746cd1e78fde09f757de9d1bc411f50df70a3a560b683695997300"/285], 0x0) 03:45:41 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) sendmsg$key(0xffffffffffffffff, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:41 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x300000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:41 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x0, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:41 executing program 4: syz_emit_ethernet(0x3c6, &(0x7f0000000140)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x390, 0x3a, 0xff, @remote, @mcast2, {[@routing={0x3a, 0xa, 0x2, 0x20, 0x0, [@local, @mcast1, @mcast1, @empty, @rand_addr="61488fc3e95c08705e373f24691d1594"]}, @routing={0x3c, 0x10, 0x1, 0x20, 0x0, [@initdev={0xfe, 0x88, [], 0x1, 0x0}, @remote, @mcast2, @local, @ipv4={[], [], @local}, @mcast2, @mcast1, @dev={0xfe, 0x80, [], 0x25}]}, @srh={0x32, 0x4, 0x4, 0x2, 0x6, 0x28, 0xffff, [@mcast1, @remote]}, @fragment={0x6, 0x0, 0x9, 0x1, 0x0, 0xa, 0x67}, @hopopts={0x2f, 0x4, [], [@ra={0x5, 0x2, 0x40}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0x36}}, @enc_lim={0x4, 0x1, 0x1}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}]}, @dstopts={0xbf, 0x8, [], [@enc_lim={0x4, 0x1, 0xf8}, @generic={0x4, 0x37, "089211e7579210eee680933cad8e298b6e2963afbd5489f7bb50305d6f3b6cfb2d0f50c5d85583100560e96e231a76a8ab3c77f5c3113d"}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x8}]}, @fragment={0x3c, 0x0, 0x4, 0x0, 0x0, 0x15, 0x65}, @dstopts={0x3e, 0x28, [], [@calipso={0x7, 0x50, {0x0, 0x12, 0x4, 0x6, [0x7, 0x7fffffff, 0x1000, 0x90a, 0x80, 0x80000001, 0xef, 0x4, 0x2]}}, @hao={0xc9, 0x10, @empty}, @enc_lim={0x4, 0x1, 0x20}, @generic={0x40, 0xdb, "8ab861e2f46ee8967e6db001bbfa8ffd7aea9d91fb0bbfe5c15412b47450847437b325955c91d1f8eedcd4af6506fa2745707bcfadae598831f154272896eabbc0f99c92e6f3a83f079e2a864053600bedd347af73eef76bafdfda304419a3650a80345df505f69e040eb05a8329e7e6b69d4fa2f0a27d21fad481afb23f17fed5fd851467113105c284697999e6726e058186cc4f1d20ef1297061459e45230ddb8fe67c98ed3c2e234afd33eb4d5c0f3d997cc124da7937b9ef32300445f04a38b26160a8ed158406d70ee93dc9af5f735ae796dc4923ee11f6f"}]}, @srh={0xff, 0x4, 0x4, 0x2, 0x7f, 0x70, 0xbe92, [@loopback, @initdev={0xfe, 0x88, [], 0x1, 0x0}]}, @hopopts={0x8, 0x2, [], [@hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0xa}}]}], @pkt_toobig={0x2, 0x0, 0x0, 0xa7, {0x3, 0x6, "eed09d", 0x6, 0x11, 0x3, @mcast1, @ipv4={[], [], @loopback}, [@hopopts={0x3c, 0x2, [], [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x1}]}, @srh={0x88, 0x2, 0x4, 0x1, 0x72, 0x50, 0x8, [@remote]}]}}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = dup2(0xffffffffffffffff, r0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000000)=0x8001, 0x4) 03:45:42 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:42 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xf0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:42 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x0, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:42 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:42 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = dup3(r1, r2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x7a, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000080)={r4, 0x66, "2a3bf6271ff9e56d3bc1a5bb1c877ef60980174c3ba5ad2d1a612c387d16570dc98568350524244bb5e8335dfc8fa0ca5cb19639f827c4b004cc93df16b8ed728369f57e40b1a43abe6980bc487eef4466918a4cbd2dbcde61663cc03a42326575b87486b052"}, &(0x7f0000000100)=0x6e) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:42 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x0, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:42 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:42 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x0, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:42 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x279118eebe517a79) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000040)=0x1, 0x4) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) pwritev(r1, &(0x7f00000002c0)=[{&(0x7f0000000080)="ac9e1d3fab27ac662b0f68330f3b252bd07d33691286078b147a20c7074ffffa1e7f4185e418026ecc3c3432281d06090e30221f21e4a0e8a4f08be4d5ecf80df31b1268dfe2d8d5a4c5e999d941abf5b74ca6663cfcb4a94c008baafe45a5b5dbb9d022d84bb6e46c9c582e9efd97eefc2b0540ca37c388ab8b6d00d0c361888636b4fd096a5617b660d220592427e125029cb16c08d8052dc51d5a7842", 0x9e}, {&(0x7f0000000140)="6bf5a4bb074872fb09771ebeb4ceb6c0f1bec09c651e9fffb63512471d5322419659c9aebb7c2ff09a958c5aa2e8d6a8ee89fcad1bfa1faaa310c65fc4a9c800fde12d2af8e558965a2d2ba2e4a2", 0x4e}, {&(0x7f00000001c0)="862d891790aabecf624630cc83553fabbd32cdfe550cf3ed86c8dab3d5b4b6bb46b482715c30aeacee3ff76ac9ca9afdadc684d5702c251da4a4dc746f87b76b0bde9019f6724015f93fb1fe1786a8ddc701c7f8e673e2dfd50882b3b3978caa9d6194bb2434a274c1bdafe35a6e5575eb2dc829eafdc19d7383cc2a5fdb392c36fbd5c08fc9732ca7796b63748b2dde58b888b50299aafc8f7f2f59206489e77dd884365c99e40941f62c0e2317f21976d2972ad9e7b3af5377f7649194fe925b0c801bce04e28d1d6cef6e699ae5ba07811637d88dacb8bf39a6ce637dcf5792ca2b85fe80e8d97eecfce11e35c01f26862a99f353", 0xf6}], 0x3, 0x0) syz_emit_ethernet(0x0, &(0x7f00000008c0)=ANY=[], 0x0) 03:45:43 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x400000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:43 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x0, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:43 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:43 executing program 4: syz_emit_ethernet(0x5e, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @loopback, @local}}}}}}, 0x0) 03:45:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x102, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:43 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) ptrace$getenv(0x4201, r0, 0x100000000, &(0x7f0000000100)) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:43 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:43 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0x0, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:43 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:43 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0x0, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:43 executing program 4: keyctl$set_reqkey_keyring(0xe, 0xffffffffffffffff) syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a67024e9e"], 0x0) 03:45:43 executing program 4: syz_emit_ethernet(0xa4, &(0x7f0000000080)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x6e, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @loopback, [{0x2, 0x8, "d5f2c1e36282df65d22ee913ad0042a311f3483b4edea36b07bff94ce517052ccc6dc517cbb4cfb5ff78e2647b4ffe7a9d7d5b7bb21b93c2516036aae9488841224f440a"}]}}}}}}, 0x0) 03:45:43 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x500000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:43 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0x0, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:43 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:43 executing program 4: syz_emit_ethernet(0x238, &(0x7f0000000080)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x202, 0x3a, 0xff, @remote, @mcast2, {[], @dest_unreach={0x1, 0x2, 0x0, 0x1, [], {0x2, 0x6, "3bbdc4", 0x81, 0x3c, 0x7f, @mcast2, @ipv4={[], [], @local}, [@fragment={0x3c, 0x0, 0x6f, 0x0, 0x0, 0xb, 0x66}, @hopopts={0x21, 0x2, [], [@hao={0xc9, 0x10, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}, @hopopts={0x2b, 0x10, [], [@ra={0x5, 0x2, 0x100}, @ra={0x5, 0x2, 0x5}, @jumbo={0xc2, 0x4, 0x8}, @calipso={0x7, 0x8, {0x1, 0x0, 0x8, 0x3}}, @pad1, @generic={0x20, 0x67, "f8aab37d2c19e46d111fb9f38df17e6876071b7d5e6cb9e571d0fb3349a03ac29fa928984e64d324fcdb1d1d8641f04253dde9675942340a4b6f7000e710ceadf815608351c672839c80865f3d63181ebff3bd1dfde519df91ae75208b51fe9346595050c649dc"}, @pad1]}, @routing={0x2, 0xa, 0x1, 0x5b, 0x0, [@empty, @mcast1, @remote, @loopback, @loopback]}, @srh={0x2e, 0x0, 0x4, 0x0, 0x8, 0x0, 0x3f}, @fragment={0x8, 0x0, 0x8, 0x1, 0x0, 0x3, 0x66}], "c2765adbe5b9d70b91bb5634f0a9d7b11a22048d767877d052a92e2d3bc4b9f2aad609a8a2bee09a78c0b92598fd00412c99f660ce1bc2a8a638abbbc8d80c7263d7211a69baf9787b31f6b752d2e58f71b9ae03138d1c1f0c5fa3129ff2d6477d573da4ca7ada0eb62f7b32b1875048c7aef030b9108ba1fdd881e47f615304d7277c67b2378b44ccbacf7668226d55969fe67a31e55330c2a67acdcbb33ab5b80fac6968cb9e4f09459e2ad1256a7ef69d"}}}}}}}, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) fchown(r1, r3, 0x0) r4 = getegid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@loopback, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000040)=0xe8) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) sendto$l2tp6(r6, &(0x7f0000000500)="1c75b68bbb244b1fe44c9e72574ad7188e7bf66c2d4659ccea73e208973aa00323571047ee998c72377da0749ed70fd3f09742fe67346513a9363b360d1514336762", 0x42, 0x8000, &(0x7f0000000580)={0xa, 0x0, 0x0, @loopback, 0x4, 0x4}, 0x20) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) syz_mount_image$jfs(&(0x7f0000000100)='jfs\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{@gid={'gid', 0x3d, r8}}]}) write$FUSE_DIRENTPLUS(r0, &(0x7f00000003c0)={0x140, 0x0, 0x5, [{{0x0, 0x3, 0x1, 0x6, 0x0, 0x3, {0x2, 0x48, 0x4, 0x3, 0x0, 0x3, 0xfffffffb, 0x80, 0x7fff, 0x6, 0x4, r3, r4, 0x72, 0xe1}}, {0x4, 0x7, 0x0, 0x40}}, {{0x2, 0x3, 0x4, 0x3940000000000, 0x80000000, 0x80, {0x5, 0x56, 0xb5d, 0x1000, 0x3f, 0xffffffffffffff88, 0x823, 0xe0, 0x4, 0x5d9, 0x8, r5, r8, 0x6, 0x9}}, {0x5, 0xfff, 0x0, 0x4}}]}, 0x140) 03:45:43 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x110, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:44 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:44 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:44 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x16e, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:44 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:44 executing program 4: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) mmap$snddsp_control(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000000, 0x50, r0, 0x83000000) syz_extract_tcp_res$synack(&(0x7f0000000240), 0x1, 0x0) syz_extract_tcp_res(&(0x7f00000000c0), 0x2875, 0x3f) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) syz_emit_ethernet(0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="0180c2000001aaaaaaaaaa0086dd65b9a53e01650600fe800000000000000000000000000027fe8000000000000000000000000000191d0404023f30000000000000000000000000000000000001fe8000000000000000000000000000bb87000128670000003c0100000000000000010001030000000c08000000000000c910ff0200000000000000000000000000010730000000020afca10803000000000000000700000000000000000000000000000000010000000000000002000000000000000000004e224e20", @ANYRES32=r1, @ANYRES64=r2, @ANYRES32], 0x0) 03:45:44 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:44 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, r0, 0x0) 03:45:45 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x600000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:45 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x0, 0x11, r0, 0x0) 03:45:45 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) syz_mount_image$jfs(&(0x7f0000000100)='jfs\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={[{@gid={'gid', 0x3d, r1}}]}) setgid(r1) 03:45:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x198, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:45 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:45 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x0, 0x11, r0, 0x0) 03:45:45 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1ac, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:45 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:45 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:45 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x0, 0x11, r0, 0x0) 03:45:45 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000080)={0x5, 0x6, 0x81, 0x7, 'syz1\x00', 0xffffffff}) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x200, 0x0) unlinkat(r1, &(0x7f0000000100)='./file0\x00', 0x200) 03:45:46 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x700000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:46 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x10, r0, 0x0) 03:45:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e3d59394c8ef803f9f11ac59e2f61bb5802815c45bc492e1605a9e7f4d0bf12dee7ba30e27c2346d02a1820895fea0dcc1b8e7e25563995ecff6f0fec84818b2758693e162a7cfae9d25718a7f997deea2bef2e7eaf93d0ffdfc0060c96cb8dc020f0"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f0000000080)={'raw\x00', 0xdc, "3e306458b2c292d7b5610a5fe6670310d97d81d5b8eddb6b66aa1538f90a153bca3cb7ad979bc0fc49fda9ac6072f2811865d8a198b4dd51ff6fdd3186c0c003ec4a1d7d3c673641af74cf8633012019a040805ff9eb61bf3707cf1474d307cc92d2becd5927e9b6b85380395bf8907620574b44bd2a37351f176d6acf38cc27347c5fab861fee4a8e7d60483de230e7a2141dd0d2564c9a0970e2f0abf0fae0532fc1f42ee014aae128a68bd89c5682f8af4bdb0575eb0b802f9f94634c6f70e3f8055c0488ccba8f7b8e43435b246cf68369a8be82ce009156ed01"}, &(0x7f0000000180)=0x100) 03:45:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1b2, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:46 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:46 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:46 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1c4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:46 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x10, r0, 0x0) 03:45:46 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev={[], 0x36}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @ipv4={[], [], @multicast2}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:46 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:46 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x10, r0, 0x0) 03:45:46 executing program 4: mlock(&(0x7f0000ffb000/0x1000)=nil, 0x1000) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) syz_emit_ethernet(0x4, &(0x7f0000000340)=ANY=[@ANYPTR64=&(0x7f0000000880)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRESHEX=r0, @ANYPTR, @ANYRES64], @ANYBLOB="f7385db7c982d86cdca56d109d814c93cb130227f47fe6e08a3530384b756b826e87a720b2b0524c83806c5bb4495fc8a1713683ce5fca7001207620994c755d5b2a8a387d2f04982204b8bfa4d05d250a903fd0913a759dc07e96ec4ee66e47b09417215eaa9070b74d9ef250b09dfd62c367cb201df32fa8ceffe6c61a1476b1d54ccf377c219cc5c01069e7afb792", @ANYRES64], @ANYBLOB="506f26845b589581d2eb70e42d9960755091da77d3dddf1bbd226bfd3e1030464452c9def5e9fc83472aa90cb73d73d5a506c7570115d28efe0d2a5da8ca86327b40cecc51d243cf9b5b38fd2d28295e8d754ec2e899212f3e26a26ecfa442568ad581be0aaa898aacaf1cc77e4a5fa863e09d6b072b5fc2857ff5c6072b9fa8c579ac3094a59867786eeb1c24dee6acb845a47442b36900ad6fd405556680f9ee5fe3a24912711ab00a8d58ce627295ce0c1e1f67e32437ab59", @ANYRES16=r0, @ANYRES16=0x0], 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/tty/ldiscs\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000280)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x2c, r3, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_DOI={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20028080}, 0x8002000) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {0x0, 0x7f}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x9, 0x2, 0x7, 0xdc, 0xfff}) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x612000, 0x0) fsetxattr$security_ima(r1, &(0x7f0000000100)='security.ima\x00', &(0x7f0000000140)=@ng={0x4, 0x1, "c1b6920521b9ed874fde7188"}, 0xe, 0x7) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000200)={0x0, &(0x7f00000001c0)}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x10000, 0x0) shmget(0x2, 0x6000, 0x400, &(0x7f0000ffa000/0x6000)=nil) 03:45:47 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x800000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:47 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1e4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:47 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:47 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00c03abffe8000000000000000000000000000bbff0200000000000000800000060000000000000000383dbbfe8000000000200000000000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e000000000000000000"], 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x48600, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e21, @loopback}}, 0x0, 0x0, 0x17, 0x0, "df68c265ef8e9f0653e332ffbde91b58e8150c64282f2c7fd09ed3a625ce66a5d1cda98696ae43bf2e310d03916d6d4695a8cd76e73b6852132428d6b2bc415d5f4b624122e93837e6f742512582a054"}, 0xd8) 03:45:47 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:47 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:47 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1ec, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:47 executing program 2: r0 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000440)={0x0, 0x9, 0x1, {0xb, @pix={0x0, 0x1f}}}) mmap(&(0x7f0000ffe000/0x2000)=nil, 0xfaff, 0x1d, 0x11, 0xffffffffffffffff, 0x0) 03:45:47 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:47 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x200, 0x81, 0x25dfdbff, {}, [@NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @initdev={0xac, 0x1e, 0x0, 0x0}}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @empty}, @NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x44000}, 0x4c010) 03:45:47 executing program 2: socket$inet6(0xa, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0xc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x4000000805, 0x0) socket$alg(0x26, 0x5, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x806, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) dup3(r1, r0, 0x0) accept$ax25(r1, 0x0, &(0x7f0000000040)) ioctl$SIOCAX25ADDFWD(0xffffffffffffffff, 0x89ea, 0x0) setgid(0x0) 03:45:48 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x900000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:48 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video0\x00', 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, 0x0) 03:45:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bb000000000001fe8000000600000000000000000000bbfe80000000006d94b13d0000000000aa0203d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e00"/110], 0x0) 03:45:48 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1f0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:48 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x4000, 0x0) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f00000000c0)={0x9, 0x9, 0x20, 0x8, 0x6, 0x6}) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r1, 0x800443d3, &(0x7f0000000100)={@any, 0x8, 0x6, 0x8}) 03:45:48 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1f8, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:48 executing program 2: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f00000004c0)='big_key\x00', &(0x7f0000000380)={'syz'}, &(0x7f00000003c0)="748cd1e7e249353831bf05f09f662e", 0xf, 0xfffffffffffffffe) keyctl$read(0xb, r0, 0x0, 0x0) 03:45:48 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:48 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r0, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r1, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x81, 0x80, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r4, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r5, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r7, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r8, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r9 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r9, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r10 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r10, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r11 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r11, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @time={0x7, 0xf38}, {}, {}, @raw8={"ef3700000000c4f6cbb80194"}}], 0x1c) r12 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r12, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r13 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r13, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r14 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r14, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r15 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r15, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r16 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r16, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) syz_emit_ethernet(0x5, &(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES32, @ANYRESOCT, @ANYRESOCT=r1], @ANYRESOCT=r7, @ANYPTR64=&(0x7f0000000580)=ANY=[@ANYPTR=&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES64=r2], @ANYPTR=&(0x7f0000000480)=ANY=[@ANYRES64, @ANYBLOB="13f189a096a354d797b88ec8f12013622dc94279205a3f5c304683edf2a1f7075a0ce75fb9aa5af032d5aebbf15d8ebfbc179412f241be80d87f4cb16ab8c079295150a97447e2de545b90bab7e11fce21fcd0da6f4b1e2fe6fa71e4d9a91a63e789a6fedc8e203644daefb7d3c78c8bd00592a7126b", @ANYRESDEC=r16], @ANYRES32=0x0, @ANYPTR=&(0x7f0000000540)=ANY=[@ANYPTR64, @ANYRESOCT=r12, @ANYRESOCT=r1], @ANYRESDEC=r13, @ANYRES16, @ANYBLOB="1bdf5e0a78282e10e6d8d25c97afe7322b487d75cf8f0911e32067de2d85e3865a4f4bce36d40b1818826ffea8f2fbf9f081fdeed8c427369a851cc602a8e33875a39f4d5449d10ace41e5a63df2853d2538243e4d54ecdef4694d52b25997c5754a297ff59013c7d0a9d2028d3531a8933230a4eb873ecfea0fc0082bfad926fe0f14284784f509cc648cb4fc4d0687af6f720977629995b7277772d30701cbe9c5d6ef0f505c598371eb50fb4fb7ac5daf16f8f0170fd0f96cfaafd118558e73df79a4807c0d9cd39e6b753a8f7ff22624e424a40f56eb277cc02bfd0792d1746a23675e4c9515ea8c358c187aa065f21318c54935a895dc7ae860dd", @ANYRES64=r15, @ANYPTR], @ANYPTR=&(0x7f0000000700)=ANY=[@ANYRES16=r2, @ANYRES32=r3, @ANYRES16=r4, @ANYRESDEC=r9, @ANYRESDEC, @ANYBLOB="76364b0d10a3a32e53670b09b721acc97cd74e67a30b3bb3c12e1af304b08e089d7a88e2f50afaf66ad27e049ca3cca206b71d2bded95eb55b664951e38122450045657ed670546fd1e5dab8e6273a6f4b00", @ANYRES64, @ANYRES16=r8, @ANYPTR=&(0x7f0000000240)=ANY=[@ANYRESOCT=r6, @ANYRESOCT=r10, @ANYRES64, @ANYRESOCT=0x0, @ANYBLOB="1b006d7cf090b44b5049c6dd8f16c4b13b62e9035c79b5fab8c08dcd0b3f5661664c9365211d14cb94641d6aaa6bdc8cc27ece588c2c1602f7a0978bd2ed6988cfb6151141adb981586af93bdaf1ad187f22974069b774656d32281675ec5631fca847070e37148b03293b689bc9b8ab40090122ee360300000000000000919173144c79581d3b8e6d1772078779f13b64a4abb608e08e709d11d16609a8a0df4762b49d5fe9e4d9ceac6b7758303b0ea48230a9fd3ae0ecf845dc09004ef41a2c", @ANYRES32=r7, @ANYRESHEX=0x0, @ANYRES16, @ANYRES16=0x0]]], 0x0) 03:45:48 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000280), 0x0) epoll_create1(0x0) 03:45:49 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xa00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:49 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:49 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) 03:45:49 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, 0x0) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000000)={0xb, 0x77, 0x2, 0x8}, 0xb) sched_setaffinity(0x0, 0x3d31, &(0x7f0000000200)=0xa000000000000005) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002e80)={0xffffffffffffffff}) recvmmsg(r1, &(0x7f00000038c0), 0x3fffffffffffdf5, 0x62, 0x0) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002e80)) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000028fc8)={0x0, 0x0, &(0x7f0000019000)=[{&(0x7f00000001c0)=ANY=[@ANYRES64], 0x1}], 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2], 0x14}, 0x0) ioctl$KVM_SET_TSS_ADDR(0xffffffffffffffff, 0xae47, 0xd000) ptrace$setopts(0x7abb990919170921, 0x0, 0x10001, 0x111) ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000a00)={"c5c48455550c5f15d6a1e54e8434d392b1ee8ce0d8cc789e6f9f5fff37ea66e3ca2631545d2fac4abc17eb7ac022137c40ce9850330e934af106b6d2b7b23ab19ac6157f94543f7759d7d90386c0a66d13d3e29cd3c6af3aacf0403dfd57a8f8135dc35686b0919abd7055617083c2d27e3b8f482c0f739c8d5b6b8550e111346a569c4ef7974920a0d7d047f3aa354d1ecdd6032a60c603c404884d346b4f5f2a11da56be949d0f7631fc8cfaaad5c4a62696e3e255e89ea6a55cd3d7c072f17a1259489e5c8c35e774bdf939b28c750dbbcabb6f8243e7ddc524c53053d507b8d8841c66088bb387c003a38c6b56c6d3943436d3bfaee3a64f70cf0786eeefcb20c20d6ccab79d6b56c389e2c2036dd59375fcdfc5c64ed37d249442e633724fc2a1c05ceb01c61a1ec83aa77af2a86431dbd70b1f57d83b558d5b7f991e59e4de3d94ecfd0d1ee35e28b03fc0c4edf919b649dbe0bee545c8a523de067f6d4c93585430d396a84a8128244e7880b3fb27d3e25bbdae3248a60f3835a8e5c1b8ec9054f0b28c3b8f3bb8805756908d313f77fe38934b57b1626bf795f20ded88ac5593dfd331d6ee199ae59864a789c50a0716705a5066680491ae4865f94eb777f1af9cecf98eba79e57ba4f056fc2faafc2b6b876323a192fad3e9e2328191df6def6cc8a74e7bf7032a69810371780f6035b205461f06194bee219f01225d7770067d4b8368b6e76cad966e9c68b3fa9129196dc06422e56a72c96dd97c436c97fc9c0fafbe9a70db131c4ccc0c16e37b3dd16b47c80c8dbf457f5eeb2a0bd1bd121d55092b7a421af41520af3a14d021ac7a5b687be522b7077604441a420679cc1f7dc60c6a7a9c38d5cc925f45180bf6c3d03296df35e80cee74a9d5112ad31d9f73a929f26ab98b78034136f5c780db45f6685ef241766a1b1e6b1022867fee580f6d4edd7209d80a69d5a9c14f5c8f40d0146fd345c293f8f528fd0f769ba1d3e1afb2d7ecc7642d84f5427bc7eb8d3df8587fdf9c8a1ae6fb8da5f4c7f41dcc4357aa174bc748f2b7b936acf1a571b37051f582e64662547b5b5a300dad70abe401d31ab0ee0f954836e504b2600fac22a7563f765a5e28a9c8e5070f87c7108d2bba9dd471e07f853794ecc5b07ed9613474efee45e3cbf4d1e8731f6f2fc4916eeb5477e38618149221fdcb7fa0b96dc6d93300310ac036e2bca6de88be17d01ef15da72524dc3c3414aeb8035892e6cb9a8a8e0ede1f083fe121e6d968e2c5974db5a86f9087e11c0e07ed02df3cf64be47e80c63925975d2514335b6cd952154bbc1bf2b52adf0c6529d9d05acf16f5b2178395e7df8ad6223d19a38d63d6785ef1fc69100b79a92325e358f75f8213f858e725fc0c1246ad2f0c1cdb3fc933e7ba971de2707689bfe56cc62cb0179b090d83435d3b00"}) openat$audio1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio1\x00', 0x81f403e8956afdaf, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x5}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000280)='./file0\x00', 0x40, 0x150) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fanotify_init(0x40, 0x2) ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f00000000c0)={0x8, 0x8, &(0x7f0000000e00)="2ae068d7a72ce05a7ae03b38177916a72bbd8d352042c53c0e1f882d98583a2fa5bbbc18d832de4d33382ed02cbb6d472da488b2f3014d53bb9f1709254a0b20b3504842f1e0575a3b83c82b708f8c1dd52874c559b85453288750dbd818c8d1e0be622feb88f68163f2b2ec562c68e3e89ab67e4905957eb5da563c6d6806465af06f9a62de61e81325591d87dc781dca4ac96d850b4b6d3be5f794e85a389fde80b55376cb2111c70f9a6cb024e3845d15ccc065cfb26c0155913f10e96ca9c6d9dda4938defb1b15b585971e264da2ec089aaa85548be0dada5ea0f15621fc5bc9eeee0c76fd10785851c6507c1f4b170b8927033d7059ad32a37a22e0214ac76601448151f4cb37916570385efe64bbcfd801de2c1d6312b5781c9bae3790e22dacb0e4647a5dea40b613243806048e714e3fe7a8b4f80b28e3fa7fd56eaaced38637761196a42bf9510b803869739f0b0afb7d811a44ba0f559313c4c6f817feaa8fc7f5aa33c910b51ca1567fd8cf1076e7005224473ddbf163e541e02af05658a95fbee5215d6f78058a5458a959a1b198c7960d7913284688919d3487f56fa6ee454471f38674cfe264d286fce9f7c462d5aced4d8e1a7d8c56ed389d38822d9a4a51ae6ebab3669b4a3f8b00025b7c061c023d9514f15c21cdd23bc047a26e5d8ca10937ec440cf46dcfa001b0b7bc55e3897f6191cdecc966b1aa9b6695fdc6831a17b64be350750f5057ddb5723aded55c54a254cb3844826f3d85cf9b89f5636b471335615fd92d95ceac76624a8eaf89c600b003cf7bb0153dd540366a4836da9cbaa65b1692332c7e4e691f443349a9952b1208a61075a2db178a2c758dc98338c8487d90dd247e4772c0eb50beac2bc69c3c5bfa4aa04450db84809dfa14e52567ca2adecd2ab9c4ca737b8598ce34fa9f12cdf1dca63c6f9dadddd0cf9e4d49c5a595df5f81637a971f31b542739a76fa789422516ef1f092e31ce67cf23db32c78acdfd052d52bb238a066bdf3924cfc041e7a3d1bbe953a16fbf199ec3a936feaa6d9d9e95fbed07cee8abf023384c79765929297e7cd980d05ef1917f4a5e06b3888ff07af078be8329c4ab1b9da3d0f5fe46f1bc9fcc57b8fcb63adc0676a67ea62566ac012198e6a461f59ff4c11fd9412413f4f821a76554057059c9a3e5911da1ff7df6054d0d95d7d75b73439fd49c53972547745b46a53c5954e74dccc8778ee6f641786d7623e53a9e6e64b7db08a3c8b5c1f39a07dac35131689b0dce27f1e72a658df4cd2b085a2d9ed2090be254e928964839df9a2fbaa64d9268873d972051fbffea8b8d95e50b88203c50b38e314485b8295c9b18d482dce401b3da0c3a7eecabfb36a03e6df1684f0f86a10c51233002c189149b67ce8b39a5b8c2404917467eedbc884c93ff9b3b688312f6b672de7a44023dcc00384370b3c674807652ee4b78fd178c4b6054223fad8c4dfec403c300e05dce6ac601884f065eb3e9e96d9ff10e795e775eb657c6bb40c3038a69059cbfcb7c2b0533738660a987010ef5142c222bb33e0750e3bfc45db30d1926ac6face9fd0879d6d802d5dced499ca322cb7ef493911e9f0c99804cbfb4dacf9d7226167a1bee10a2bbccd99b7c24a08959bfafc4bced91739c4ac6e2f33a08ba905b71af7603f94838ba740587b10c7cda2d23cfca54f8ffb2f3e844f14d0274a2b2e3692d18970da7155d86d616bcb2c7de6785db90eba0a9c05785117f8ba5f40415418dbf47e4f2bd7273b8ee6fd73a79e2a17eb7777d6584d58ca30f11215bcbc88231679bf594c5780b0cee1c506d5f566406a7a8eafaf5eb8b70965c1c7c4765e7b027921bad0dab927b5180274e074c3d078f95c2ca36aa306ed23c0e0eb12817222194b5013359df59fe7771d3856bbca06351aceae08ad2067de776e58b13bc328865569748544e2efd92e43099719518a51da7cd001ccdaae868fbdbc8352f709795458a40a5b36cb5fc688316870b1910b02f7bfcf1ec90754547efaec41f1d85917704b9ecc55fe94055c72632490ae946981cd40d0b2bce2568c380697c24b1a1c4c72981cf3b32c670ebc5981e089c7d4fe9b0b8253c970956b9a1a2b9b7432cf96ed0b23eaf760d80721f0c706e2b9250f0d4115b9b4e36a9b6d5a99d47cc49e004a21cf6dd9f0ffbace960ad8dba87d8454853aa4f92a745ac09782ae7e38ca99ed402260a5d4257521c86d2d91877a2a24f19fdb5ab5341b063a3b30b93c83b7b8d77f448b5502aca97febb17bd5cfd38142a10523778bb7310526bf4e3d405735f600125f4c85f73fd185f1c87aba5042396521232c192c58e67dc5b1a2e6cae2cb305b617885a095426ad8d27ee5b01cb04a93dd6bb98274f93b3114c8437902584f3fa858a726a1a6103276d68513c626df9df8696af01b1233ac2e1c1496ef8c257a8cff1f0e6b714fb9ac3bd3b4414e935a90ad03897013fb30d183e391cc24b3449dc21621569655ea648b6c84334b3a679b8309edbe3cf83736774ca0b64d9990ca8ca11d6d9a473f23fcbfcd3ede60e44e013b1ae8f528dc625c82feda3ce29c00b456e24148e53bbd2833569f55913a59502365b685e139120fd695f14c2d1eb25828dbb9304226b82112dc050191a0459d6acf593192f22b2b3f1c2b11f36fe6e87e61bca7558139ccecefb5eead197811045a7d8e5c887afa259b3b0b511a492590f9a11cb6f6bf1dcf9a3595c22d7f326960c326c48ce21dcf08e5aaa5da7b5478e1d920b331763f96e171af78b70e1fb6ffe7ed6948c8dc4ff9990b19bf6716ac74873473ce0e0888f498ac66c4011cacdb81ce684923009477beac755eba572544f1e0c58c4bd48ba350eafdbaa8f241011da8983e438c0bb8130f9128fb90df8c40e2cd96cba00909e1970056831108e914056c8259304922554bc22410b51fe7746ae5a2a4374b1dfa6c80ac1c961ff0fc6cd4596e7ccf1061c340989b315745668d8cd3f2471ed3d71705e2022ce396265314beeb46315d0dc47f7ba145583955640a7eaaa8bf939165b6fc9a5b434f093f45c3b9f466ca3fd84f42ed9d863612daabee0fe5144a8cdad6bbcf7d40a723dc4d602332c57861a4da5d7281df02e0aed84062b1e1505b86afd942071bb9f6ffe0016eb686ccd781b1d8039416f6d16ddf31b3732c9232fe3c4cdb7032f55b04fa3560f4c36bbfd907c84c86cd422dfca74ab818b0a128093052ba63e99a3e3d21da449f4d8dfba01a96134028f2a73ddb0f14d89fc1eee29d99826690faae849efbb2e036f89617018d45922f746a53bf18ce2ce49a70e8a662c1244e800b6fabb73687c91742bdb11e7e32c77687525748e4daf1026b9c2adc2b952f15825eb4b34b3ee7c51170a7d07eb33a41307d9238bbab03602b7eb8cd8cec50413e8e407ccb2d9789c07401c7a0f13d8487ee7af2fbed5af61fd102a8a310f34cbc0413cdfdd68b1596a9e99903f85909e775f2f591361eda8a03552ffaed41383483a0f37b91ce1c724ef696c1c078c8515c8119de5ba63cbb849b29e917ee94852df65a2be90e679d941875627c79e40211fbb953308ef90181f6770aa5f78068e28989588711a65bddd3bbb73355c2caf16e9809eb70cf2d746718b5da4000d0108693eb64d238dd08a204a03edb282f2242acf43bd4cfa4fcdb0299f26db142d2acd21952a4a336f64760c9e6693070c0fbe78bb22b29f230685a00cf33e52f2f80aac4f09314020cc5267cfb2170084fe580635438d95c11d73ae1779c5e569d0feb7904dd68bbfd92c9729cd3c4ac1430e4a4164b91f641202e5dc0e239f15c47e97fbb0dbcc950799dea0a5659da48d806050caa522c9c9bfbb5e78e7f5d0c34ee4bc2931caf098ef6654326a69c4ef25bac2b356f82394b90e2050f720797203b1e3515e6050ad778b77f4e016f211c063f40339b32744fd7f2b313adb05f721eec28b8f09ddbdf78f8e9a8d83f3122ec4b49e77d2d0ba725b2c2ed4cc2baf2dd5e90a85840ef4c6aacdcc1117ebf423a1717f7053709458d74e334362d2957b391b7a79498acc5179967349bbdea1d64faca03dcac7748f1c4b380977d92ab3076d93016da0cd68b9a39b1db12fa3ea57364c282069f96578d1df5cff4973b98709a5cdee06d9f2cdd10fbf6a205a5ce186d9f4e51526053fdb11cdf3447cb676c7d2d8e5fb76f9e512537799c58953cb460bd6958e43c9533192fd8a89efc2334fcd1cbd2d46d0aaef038befcef44f0895f32ce9b57c70bd2c5945524dcbbbd7943a4f5d383f0ec822f898760829a1c28793b35c717a37a89bacc0a0572ff09dcba55da452c1d53d04bbd0b13b35513550af34303e30bca664a11ed5be0349e8e196669bc239278e62b8b4ea943c4d12904cd53dcdc1935728b61464f75097e23257f94a94f8ea7f9fec7364818d2baf420a0a9169f23cfcd80f79d7e377375fc1c605fba8022f0351a764b88dc2aa52bf7986d9b41259c55ea3a81fba99e1a0a559d9f8ab8943696683624e247343fd44569f1dbcb70391f4ad23ec94ee7bf20bd10d63498c32a4a56f19d90203f571997a71fcec801705d850a56992cf36a3d5784cf662e0ab990548928289e1f5f777dc63dddaa0f5e823b4e8f4bfcdabdf556b7eebc2e2139a8a68a306955b16fd3b4e5ab4703b25ead64698ae3b86c09d72625f49630a59d84e0149642dd790406871c7276d117c34b5ebb1a07589190e5e827924c82d9611d8cf0be3c5e3bd0b9b378e89307b4847de59d92e5c98ee3064eead25ea454d0b4b08cd0775b7b38be56b0a218f927716b0d9c7795ca37ced3bd114e84e6082cb9766926dea113bebfd3899d6b51a5e5c3226748f68bb97945c44fe95cd7abc27916fbb9314dd3b522016ac498c0361929ca9e534e4a0ad5e78bea029e90d3099053d68028d6b3d2893499bd5d8d9a87ddcafe6f203b60b62059be812ca543abaa1f602d50c7c276ceffd99b5f0c7587c786247dcf54368ff9d45cb69b7cc6dc7f7e31e094f1cae32b94a519412c821eeac575ce8824cd2decf1433552a6920373e4ddf5d378e5207a849f8ed8c2d5e8a6a4c8bd253ef0bdf0e842ef46e3ebb6c3741db7f94c492ae018a6b2ea139ebc26a1d2259af81bb5246ea95c7c83e436a4077d0e158fe5b75c4174b1ea022eee8b70ba9243765557f30430f5ce265cf7bd1818b03aeaed8cd9c6f0152180a07e66cb53c517034f91c8263d45b0fdda8c115e61009ccb5ce28e03182cb5660d2e5dea6d4b2e3abc06daa196041417782007e0f0e66c20f4fef69824f091b260a09a87e144b79c4cafeee994443d708ddfa25416874b5ae08cadc8b749c242419985e4916bc6fee1cccc6c8f5443f3430bfffdab16c503941ad553c628721bb5e61741bcfb3f7ca0fba03c7ad9a20446cc75ec5315eeb78bd6b5941101fd6426ff987e4b7712c6e322780f5405ace38c664d2fdce15b449e782bc716209956426de2020359a4d40a4e81a80762e11b4d3762b0e24b8b4c67ef7a0a19f0502ee291ab1d8260b68189bcdd82460ae29fafb3de90170d6fcc8a6bdf0f76a7c6d5f9984678221008dc7bc374f1594ca80ae1cdfb6789901352e40955410ed04d75724871aee146da1bbe632168e576d11a36c1deeabae4a6a9736a6d8b43bf0d3b98d33da46886b093ffc8ac17d6b9d6a9df1a1703becff5cb4b0c737886ffa5d36640f2099d1d02f4d42640fda204117e14bab081add2a9aaa403de273128247a1c6cc69e50f", {0x10000, 0x8, 0x31364d59, 0x0, 0x800, 0x4, 0x0, 0x5}}) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000180)={0x0, 0x400, "116887", 0xfe, 0x81}) execve(&(0x7f0000000480)='./file0\x00', &(0x7f0000000840)=[&(0x7f0000000600)='(\xe0\xf5\x00', &(0x7f0000000680)='/dev/loop#\x00', &(0x7f0000000440)='system\x00', &(0x7f0000000740)='\x00', &(0x7f00000007c0)='\x00', &(0x7f0000000800)='.cpuset\x1c\x00'], &(0x7f00000002c0)=[&(0x7f0000000040)='selfposix_acl_access&[\x00', &(0x7f0000000080)='/dev/loop#\x00', &(0x7f0000000100)='\\}#(,\x00', 0x0]) 03:45:49 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaf1c9c0bf9cf0aade86dd604d898c00403afffe800000c8c5baca11d439b980bc9ee59ba3920008000000000000628ee6c5e4d48c580000000000690b9a3084e39a015adc89eebccdf33a0000000000000189ff907800000000fe8000000600000000000000000000bbfe8000000000000000ff0000000000aa3cf1d5f2c1e3628225bdac22a1431bad5a8f7867b0680b6d4bd988ad2337ae9f2b68f10e1a0fa89beec1b5fed58a288330794c0b978d07cee6b5ed44ad7645fff17ecca570fa5901ee99ea99c09cd3deaac3fb8b35d66dc29633919c5d22ef6e813497e79cbd10d064f91834c3bc7a8843a0bf1924eaf3bd2ea084209b75f471d8eadd0523f0f9e1571176951d4856f18f8255425f74967023f1bcfed0bf382679051285fa54338ebdfb6c22481b3ebbc2c9bed3c0f284"], 0x0) clock_gettime(0x0, &(0x7f0000000b80)={0x0, 0x0}) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000bc0)={0x5, 0x2, 0x4, 0x80000000, 0x7ff, {r0, r1/1000+10000}, {0x5, 0x0, 0x1f, 0x80, 0x9, 0x0, "52c420ff"}, 0x1000, 0x2, @userptr=0x1, 0x4, 0x0, 0xffffffffffffffff}) getsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000c40), &(0x7f0000000c80)=0x4) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000040)={0x1, 0xb, 0x4, 0x4000000, 0x5, {r3, r4/1000+30000}, {0x1, 0xc, 0x7, 0x6, 0x9, 0x6}, 0xd9ba, 0x2, @offset, 0x101, 0x0, 0xffffffffffffffff}) ioctl$SG_GET_REQUEST_TABLE(r5, 0x2286, &(0x7f0000000200)) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r6, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r7 = socket$inet(0x2, 0x4000000805, 0x0) r8 = socket$inet_sctp(0x2, 0x5, 0x84) r9 = dup3(r7, r8, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r9, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r8, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f00000004c0)={0x7, 0x0, 0x1, 0x5, 0x5}, 0x14) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r9, 0x84, 0x7a, &(0x7f000059aff8)={r10}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f00000000c0)={r10, 0x8}, &(0x7f0000000100)=0x8) r12 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r12, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r12, 0x84, 0x70, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e21, @loopback}}, [0x0, 0x856, 0x1f, 0x88, 0x3, 0xe22, 0x2, 0x8001, 0xfda, 0x4c6, 0x7ff, 0x1d46, 0x2, 0x615, 0x6]}, &(0x7f0000000600)=0x100) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f0000000140)={r11, @in={{0x2, 0x4e21, @local}}}, 0x84) 03:45:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x1f9, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:49 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x201, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:49 executing program 4: r0 = msgget$private(0x0, 0x100) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/242) socketpair(0xa, 0x6, 0x58, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) bind$isdn_base(r1, &(0x7f00000001c0)={0x22, 0x0, 0x8, 0x5, 0x9}, 0x6) syz_emit_ethernet(0x76, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "4d898c", 0x40, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, [], @remote={0xfe, 0x80, [0x0, 0x0, 0x6]}, @local, [{0x2, 0x3, "d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"}]}}}}}}, 0x0) 03:45:50 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) 03:45:50 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2428.723514] ubi0: attaching mtd0 [ 2428.784912] ubi0: scanning is finished [ 2428.796358] ubi0: empty MTD device detected 03:45:50 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd604d898c00403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbef0100000000000000000000000000010103d5f2c1e36282dfc7cd13ce613842fd97e84a673b4e9e"], 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg\x00', 0x511000, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f00000000c0)="da1d46032795c5423d01cc897b25954f", 0x10) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x30200, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) write$sndseq(r2, &(0x7f0000000200)=[{0x81, 0x5, 0x0, 0x0, @tick, {}, {}, @raw8={"cdc7b7aee1eec4f6cbb80194"}}], 0x1c) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r5, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$ARPT_SO_GET_INFO(r3, 0x0, 0x60, &(0x7f0000000240)={'filter\x00'}, &(0x7f00000002c0)=0x44) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x7a, &(0x7f000059aff8)={r6}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={r6, 0x8e5}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000001c0)={r7, 0x3}, 0x8) 03:45:50 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) [ 2429.153928] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 2429.189490] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 2429.215075] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 2429.260014] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 2429.266904] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 2429.294839] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 2429.304545] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2609136531 [ 2429.315511] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 2429.327482] ubi0: background thread "ubi_bgt0d" started, PID 13178 03:45:51 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xb00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:51 executing program 4: syz_emit_ethernet(0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa05aaaaaaaaaaaa0086dd604d898c00154a84f3f0403afffe8000000000000000000000000000bbff0200000000000000000000000000018900907800000000fe8000000600000000000000000000bbfe8000000000000000000000000000aa0203d5f2c1e36282dfc7cd13ce612342fd97e8"], 0x0) 03:45:51 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:51 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) 03:45:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x224, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2429.772065] ubi0: detaching mtd0 03:45:51 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) [ 2429.795848] ubi0: mtd0 is detached 03:45:51 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x27d, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2429.889483] ubi0: attaching mtd0 [ 2429.947953] ubi0: scanning is finished 03:45:51 executing program 1: pipe(&(0x7f0000000600)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:51 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2430.288423] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 2430.303773] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 2430.313921] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 2430.326741] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 2430.336565] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 2430.350903] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 2430.364747] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2609136531 [ 2430.377454] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 2430.395792] ubi0: background thread "ubi_bgt0d" started, PID 13591 [ 2430.405657] ubi0: detaching mtd0 [ 2430.419122] ubi0: mtd0 is detached 03:45:51 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) 03:45:51 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r2 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r2, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:51 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) [ 2430.622113] ubi0: attaching mtd0 [ 2430.674240] ubi0: scanning is finished [ 2430.919036] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 2430.931876] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 2430.947464] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 2430.954396] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 2430.967295] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 2430.973979] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 2430.982955] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2609136531 [ 2430.994294] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 2431.006808] ubi0: background thread "ubi_bgt0d" started, PID 13930 [ 2431.017053] ubi0: detaching mtd0 [ 2431.036785] ubi0: mtd0 is detached 03:45:52 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xc00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:52 executing program 1: pipe(&(0x7f0000000600)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x28c, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:52 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r2 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r2, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:52 executing program 2: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0\x00'}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000946fff)={0xffffffffffffffff, &(0x7f0000fd1000), &(0x7f0000f0ef40)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(0xffffffffffffffff, 0x40046f41, 0x76006e) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r0, 0x40046f41, 0x76006e) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYRESHEX], 0xffe8) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f00000000c0)=""/170) timer_create(0x0, 0x0, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x4, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, 0x0) fsync(0xffffffffffffffff) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x76006e) 03:45:52 executing program 4: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x103, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000000c0), &(0x7f00000001c0)=0x4) [ 2431.316744] ubi0: attaching mtd0 [ 2431.372840] ubi0: scanning is finished 03:45:52 executing program 1: pipe(&(0x7f0000000600)) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write(0xffffffffffffffff, &(0x7f00000001c0), 0xfffffef3) 03:45:52 executing program 4: 03:45:52 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r2 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r2, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:52 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x28e, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:53 executing program 4: [ 2431.714417] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 2431.725306] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 2431.743060] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 03:45:53 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2431.759507] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 2431.784811] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 2431.805394] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 2431.840549] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2609136531 [ 2431.852896] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 2431.887286] ubi0: background thread "ubi_bgt0d" started, PID 14313 03:45:53 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xd00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:53 executing program 4: 03:45:53 executing program 2: 03:45:53 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, 0x0, 0x0) 03:45:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2a4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:53 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:53 executing program 4: 03:45:53 executing program 2: 03:45:53 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, 0x0, 0x0) 03:45:53 executing program 4: 03:45:53 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2c0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:54 executing program 2: 03:45:54 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xe00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:54 executing program 2: 03:45:54 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:54 executing program 4: 03:45:54 executing program 1: pipe(&(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SG_SET_RESERVED_SIZE(r1, 0x2275, &(0x7f0000000100)=0x50d060000) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x11, r1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write(r0, 0x0, 0x0) 03:45:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2d8, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:54 executing program 4: 03:45:54 executing program 2: 03:45:54 executing program 1: 03:45:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x2e8, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:54 executing program 2: 03:45:54 executing program 4: 03:45:55 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0xf00000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:55 executing program 1: 03:45:55 executing program 4: 03:45:55 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:55 executing program 2: 03:45:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x300, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:55 executing program 4: 03:45:55 executing program 2: 03:45:55 executing program 1: 03:45:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x308, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:55 executing program 1: 03:45:55 executing program 4: 03:45:56 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1000000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:56 executing program 2: 03:45:56 executing program 1: 03:45:56 executing program 4: 03:45:56 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x30e, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:56 executing program 4: 03:45:56 executing program 2: 03:45:56 executing program 1: 03:45:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x31a, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:56 executing program 2: 03:45:56 executing program 4: 03:45:57 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1100000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:57 executing program 1: 03:45:57 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:57 executing program 4: 03:45:57 executing program 2: 03:45:57 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x34e, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:57 executing program 4: 03:45:57 executing program 1: 03:45:57 executing program 2: 03:45:57 executing program 4: 03:45:57 executing program 1: 03:45:57 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:58 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1200000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:58 executing program 2: 03:45:58 executing program 4: 03:45:58 executing program 1: 03:45:58 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:58 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x364, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:58 executing program 2: 03:45:58 executing program 4: 03:45:58 executing program 1: 03:45:58 executing program 2: 03:45:58 executing program 4: 03:45:58 executing program 1: 03:45:59 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1300000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:45:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x384, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:59 executing program 2: 03:45:59 executing program 1: 03:45:59 executing program 4: 03:45:59 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:45:59 executing program 4: 03:45:59 executing program 1: 03:45:59 executing program 2: 03:45:59 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x3a6, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:45:59 executing program 4: 03:45:59 executing program 1: 03:46:00 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1400000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:00 executing program 2: 03:46:00 executing program 1: 03:46:00 executing program 4: 03:46:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x3c8, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:00 executing program 1: 03:46:00 executing program 4: 03:46:00 executing program 2: 03:46:00 executing program 4: 03:46:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:00 executing program 1: 03:46:00 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1500000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:00 executing program 2: 03:46:00 executing program 4: 03:46:00 executing program 1: 03:46:00 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:00 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x3d4, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:00 executing program 1: 03:46:00 executing program 2: 03:46:00 executing program 4: 03:46:01 executing program 1: 03:46:01 executing program 4: 03:46:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:01 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1600000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:01 executing program 2: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75d908c9205ed3b71ea13952fe4cbe6fe94815d4296f6e66de94f42cfa66862535188bc73114cc5b7e45adbc96ada2c96fcdf56ac7d8c5df0d6217f049413454c471de840cdf462e7b21af76c2dd85cfd2af275132f78a7a2a40784f2c848cfe3e120ea0124ee07fabe1ab30355d1da3792ed03734c9d2311b8c492141e49bbd12988425f3e6416d98397d0c772f66625b0984a41111e8655de4c87c3ffc5a612004b19158174c2f52680b3bf2e418bc4e9b4a0b873e7f6926102d5cc7e6eebb2a8407b684607e441ca52eabfeca040254d87b627de25f8e6899de161d199468"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'bdevvboxnet1$\\bdev'}}, {@fsname={'fsname', 0x3d, 'wfdno'}}, {@obj_role={'obj_role', 0x3d, '/dev/vcs#\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@euid_lt={'euid<'}}, {@fowner_lt={'fowner<'}}, {@seclabel='seclabel'}, {@fsmagic={'fsmagic', 0x3d, 0x7ff}}, {@smackfshat={'smackfshat', 0x3d, 'wlan0[cgroupselfvboxnet1-em0vboxnet1)/$[\\'}}]}}) 03:46:01 executing program 1: getpid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@mcast2, 0x800, 0x2}, 0x20) 03:46:01 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x7, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x59, 0x27}}, &(0x7f0000281ffc)='GPL\x00'}, 0x48) 03:46:01 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x3fa, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:01 executing program 4: mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x12e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='system.posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [], {}, [{}]}, 0x2c, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ttyS3\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) dup2(r1, r0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000100)={0x1, [0x0]}, &(0x7f0000000140)=0x6) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(0xffffffffffffffff, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 03:46:01 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x500, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:01 executing program 1: 03:46:02 executing program 2: 03:46:02 executing program 1: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x4401, 0x0) 03:46:02 executing program 4: pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75d908c9205ed3b71ea13952fe4cbe6fe94815d4296f6e66de94f42cfa66862535188bc73114cc5b7e45adbc96ada2c96fcdf56ac7d8c5df0d6217f049413454c471de840cdf462e7b21af76c2dd85cfd2af275132f78a7a2a40784f2c848cfe3e120ea0124ee07fabe1ab30355d1da3792ed03734c9d2311b8c492141e49bbd12988425f3e6416d98397d0c772f66625b0984a41111e8655de4c87c3ffc5a612004b19158174c2f52680b3bf2e418bc4e9b4a0b873e7f6926102d5cc7e6eebb2a8407b684607e441ca52eabfeca040254d87b627de25f8e6899de161d199468"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'bdevvboxnet1$\\bdev'}}, {@smackfshat={'smackfshat', 0x3d, 'wlan0[cgroupselfvboxnet1-em0vboxnet1)/$[\\'}}]}}) 03:46:02 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1700000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:02 executing program 2: unshare(0x0) r0 = syz_open_dev$vcsa(0x0, 0xfffffffffffffffd, 0x200000) bpf$MAP_CREATE(0x1000000000000, 0x0, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x42000) 03:46:02 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000280)={[], [{@smackfsdef={'smackfsdef', 0x3d, 'workdir'}}, {@smackfsdef={'smackfsdef', 0x3d, 'workdir'}}], 0xf603000000000000}) 03:46:02 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x63, 0x11, 0x23}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 03:46:02 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x600, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) [ 2441.325021] overlayfs: unrecognized mount option "smackfsdef=workdir" or missing value 03:46:02 executing program 4: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket(0x25, 0x0, 0x0) 03:46:02 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x12e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) lsetxattr$trusted_overlay_opaque(&(0x7f0000000140)='./file1\x00', &(0x7f0000000200)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xfd08283856736a22) capget(0x0, 0x0) socket(0x0, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) 03:46:02 executing program 2: madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x12) 03:46:02 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2441.572358] overlayfs: conflicting lowerdir path 03:46:03 executing program 2: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) read$usbfs(r0, 0x0, 0x0) 03:46:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'pcrypt(gcm_base(ctr(aes-aesni),ghash-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000012c0)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, 0x0) socket$xdp(0x2c, 0x3, 0x0) r1 = accept$alg(r0, 0x0, 0x0) syz_open_dev$mouse(0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000005900)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001480)=""/4096, 0x1000}], 0x1}, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000780)) syz_open_dev$tty20(0xc, 0x4, 0x1) dup2(0xffffffffffffffff, 0xffffffffffffffff) 03:46:03 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1800000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:03 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)) read(r0, &(0x7f0000002280)=""/57, 0x39) 03:46:03 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x700, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:03 executing program 4: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/nullb0\x00', 0x0, 0x0) ioctl$BLKRRPART(r0, 0x125f, 0x0) 03:46:03 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:03 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x7, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x57, 0x27}}, &(0x7f0000281ffc)='GPL\x00'}, 0x48) 03:46:03 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xfd08283856736a22) setuid(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) stat(&(0x7f0000000980)='./file0\x00', 0x0) 03:46:03 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000012c0)=ANY=[@ANYBLOB="d008000024007f03000000ff02000000f7000000", @ANYRES32, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e0318900000104000000efff000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffffff040000000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000000ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee00000001000000000000000010f7006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039031c020101000001000000000000060500000010000200e002807104000000ff03000018000100080d1e02800000000700000024709a02ff7f000010000500010000000000000007000000100003001f000300070000000101000018000100e701040009000000040000000104000000000000f2275eef7138e6d8404ee35c1c03d0a7e3015b89e6e440ebafa27d5b8188804cd5beea2fda73c030f26439c9e4f2e27a824bfb4415f2af99b482560d1a447df28d8d838ad1a39caf40dc96c5f134529d47c0604f66f8714f8ee51165c4b029a7dc7e2f90de64a234d9098b06231c71bc79c43de912eb17614cf75d8c49152a801ac9a1326f0e334e0534faa8d8704d03c25495230a2ed4feb5298d99c124310dd8d4054c8be6bdb8bcede3d1552b08c169755c508c65ff8e1c50711a38d9a451eb650df96535fcc7669eb1f0f7fc5135a05b389610d33df49e9d1d3808c8fa0524b1caa582c913fedb22de15fbc7e7890faa48e6205a74bf817d48ea3dc9cddb6acc14b94522ccce95a27379b1ced543ad45de5016647e86154fd92670b9fc95ff90ea60fcf349981185b11322c4a48276eea082e4be45b9125653ba5f8ad8500d0d768b2de6b9e198568ecd526a1ba44c9180104fa91e55e31181b4acad815ef766bc8604c30c715da309a185645439aaabb542625905dc77193d45cde1978dc9c67cea6b01d2d4a28b13fc1e71d1f2a38537c44b629790b1305371c9e705771da5555c743b5b4adea2b95aa708f41e7a713277f5422f2bb669861730554e266f4ae61e0377f517b23ae4821e04e500cf998be043bab81fa38368a555f4a381eab2a692e06a4ca80bcb7570518078eb76bd313b23d0708cd26017f5a64a703da88679bbb758ac9b2b3ad70bbd679e7e24852925d96c941ac4cce3c9863a529c9f3f024c93fbd7e61e29fcbd6368d915afa0e54e02c6053d74bf16ea95c499"], 0x8d0}}, 0x0) 03:46:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x803, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:04 executing program 1: getpid() sched_setscheduler(0x0, 0x5, &(0x7f0000000380)) dup(0xffffffffffffffff) getpgrp(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0xa, 0x300) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_init_net_socket$llc(0x1a, 0x0, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r1, &(0x7f0000000680)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e75d908c9205ed3b71ea13952fe4cbe6fe94815d4296f6e66de94f42cfa66862535188bc73114cc5b7e45adbc96ada2c96fcdf56ac7d8c5df0d6217f049413454c471de840cdf462e7b21af76c2dd85cfd2af275132f78a7a2a40784f2c848cfe3e120ea0124ee07fabe1ab30355d1da3792ed03734c9d2311b8c492141e49bbd12988425f3e6416d98397d0c772f66625b0984a41111e8655de4c87c3ffc5a612004b19158174c2f52680b3bf2e418bc4e9b4a0b873e7f6926102d5cc7e6eebb2a8407b684607e441ca52eabfeca040254d87b627de25f8e6899de161d199468"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x26f) r3 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xc4, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fstat(0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [{@smackfsroot={'smackfsroot', 0x3d, 'bdevvboxnet1$\\bdev'}}, {@fsname={'fsname', 0x3d, 'wfdno'}}, {@obj_role={'obj_role', 0x3d, '/dev/vcs#\x00'}}, {@rootcontext={'rootcontext', 0x3d, 'root'}}, {@euid_lt={'euid<'}}, {@fowner_lt={'fowner<'}}, {@fsmagic={'fsmagic', 0x3d, 0x7ff}}, {@smackfshat={'smackfshat', 0x3d, 'wlan0[cgroupselfvboxnet1-em0vboxnet1)/$[\\'}}]}}) 03:46:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:04 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) r2 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x3, &(0x7f0000000600)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0}, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0xdb5, r2, &(0x7f00000004c0)="21701d3299000345ceb8355e0f6b83d8597961635bc8d8b193e186b49d9532e3bf477db18aa1f84f092c197042627c8b31cf2ace955a4f0b80fd2bffba3e5e0e53fa38039ecb63308778328f5ee73df9a169d79bfc2f49d701c07b0aa0f1436f0fbc3e54abd3c46994b637c1a77fa06d9590567a6a5f721dc962d5251537b3540485ce92fa98512c17dfe71e4910881fdc4cd0ac7981779da8bfcb6e6e1f4e4db22ce59e7c0d673e6d09d5fe718122d492f6ce8f77e2595e8e9d4f2c97d5acb9af762dda522c49b4285a8d59991b1142a10fa328ef552f20", 0xd8, 0xb47, 0x0, 0x2, r1}]) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) r5 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r5, 0xc008551a, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x90080000, 0x0, {r3, r4/1000+10000}, {0x0, 0x1, 0x1f, 0x3, 0x81, 0x85, "eaad4448"}, 0x3b03, 0x1, @planes=&(0x7f0000000840)={0x4, 0x3, @fd=r5, 0x5}, 0x3, 0x0, r1}) r6 = perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x80, 0x0, 0x0, 0xfe, 0x0, 0x8, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x636}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x2, &(0x7f0000000600)=[0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0xdb5, r6, &(0x7f00000004c0)="21701d3299000345ceb8355e0f6b83d8597961635bc8d8b193e186b49d9532e3bf477db18aa1f84f092c197042627c8b31cf2ace955a4f0b80fd2bffba3e5e0e53fa38039ecb63308778328f5ee73df9a169d79bfc2f49d701c07b0aa0f1436f0fbc3e54abd3c46994b637c1a77fa06d9590567a6a5f721dc962d5251537b3540485ce92fa98512c17dfe71e4910881fdc4cd0ac7981779da8bfcb6e6e1f4e4db22ce59e7c0d673e6d09d5fe718122d492f6ce8f77e2595e8e9d4f2c97d5acb9af762dda522c49b4285a8d59991b1142a10fa328ef552f20", 0xd8, 0xb47, 0x0, 0x2, r0}]) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, 0x0) io_setup(0x69, &(0x7f0000000000)=0x0) r8 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000380)={r8, 0xffffffffffffffff, 0x7, 0x6f, &(0x7f00000002c0)="4aa0af32da7f3d5a307d315b0bc35441caff3691e9bdb45a251ec70317e9692f1dd56085c1cbce7a6709279f1bfa7ef3e2016352d0524ed0ab4eca1834c910f260eadd81079cee82f9c754d83aee99850b264ebfbe846f73cdf9a415a56ec6d615377c9c862d5bb56a52b42727c5df", 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x7fffffff, 'syz1\x00'}) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) r9 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000380)={r9, 0xffffffffffffffff, 0x7, 0x6e, &(0x7f00000002c0)="4aa0af32da7f3d5a307d315b0bc35441caff3691e9bdb45a251ec70317e9692f1dd56085c1cbce7a6709279f1bfa7ef3e2016352d0524ed0ab4eca1834c910f260eadd81079cee82f9c754d83aee99850b264ebfbe846f73cdf9a415a56ec6d615377c9c862d5bb56a52b42727c5", 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x7fffffff, 'syz1\x00'}) r10 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r10, 0x4c81, 0x0) io_submit(r7, 0x5, &(0x7f0000000680)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x7, 0x0, r8, &(0x7f0000000080)="3f6bdc32302f42818d96c4056a0ca8f424b67a158faa6d922cbbfd03c5c216f7dfb4581672835d09bc45a8ec1b2a92a0d6cf84f2b726f11074d6bf1f016f7f832ae77a0defc6f2e45e08a847707d495ed174ee9d3e82213fd974d8bf0bcc1661fb5fb51d150c014592b99bef0bc3c32fc00aa6b467bf10ffe3220456d74239e15be2f1a7759df361b6220ef518", 0x8d, 0x1, 0x0, 0x2, r0}, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x2, 0x4, r6, &(0x7f00000002c0)="059b749f80e20382d12fc0e6572e45e9a81cdd3fd2444f7f25f5d9c55bd41c8d9c641a4fa1e9f3ac07d53b1fae0c85738ddc767bff1881090ab0f26b6b0f0b19f68173d91f586aa8e21222c7fcfedcbfa8ad74975e8e9956fff5c92acd05cf22ba2ecd019f506c16f834982b9453fd164d122b7f7d781ad44e9f488ef1af58b9f471f84252ec795108cc61561f85b506792a458aafc9c061c918d62faf1b2ef0d8a11ad45118f24a012b13c757414c3084a482ad52e4435399262f7a2c1651", 0xbf, 0x100, 0x0, 0x1}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2, 0xcb, 0xffffffffffffffff, &(0x7f0000000240)="774535907543b02d3edb57ea4b3bc89d5db664d8c6dcd42b6dba98dee7b2370d", 0x20, 0xbc, 0x0, 0x2}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x5, r9, &(0x7f00000003c0)="7f9d07c3cd3387de6a77ba911230a937b5466b05f4d518911f47bc4a9c1e103185a64feaa0609e1fa6eeb04a73d157ec8968310cf550f520e04ecfd6bc87719527f33d4d66cabc83d57bf1043f1d77184ab3b2bb32b458e23ce86b3d223dfc5a6d4693", 0x63, 0x5}, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x5, 0xff, r10, &(0x7f0000000480)="d95df226d3726b550764cf196a0e987e82ac1822b921325128d215aeaca193c853370594d720967acf20ddeee7e1b24167a5d8", 0x33, 0x25}]) r11 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) r12 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x2, &(0x7f0000000600)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0}, 0x0]) getsockopt$netlink(r12, 0x10e, 0x8, &(0x7f0000000700)=""/138, &(0x7f00000007c0)=0x8a) clock_gettime(0x0, &(0x7f0000000800)={0x0, 0x0}) r15 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x3, 0x0) r16 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_submit(0x0, 0x3, &(0x7f0000000600)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0}, 0x0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0xdb5, r16, &(0x7f00000004c0)="21701d3299000345ceb8355e0f6b83d8597961635bc8d8b193e186b49d9532e3bf477db18aa1f84f092c197042627c8b31cf2ace955a4f0b80fd2bffba3e5e0e53fa38039ecb63308778328f5ee73df9a169d79bfc2f49d701c07b0aa0f1436f0fbc3e54abd3c46994b637c1a77fa06d9590567a6a5f721dc962d5251537b3540485ce92fa98512c17dfe71e4910881fdc4cd0ac7981779da8bfcb6e6e1f4e4db22ce59e7c0d673e6d09d5fe718122d492f6ce8f77e2595e8e9d4f2c97d5acb9af762dda522c49b4285a8d59991b1142a10fa328ef552f20", 0xd8, 0xb47, 0x0, 0x2}]) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r15, 0xc008551a, 0x0) ioctl$VIDIOC_DQBUF(r11, 0xc0585611, &(0x7f0000000880)={0x0, 0x0, 0x4, 0x90080000, 0x0, {r13, r14/1000+10000}, {0x1, 0x0, 0x1f, 0x3, 0x81, 0x85, "eaad4448"}, 0x3b03, 0x1, @planes=&(0x7f0000000840)={0x4, 0x3, @fd=r15, 0x5}, 0x3, 0x0, r12}) getsockname$packet(r12, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14) sendto$packet(r0, &(0x7f0000000100)="9dab2b35a81e3a21ef001ab46aacdc682bed5b86b38a0a7de16a723f8cac30bcc70cafa28db72ed45faa3b29d4a2a502f347784e59ebbd65a8b9ccb516e15c00e0e236a521460620c91fe3caaa81073e0a47246e003b2b956d4bf6aa9743d8b5bca347d2df2b4d86563a19d75eded41269b40155bf4e7ffa8e85cf2ae3787a9e79c588c5d3adfebc4e80f267bf7d5099be41276372b5885bc3f6a1393605d09d820c95efa9dc2d8febd9d64c32fae681215fd120f1a97dbf4a2fdafcc6c2d47ca6fcd0ab44bf5d834f52af102a1755f7139a4e3d4948fd5d7b604a5fcbd825cae86ac98b99c263d566dd38edb333a08d341325b5f528850a42b475a157d2a2cd5457d83552be5adc85b8f9d636f52a11066726400436dbadb475a797cc6909e97667fb755a3d70f446349488a031dc1b7dda6ebcfe2e0febddb1a2d0b5d8728f88ae632b0d32438034ebcccfdd025c6b3e9dc4c69dff8a3b78f4ecfc49a528f1900e21c0814f25dbb700e0201a8dc667512eddf88a53fad67692b11bf5673e2b4c623d23ef4bf1e4a7a23dd1bc1a7123b6265a91d9f032cb278e5e73887c4734940ad8b5d0361dfbd3fc9b4d2dd1f62adee243351d6f057ddd9823f110a1fb338c63530c638c63ebe5933fd1934dd157586206c8124ba57faa4e680b713ae685dfcf81c4a4cc9b57b775daeb14483c7f753b15c9de746c282b28711d869721c3bace9feb06ffe3e28bcbed48ed3fab1e1eaf245a5aaec896ce13be10e662893213579ae0a806d3cfc4c86feae0968f06019562a3af718f3115b8a9eeb7a5d1616a712fe9a768bcb9a54b88722a8ab69274052b877f47fad1d521a7354bcbc0fa166ad26ce5d720793b93a956a9250e53deec95d54a8ccc07452a406ccc4a4a8e7401d06ab0b8285980b2bc86be9b6a3273c4b0960eacb09a9d745853b2181a5106eccc7cd8df11fcea0b5809f58fbb527bb879d8f1fccb8b47c9a633910587b2ce25b423606af55bb8f66f81d0e5b465e78eb9135be387f271b5bd234a0eec4b1ce027da761007f4009db62788c2d4a5c60633f3792c285f4e58ae11f1e4e5bf8c0a2bbfa60b0458010275a3186d1843228bef919583be2d1266c7b40bc1bb511bef5a681ab83117e97e23e8283c599dcc6195e429a6634f2f0e273ac205607870ca20fb661246f50e4da55d21583205748f2725122c73fe6e1aece044cc570be94d3a7e45da247f8acff7de2b75ddc6613daad7a3c185d5eee32a75c0b30f85bbd961ef12ba80133bdab3e09da965c768e3bdcf98bfa3060b2383715f302af2e0d6f0bec8522ce5866a4336560f8458efcab3697b621b89f0d608a1af1d814b609c78fb2717d8838b27eac0c0576dd8e1ab1e3e765b416cee691265e90f1000c724b1a85e4dc82e95ae867a3dbc31a272777100caa9db2f825f103ea4d0f668b09fbc042a9627fb5beaa6dbe2e70fc4a1d03f482eab88e1f024f4854513a1a5a67698531ef86fa4c051385b01dc1914b322b86db3c038db66528994230fc1396c4e2639b1c5fe1bc40afa3c82ff85d5b48694fe70d33a721e7f6b2cf4431becd4147b2e24f50fffca5c63da1ff0eb76bb0ea7952d0e70f29348dfde40b5a8f01efc1e53de7791499e5dcd0b0c4fb9101a1d7d1061a1eb95cbe5c86b856f0ad03998cd6538557948519496adfb15c29ff80c5d7006c22402072ea08e0216099bc2c13798409cdb561c992db1c7bd716037f671c287f41e1eaecc93b60b0be5e1d9b216cef69fb5c21eabefd000534183c578bbbf550fe766a3ed023992580e378e3ef34ae0dca5c53bda6806ce5f2272202a77ae01f5226ec5011d37e16999dde956f3a0b3240740d85fa6c46bf97888336089f437a5ebe0597e758369ee2735f4dbfc2e7dbbb438781d791156f7b4883fa042a065d9254d74731beb2168be12e0df453b09742b3c74932383990c863d78c3a511b2e323226691106e9cdb4106651677c14e5f255a70b631081a9a527552b3e048f941c6c057c5988f116cc829db3a19e423a797fae37042eac3b8747e6061bedf92ab54e8633d74db795321acec328ba34a2a42aed2fe0ccb04dfdd6bd96d99da5ac571ca3a470fed64d6422d3a99e5847d070759f861ad316071d34ec49781ae8e9aa5c1e6a11c4e012b46215ab637841281f56dd0e724584817b0fd0241a76eacfb65959c437c172350aa830e98259fc5d979ad95b0c2de8e4e427b8907946afcf590f6aaebc48fd37bfa40ade408e841ffd4808fdff8b23f9b909aac66dbc7d758eb3797895b1ee24d5f6528fba46c378dd580371a4ffed2302c5fe2202873e692561b60681968963ab12cb31116c4092187e4739eed124bb5eff5281d832a81863a8cacf94a5417dcd3bfc378ed910df85d8bcb52021a8e96427caf703989b75e19b57a4e9d362ddea54993db8fe3d5a2aa1e45c61794cb64c9dcba94c8b8b1bb1cd6f7b1dd4d81accffb67f7c17751eb0f102808521b3d1de65d4ab8a94726699dd33fc1cc33a16a410de791fdb90408e2f6557c4e1864c4cb3e2eb7263d473684fc9c7175266f52b373bf39dae70b8852812fc9f543d495b0e279805bac94e3f8277a2967ceea742f1c2d9fd68b09b1b7aea19abbc5e215ffc0b969a45ef82865776e91198b0a4dd21fd8a0b0bba37c1e2611008f2a7d05bf808f9fa9a56259fc9b82555130686c0e16b5d5c0db97eed32f7b062d84620fc3e58d3d054d69f502e062e922560073eae3d0244b00e636bfb3a9260ba14ccc65135f0519536b3245d1fee63d23834da8225bf4ab43fee29a8e489dd23643b41c1e0c39ed41c6f8c411b05635b4700c6b2ef331551717d7158d8c28b9f8e8d32122af483fbab918ac66d6c09864880547c298639ccdeebe63804481ac8feb16e9a16ea5718f6558f04634ca57c86b8670b771ba5a70678ae456fba83c7a054dbd8ce1581335ad7d538cc93eb75a1917c2eb7b5f05d8b49c3df088275bc73fbdc2f4b3ae4e6425af729d50bee9bdf029375976f0edb6e0ed96365e92ea61a3bb4ad5607f0f5db60911ba6a8d17b37a2888ce18b53f6e7fdb07924b4533df7eaae7971d4a40bcd027e47d1a409600005d4f71c99626464d3d7591c05b9b61f1910d974aacec2259d16d573c0544eeeeab318d0e037250e040b37ceb4de51053b0ac8b43846892d554fefbf662066971f5e1cf2f23fdf6634ddc38af9d6981695f01934c765cd79d5263c187d77dd1d4bb92e59b9cd94db316a377b8d8db26faca81f632d1ed542c0873ddcfe1b8da6e915f7c7dfd8846321077360d4c5f222d35622b4c39730c2c8460dc08d8f5be26d5492583a2cf6520bd8d7c941b5af47800750da325a62b41516f7cb2545afd3181caa986b168526c08a6c81a9fd64d81bb6765119c2d35ec64ea33a7d4b85ab4562f090e3b671ae6088a41845fd0ec492b0b024e7462d452770281bcb2131d53aec71436f3d5496e88d68618d6057916ff1d08da6df41e6fb2b5e323dae7a6afc4b0e537fa678f9f78f87f57cc30c2f3ad2bc12db8a9d4a9dddb35d13c7d4d7c61c6626003600080a884790223e6697834da6e0d347166ec652e3f21d2f369f55443d2b89776420d5d050ce89378c99d3acff2ebb4ef4480f8e7a25ef6fb5f73a3edddebdd14eb37c696bc7ba118fb8e8aaf6bb56a3f4f3ff721278c4300cf2f9863555da1518be34112ec04c2d0dd9148f7f86dc35d897ecd23633c2c7fe2f9bfc20d7140f395eaa5d2b3fd5fe446131a22394ff741ceab5d4eda92716742d4f273d91f6b0d95bfd1bae5dbe44ebda771e21162227115973a95547f3cbaea040c168762544c16708f688ba8187953db16a27ac38458fbf9e02526440193f6a24d5893f8c824d40c06e914760e3b8a61fa99116546581e98b133620d6f80abea7b7c44776d2728afb06f267a051cfcf864f8e4aca1c0302865269eb99824e7c6c8a6a404337bbea461f7ef9bbd34e5fb02ec8d7ea5bad0147bb542122c816775cfc8ddf55d04d0853374d3f043064f0f202e3061536fea4035c28d1e820a89f16f5ade8fb261a29d1c2fd1c4f5c46a2e312cafccb979eedd460399c48293a599242d92954710109f2144dc3b18537aad7ab6f5df5e941f9e5d83a195b53952d77297a036d73e73de22935c27f2949477361dbf1393783a1920adc2bdd1a27593f19765b3328792d225b62a6fd93032ea7919baac09808e68df0b1ae00315abd4a6c0282c2cd6c4039fa93fc51b4f14b20ab2693026fd1038f63990e82e69efe09104a74dcc613e2723f2b7c2de5bc9d6f67ecab8d941799fb2312bd98e2370aabf792fd782ea2eb9feeb3e74bf113ae6e3d18011f852ea7159451bc98263e3a9abe82388e6345a480cfa0d0f42ee7415a190f5969f31adad6069460f6d9083b0d5828f34c154f093c4afc4b005eb82beccdd671300194d08cb5b51a3b85fb9be7203e54743fc864ce353eb2c3c4c30e068161847858c910987c4a3d33777c71e9b57a1d2f44acce6351afe42adb1c7dd87de4c0b75277d6aff49209f28c1c32cdb8c7a61641e5b7c2b0cb2858eaf33be8ae9042811bb055ff688f356efbc29f1ad878afaa09e6a333a930879c44928c5f6df0f206dfa8122527a3cb12c5d230726e3d2d53ebbbde1f3db157437ec1061c2a266cabee1f979bd7772f37cc85fd5ed7de11f05f0b108073dda4352e1fe864d393cb3307de30fdf25304008b5b4873f77ca4935cc5ef15a6ebb2a050cc5de43bc4d6ae005cd0b7b6f077c8fedd9f091e60863bec7e15e1d87e44c2c6a88e8a9b92f30f5f27c56ba62695dd5ecb24b6470e19a8ebebdaf00bbf60ed79d5abcaa00828a0213110102266518aea4c2ffa8460c764b5511c47e5ab4e6d98686e84cccb8f542de8a02a8c238814d36a23737666dff6c18c4999ad00e156392f0f4598b5934da53fca17fc5d03418344957eb1d7f4b39225a27a4d3c40baa6a69a4a7a266e98fbf3dc7b6dc28beb317219b5d9716e75ee0d8a3b5aea12e45c1d55a24e6f6654e78d5dd8eb699e616ac7f01f82856985250b31e2fe7e74c24aeb2d8efa729ea9f94589114221edd59fdb5a5467666698af48183b81eea4b8f1d68be3aa9a8f0464605552aea56ea93f5ed56e2eb091acc1f2df1fd3331e5d759c4cf6f5c9fe1a4386794904860726f9c154761d991b11b23ab7b42f8d7286f0fd3961ce582daed792f17f41b857971bb4705a5ce8868bf5c5c1efc0f35a80622b963909eddaba7f903722ec46a22775d375c6adc00794933724eb16d733e6dcff56f149e796d18ba2090f5eb74c6751d5062f73ed39c31619fdff56bf10d814914b16e046404d7ca2be2ec47a6fc82728805fc49755a335ca572e1b51fd6707af4a879a9a28b0edb4bd8edd64dc9ef08eeb0e79f475a84a9f400ea413b28964a6a09ebfd51675357afa9a6233ed7084ea0605f7aa2c98909c793241d9ce22781c3ac845696d3630c17d4fdf4d017a9b2248ea10d7fe6ac0428f9303f5f8ed6a457aff849b5c7fbc598ea697027aead362fb14c507ba4d156416fd16a8cb3536e2363819e8dc12fff338aa07238e0de2396130de62eb8a74b6a8985b0458a85369a8ac2f339696e8c67d88d038bc595e0124b4a98019b73895720f91211978c0045e1169a0cf56bc6892cb11aca482b1f1a59dff639082cd569214becfa4c64cfdafb6279c8d5af4263a1065b84a0b14348bdf87a7aaf59e98fa93da02d8082095ad5d1b43eb739bd5e4e351a366c0d13b22c0ee7a9", 0x1000, 0x4000, &(0x7f0000001100)={0x11, 0xf7, r17, 0x1, 0x6, 0x6, @local}, 0x14) r18 = userfaultfd(0x0) ioctl$UFFDIO_API(r18, 0xc018aa3f, &(0x7f00000000c0)) 03:46:04 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) gettid() perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40286608, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x3, &(0x7f00000000c0)=[{&(0x7f0000000000)="2e00000022008151e05b80ecdb4cb904044865160b00170002000000740004140e00110002000000dc2976d153b4", 0x235}], 0x1}, 0x1900000000000000) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:46:04 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0x900, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:04 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:04 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') recvmmsg(0xffffffffffffffff, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1a0, 0x0) 03:46:04 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000000)) read(r0, &(0x7f0000002280)=""/57, 0x39) 03:46:05 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x705, 0x0, 0xa00, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x3, r2}]}}}]}, 0x38}}, 0x0) 03:46:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x7, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x27}}, &(0x7f0000281ffc)='GPL\x00'}, 0x48) 03:46:05 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:05 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) r2 = dup(r0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, r2, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r3 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r3, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r4, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r4, &(0x7f0000000100)='syz1\x00', 0x1ff) r5 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r5, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r6, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r6, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r5, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) 03:46:05 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x7, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x27}}, &(0x7f0000281ffc)='GPL\x00'}, 0x48) 03:46:05 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x101200, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x7, 0xffffffffffffffff, 0x0) mknod(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) ioctl$BLKRESETZONE(0xffffffffffffffff, 0x40101283, &(0x7f0000000000)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lremovexattr(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)=ANY=[@ANYBLOB]) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) splice(r0, 0x0, 0xffffffffffffffff, &(0x7f00000001c0)=0x3, 0x43, 0x5) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x3}, 0x8000000200000400, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) r2 = open(&(0x7f0000000600)='./bus\x00', 0x2, 0x0) write$P9_RATTACH(r2, &(0x7f0000000080)={0x14}, 0xfffffff4) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x4240a2a0) mkdirat$cgroup(r3, &(0x7f0000000100)='syz1\x00', 0x1ff) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000cd0fc8)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x2, 0xf, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, [@sadb_x_policy={0x8, 0x12, 0x0, 0x3, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in, @in6=@mcast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4, 0x0, @remote={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0xa0}}, 0x0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000340)={0xffffffff, 0xffffffffffffff80, 0x81, 0x1f, 0x1f, 0x4}) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r5, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000180)={0x6, 0x0, {}, {0xee00}, 0x0, 0x2}) write$binfmt_misc(r4, &(0x7f0000000800)=ANY=[@ANYBLOB="73797a31d5285f8952becaa703be64e7124783cb5228614ca3640ae32b3dee9974bf508b8dabe4e564bffe91643c8e7f2bc629fab200c52a8989a02aec704a900ca3b2f3dd421c11cd36ec1cd57c0b28f3991f61c38545a5dd12b2a13b95f133f44273e04ccff8ee481787ad77e2ce1633a26cb188a2484684fd16b285655b791ab087aa40ce31ed819c1a3dd38353f357259ead845b5741d1d1e45707dabac64e18ab36c5b62aa45e57b08aed678032445f90df77af8b6c630b0096f9a3c22b35be3cee5857b4609b9eaa"], 0x9b) socket$key(0xf, 0x3, 0x2) [ 2596.419131] INFO: task syz-executor.4:17726 blocked for more than 140 seconds. [ 2596.426840] Not tainted 4.19.99-syzkaller #0 [ 2596.435111] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2596.443549] syz-executor.4 D27648 17726 7945 0x00000004 [ 2596.449799] Call Trace: [ 2596.452564] __schedule+0x866/0x1dc0 [ 2596.456555] ? firmware_map_remove+0x1a7/0x1a7 [ 2596.461483] schedule+0x92/0x1c0 [ 2596.465060] rwsem_down_write_failed+0x774/0xc30 [ 2596.470184] ? rwsem_down_read_failed+0x3c0/0x3c0 [ 2596.475248] call_rwsem_down_write_failed+0x17/0x30 [ 2596.480537] ? call_rwsem_down_write_failed+0x17/0x30 [ 2596.485953] down_write+0x53/0x90 [ 2596.489759] ? register_netdevice_notifier+0x7e/0x630 [ 2596.495254] register_netdevice_notifier+0x7e/0x630 [ 2596.500544] ? __lockdep_init_map+0x10c/0x5b0 [ 2596.505244] ? __dev_close_many+0x300/0x300 [ 2596.509977] ? __lockdep_init_map+0x10c/0x5b0 [ 2596.514725] bcm_init+0x1a8/0x220 [ 2596.518347] ? canbcm_pernet_init+0x90/0x90 [ 2596.522998] can_create+0x288/0x4b0 [ 2596.526791] __sock_create+0x3d8/0x730 [ 2596.531034] __sys_socket+0x103/0x220 [ 2596.534991] ? move_addr_to_kernel+0x80/0x80 [ 2596.539750] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2596.544707] ? do_syscall_64+0x26/0x620 [ 2596.549010] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2596.554541] ? do_syscall_64+0x26/0x620 [ 2596.558853] __x64_sys_socket+0x73/0xb0 [ 2596.562978] do_syscall_64+0xfd/0x620 [ 2596.566917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2596.572452] RIP: 0033:0x45b349 [ 2596.575900] Code: Bad RIP value. [ 2596.579465] RSP: 002b:00007f308985fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 2596.587419] RAX: ffffffffffffffda RBX: 00007f30898606d4 RCX: 000000000045b349 [ 2596.595168] RDX: 0000000000000002 RSI: 0000000000000002 RDI: 000000000000001d [ 2596.602811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 2596.610587] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 2596.618112] R13: 0000000000000b34 R14: 00000000004cc18e R15: 000000000075bf2c [ 2596.625795] [ 2596.625795] Showing all locks held in the system: [ 2596.632541] 4 locks held by kworker/u4:1/23: [ 2596.637123] #0: 00000000ecd3babd ((wq_completion)"%s""netns"){+.+.}, at: process_one_work+0x87e/0x1750 [ 2596.647137] #1: 000000007a783aa4 (net_cleanup_work){+.+.}, at: process_one_work+0x8b4/0x1750 [ 2596.656839] #2: 000000002017e59e (pernet_ops_rwsem){++++}, at: cleanup_net+0xae/0x960 [ 2596.665352] #3: 00000000ebe411f5 (&rq->lock){-.-.}, at: __schedule+0x1f8/0x1dc0 [ 2596.673419] 1 lock held by khungtaskd/1080: [ 2596.677896] #0: 00000000f688d62b (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x27e [ 2596.686975] 1 lock held by rsyslogd/7772: [ 2596.691433] #0: 00000000bdd6f1d6 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 2596.699916] 2 locks held by getty/7894: [ 2596.704005] #0: 00000000649aba0e (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.712801] #1: 00000000562a8a26 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.722144] 2 locks held by getty/7895: [ 2596.726237] #0: 00000000f687d9cb (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.734961] #1: 000000001adc32b8 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.744270] 2 locks held by getty/7896: [ 2596.748367] #0: 0000000025cdd4e1 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.757054] #1: 00000000933413f0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.766340] 2 locks held by getty/7897: [ 2596.770651] #0: 0000000072ba9d00 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.779480] #1: 00000000a61fa54f (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.788874] 2 locks held by getty/7898: [ 2596.793196] #0: 00000000045623f5 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.801913] #1: 000000009a814905 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.811512] 2 locks held by getty/7899: [ 2596.815629] #0: 0000000039bed58d (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.824260] #1: 00000000f7cf163a (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.833793] 2 locks held by kworker/u4:5/14156: [ 2596.838763] 2 locks held by getty/31471: [ 2596.843201] #0: 00000000fa8eeeae (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 2596.852005] #1: 000000004f6cf3ef (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x232/0x1b70 [ 2596.861400] 1 lock held by syz-executor.4/17726: [ 2596.866313] #0: 000000002017e59e (pernet_ops_rwsem){++++}, at: register_netdevice_notifier+0x7e/0x630 [ 2596.876281] [ 2596.877982] ============================================= [ 2596.877982] [ 2596.885383] NMI backtrace for cpu 1 [ 2596.889316] CPU: 1 PID: 1080 Comm: khungtaskd Not tainted 4.19.99-syzkaller #0 [ 2596.896675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2596.906024] Call Trace: [ 2596.908623] dump_stack+0x197/0x210 [ 2596.912263] nmi_cpu_backtrace.cold+0x63/0xa4 [ 2596.916763] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 2596.921791] nmi_trigger_cpumask_backtrace+0x1b0/0x1f8 [ 2596.927210] arch_trigger_cpumask_backtrace+0x14/0x20 [ 2596.932396] watchdog+0x9df/0xee0 [ 2596.935851] kthread+0x354/0x420 [ 2596.939212] ? reset_hung_task_detector+0x30/0x30 [ 2596.944050] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2596.949586] ret_from_fork+0x24/0x30 [ 2596.955716] Sending NMI from CPU 1 to CPUs 0: [ 2596.961038] NMI backtrace for cpu 0 [ 2596.961044] CPU: 0 PID: 7930 Comm: syz-fuzzer Not tainted 4.19.99-syzkaller #0 [ 2596.961051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2596.961056] RIP: 0010:lock_is_held_type+0x17e/0x210 [ 2596.961068] Code: 00 00 00 fc ff df 41 c7 85 7c 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 75 63 48 83 3d b1 e9 a0 07 00 74 30 48 89 df 57 9d <0f> 1f 44 00 00 48 83 c4 08 44 89 e0 5b 41 5c 41 5d 5d c3 48 83 c4 [ 2596.961072] RSP: 0018:ffff8880a92ff848 EFLAGS: 00000086 [ 2596.961080] RAX: 1ffffffff11e4ae9 RBX: 0000000000000086 RCX: ffff888085b5ef80 [ 2596.961085] RDX: dffffc0000000000 RSI: ffff8880ae82c258 RDI: 0000000000000086 [ 2596.961091] RBP: ffff8880a92ff868 R08: ffff888085b5e700 R09: ffffed1015d05849 [ 2596.961096] R10: ffffed1015d05848 R11: ffff8880ae82c243 R12: 0000000000000001 [ 2596.961102] R13: ffff888085b5e700 R14: ffff888085b5e700 R15: ffff8880ae82c240 [ 2596.961108] FS: 000000c42013b090(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 2596.961113] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2596.961118] CR2: 00007f3544de4000 CR3: 0000000083deb000 CR4: 00000000001406f0 [ 2596.961124] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2596.961129] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2596.961132] Call Trace: [ 2596.961135] update_rq_clock+0x21c/0x2b0 [ 2596.961139] __schedule+0x253/0x1dc0 [ 2596.961143] ? hrtimer_start_range_ns+0x65d/0xc70 [ 2596.961147] ? firmware_map_remove+0x1a7/0x1a7 [ 2596.961151] ? __hrtimer_get_remaining+0x1a0/0x1a0 [ 2596.961154] schedule+0x92/0x1c0 [ 2596.961158] futex_wait_queue_me+0x30c/0x600 [ 2596.961162] ? handle_futex_death.part.0+0x2a0/0x2a0 [ 2596.961166] ? lock_pi_update_atomic+0x120/0x120 [ 2596.961169] futex_wait+0x228/0x5e0 [ 2596.961173] ? futex_wait_setup+0x390/0x390 [ 2596.961177] ? clock_was_set_work+0x30/0x30 [ 2596.961180] ? futex_wake+0x179/0x4d0 [ 2596.961184] ? kasan_check_write+0x14/0x20 [ 2596.961187] ? tlb_finish_mmu+0xc9/0x100 [ 2596.961191] do_futex+0x175/0x1d70 [ 2596.961194] ? mark_held_locks+0x100/0x100 [ 2596.961198] ? find_held_lock+0x35/0x130 [ 2596.961202] ? __x64_sys_madvise+0x11a5/0x14f0 [ 2596.961206] ? exit_robust_list+0x2d0/0x2d0 [ 2596.961209] ? __x64_sys_futex+0x4cb/0x590 [ 2596.961213] ? ktime_get+0x105/0x2f0 [ 2596.961216] ? kvm_clock_read+0x18/0x30 [ 2596.961220] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2596.961224] ? ktime_get+0x202/0x2f0 [ 2596.961227] __x64_sys_futex+0x400/0x590 [ 2596.961231] ? do_futex+0x1d70/0x1d70 [ 2596.961234] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2596.961238] ? do_syscall_64+0x26/0x620 [ 2596.961242] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2596.961246] ? do_syscall_64+0x26/0x620 [ 2596.961250] ? lockdep_hardirqs_on+0x415/0x5d0 [ 2596.961254] ? trace_hardirqs_on+0x67/0x220 [ 2596.961257] do_syscall_64+0xfd/0x620 [ 2596.961262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2596.961265] RIP: 0033:0x45b153 [ 2596.961277] Code: cc cc cc cc cc cc cc 48 8b 7c 24 08 8b 74 24 10 8b 54 24 14 4c 8b 54 24 18 4c 8b 44 24 20 44 8b 4c 24 28 b8 ca 00 00 00 0f 05 <89> 44 24 30 c3 cc cc cc cc cc cc cc cc 8b 7c 24 08 48 8b 74 24 10 [ 2596.961281] RSP: 002b:000000c420039ea0 EFLAGS: 00000206 ORIG_RAX: 00000000000000ca [ 2596.961290] RAX: ffffffffffffffda RBX: 000000003b8635be RCX: 000000000045b153 [ 2596.961313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001e37180 [ 2596.961319] RBP: 000000c420039ee8 R08: 0000000000000000 R09: 0000000000000000 [ 2596.961324] R10: 000000c420039ed8 R11: 0000000000000206 R12: 00000246e798e5e9 [ 2596.961330] R13: 0000000000000001 R14: 00007ffb02fd46c8 R15: 0000000000000004 [ 2597.302172] Kernel panic - not syncing: hung_task: blocked tasks [ 2597.308355] CPU: 1 PID: 1080 Comm: khungtaskd Not tainted 4.19.99-syzkaller #0 [ 2597.315715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2597.325061] Call Trace: [ 2597.327697] dump_stack+0x197/0x210 [ 2597.331315] panic+0x26a/0x50e [ 2597.334494] ? __warn_printk+0xf3/0xf3 [ 2597.338379] ? lapic_can_unplug_cpu.cold+0x47/0x47 [ 2597.343331] ? ___preempt_schedule+0x16/0x18 [ 2597.347739] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 2597.353174] ? nmi_trigger_cpumask_backtrace+0x1c1/0x1f8 [ 2597.358624] ? nmi_trigger_cpumask_backtrace+0x1cb/0x1f8 [ 2597.364076] ? nmi_trigger_cpumask_backtrace+0x165/0x1f8 [ 2597.369537] watchdog+0x9f0/0xee0 [ 2597.373001] kthread+0x354/0x420 [ 2597.376359] ? reset_hung_task_detector+0x30/0x30 [ 2597.381206] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2597.386742] ret_from_fork+0x24/0x30 [ 2597.391871] Kernel Offset: disabled [ 2597.395509] Rebooting in 86400 seconds..