fffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 394.222375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 394.229809] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 394.237068] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 394.244346] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 394.255819] Task in /syz4 killed as a result of limit of /syz4 [ 394.263768] memory: usage 307200kB, limit 307200kB, failcnt 122 [ 394.270334] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 394.277306] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 394.283683] Memory cgroup stats for /syz4: cache:56KB rss:296160KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:277856KB active_anon:76KB inactive_file:20KB active_file:20KB unevictable:18252KB [ 394.305606] Memory cgroup out of memory: Kill process 11676 (syz-executor.4) score 1233 or sacrifice child [ 394.317696] Killed process 11681 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB 14:20:10 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0x81a0ae8c, 0x0) 14:20:10 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:10 executing program 2: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 395.990623] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 396.002150] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 396.007778] CPU: 1 PID: 11709 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 396.015667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 396.025645] Call Trace: [ 396.028254] dump_stack+0x188/0x20d [ 396.032413] dump_header+0x159/0xa5e [ 396.036323] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 396.041431] ? ___ratelimit+0x59/0x573 [ 396.045328] oom_kill_process.cold+0x10/0x6dc [ 396.049851] ? task_will_free_mem+0x134/0x6d0 [ 396.054382] out_of_memory+0x349/0x1250 [ 396.058368] ? mark_held_locks+0xa6/0xf0 [ 396.062436] ? oom_killer_disable+0x270/0x270 [ 396.066941] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 396.071560] mem_cgroup_out_of_memory+0x1c7/0x240 [ 396.076440] ? memcg_event_wake+0x210/0x210 [ 396.080808] try_charge+0xe22/0x1300 [ 396.084561] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 396.089433] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 396.094428] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 396.100510] ? __lock_acquire+0x6ee/0x49c0 [ 396.104759] mem_cgroup_try_charge+0x249/0x5c0 [ 396.109485] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 396.114436] wp_page_copy+0x3fe/0x1530 [ 396.118371] ? follow_pfn+0x260/0x260 [ 396.122181] ? __lock_acquire+0x6ee/0x49c0 [ 396.126439] ? mark_held_locks+0xa6/0xf0 [ 396.130520] do_wp_page+0x518/0xfa0 [ 396.134157] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 396.138867] __handle_mm_fault+0x21a4/0x3b60 [ 396.143300] ? copy_page_range+0x1e70/0x1e70 [ 396.147745] ? __handle_mm_fault+0x4/0x3b60 [ 396.152219] handle_mm_fault+0x1a5/0x670 [ 396.156415] __get_user_pages+0x599/0x1650 [ 396.160683] ? follow_page_mask+0x1a60/0x1a60 [ 396.165203] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 396.169980] ? retint_kernel+0x2d/0x2d [ 396.173901] populate_vma_page_range+0x1fd/0x290 [ 396.178710] __mm_populate+0x1e8/0x350 [ 396.182643] ? populate_vma_page_range+0x290/0x290 [ 396.188810] ? do_mlock+0x6b0/0x6b0 [ 396.192459] __x64_sys_mlockall+0x340/0x500 [ 396.196779] do_syscall_64+0xf9/0x620 [ 396.200619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 396.206133] RIP: 0033:0x45c479 [ 396.209323] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 396.228233] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 396.235960] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 396.243243] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 396.250694] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 396.258774] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 396.266052] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 396.274377] Task in /syz2 killed as a result of limit of /syz2 [ 396.280775] memory: usage 307200kB, limit 307200kB, failcnt 724 [ 396.287454] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 396.294514] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 396.300955] Memory cgroup stats for /syz2: cache:72KB rss:295936KB rss_huge:204800KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:86580KB active_anon:8952KB inactive_file:0KB active_file:8KB unevictable:200524KB [ 396.323630] Memory cgroup out of memory: Kill process 11708 (syz-executor.2) score 1233 or sacrifice child [ 396.334399] Killed process 11710 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:12 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xc0045878, 0x0) 14:20:12 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:12 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x5}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xc0045878, 0x0) 14:20:13 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 397.022986] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 397.035792] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 397.042732] CPU: 0 PID: 11716 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 397.050645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 397.060525] Call Trace: [ 397.063210] dump_stack+0x188/0x20d [ 397.066841] dump_header+0x159/0xa5e [ 397.070549] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 397.075641] ? ___ratelimit+0x59/0x573 [ 397.079528] oom_kill_process.cold+0x10/0x6dc [ 397.084032] ? task_will_free_mem+0x134/0x6d0 [ 397.088523] out_of_memory+0x349/0x1250 [ 397.092506] ? oom_killer_disable+0x270/0x270 [ 397.097086] mem_cgroup_out_of_memory+0x1c7/0x240 [ 397.101938] ? memcg_event_wake+0x210/0x210 [ 397.106254] ? do_raw_spin_unlock+0x171/0x260 [ 397.110739] try_charge+0xe22/0x1300 [ 397.114448] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 397.119282] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 397.124139] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 397.130653] ? __lock_acquire+0x6ee/0x49c0 [ 397.134912] mem_cgroup_try_charge+0x249/0x5c0 [ 397.139515] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 397.144463] wp_page_copy+0x3fe/0x1530 [ 397.148358] ? follow_pfn+0x260/0x260 [ 397.152177] do_wp_page+0x518/0xfa0 [ 397.155818] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 397.160503] __handle_mm_fault+0x21a4/0x3b60 [ 397.164929] ? copy_page_range+0x1e70/0x1e70 [ 397.169347] ? count_memcg_event_mm+0x279/0x4c0 [ 397.174040] handle_mm_fault+0x1a5/0x670 [ 397.178111] __get_user_pages+0x599/0x1650 [ 397.182353] ? follow_page_mask+0x1a60/0x1a60 [ 397.186853] ? populate_vma_page_range+0xc9/0x290 [ 397.192004] populate_vma_page_range+0x1fd/0x290 [ 397.196789] __mm_populate+0x1e8/0x350 [ 397.200679] ? populate_vma_page_range+0x290/0x290 [ 397.205597] ? do_mlock+0x6b0/0x6b0 [ 397.209239] __x64_sys_mlockall+0x340/0x500 [ 397.213597] do_syscall_64+0xf9/0x620 [ 397.217524] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 397.222736] RIP: 0033:0x45c479 [ 397.225925] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 397.244936] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 397.252641] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 397.259916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 14:20:13 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x6}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 397.267211] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 397.274668] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 397.281949] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 397.293229] Task in /syz4 killed as a result of limit of /syz4 [ 397.300279] memory: usage 307200kB, limit 307200kB, failcnt 145 [ 397.306496] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 397.313453] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 397.319829] Memory cgroup stats for /syz4: cache:56KB rss:296016KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:277872KB active_anon:76KB inactive_file:8KB active_file:24KB unevictable:18252KB [ 397.341476] Memory cgroup out of memory: Kill process 11714 (syz-executor.4) score 1233 or sacrifice child [ 397.351941] Killed process 11723 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:13 executing program 2: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xc0189436, 0x0) 14:20:13 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 398.788685] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 398.800342] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 398.805950] CPU: 0 PID: 11736 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 398.813842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 398.823285] Call Trace: [ 398.825888] dump_stack+0x188/0x20d [ 398.829551] dump_header+0x159/0xa5e [ 398.833292] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 398.838402] ? ___ratelimit+0x59/0x573 [ 398.842297] oom_kill_process.cold+0x10/0x6dc [ 398.846805] ? task_will_free_mem+0x134/0x6d0 [ 398.851316] out_of_memory+0x349/0x1250 [ 398.855300] ? oom_killer_disable+0x270/0x270 [ 398.859815] mem_cgroup_out_of_memory+0x1c7/0x240 [ 398.864661] ? memcg_event_wake+0x210/0x210 [ 398.868998] ? do_raw_spin_unlock+0x171/0x260 [ 398.874537] try_charge+0xe22/0x1300 [ 398.878296] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 398.883150] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 398.888001] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 398.894106] mem_cgroup_try_charge+0x249/0x5c0 [ 398.898698] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 398.903635] wp_page_copy+0x3fe/0x1530 [ 398.907537] ? follow_pfn+0x260/0x260 [ 398.911343] ? retint_kernel+0x2d/0x2d [ 398.915237] do_wp_page+0x518/0xfa0 [ 398.918868] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 398.923555] __handle_mm_fault+0x21a4/0x3b60 [ 398.927971] ? copy_page_range+0x1e70/0x1e70 [ 398.932470] ? count_memcg_event_mm+0x279/0x4c0 [ 398.937159] handle_mm_fault+0x1a5/0x670 [ 398.941233] __get_user_pages+0x599/0x1650 [ 398.945484] ? follow_page_mask+0x1a60/0x1a60 [ 398.950014] ? populate_vma_page_range+0x33/0x290 [ 398.954866] populate_vma_page_range+0x1fd/0x290 [ 398.959631] __mm_populate+0x1e8/0x350 [ 398.963525] ? populate_vma_page_range+0x290/0x290 [ 398.968459] ? do_mlock+0x6b0/0x6b0 [ 398.972104] __x64_sys_mlockall+0x340/0x500 [ 398.976450] do_syscall_64+0xf9/0x620 [ 398.980419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 398.985618] RIP: 0033:0x45c479 [ 398.988822] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 399.007924] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 399.015652] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 399.023041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 399.030710] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 399.038869] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 399.046429] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 399.055499] Task in /syz2 killed as a result of limit of /syz2 [ 399.062864] memory: usage 307200kB, limit 307200kB, failcnt 754 [ 399.070517] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 399.077484] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 399.083973] Memory cgroup stats for /syz2: cache:72KB rss:296012KB rss_huge:204800KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:86588KB active_anon:8952KB inactive_file:0KB active_file:4KB unevictable:200524KB [ 399.106552] Memory cgroup out of memory: Kill process 11735 (syz-executor.2) score 1233 or sacrifice child [ 399.116932] Killed process 11744 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 399.567442] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 399.578869] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 399.584398] CPU: 1 PID: 11746 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 399.592300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.601646] Call Trace: [ 399.604245] dump_stack+0x188/0x20d [ 399.607867] dump_header+0x159/0xa5e [ 399.611599] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 399.616721] ? ___ratelimit+0x59/0x573 [ 399.620603] oom_kill_process.cold+0x10/0x6dc [ 399.625092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 399.629838] ? task_will_free_mem+0x134/0x6d0 [ 399.634327] out_of_memory+0x349/0x1250 [ 399.638310] ? oom_killer_disable+0x270/0x270 [ 399.642812] mem_cgroup_out_of_memory+0x1c7/0x240 [ 399.647643] ? memcg_event_wake+0x210/0x210 [ 399.651995] ? do_raw_spin_unlock+0x171/0x260 [ 399.656567] try_charge+0xe22/0x1300 [ 399.660276] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 399.665124] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 399.669963] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 399.676018] mem_cgroup_try_charge+0x249/0x5c0 [ 399.680593] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 399.685514] wp_page_copy+0x3fe/0x1530 [ 399.689410] ? mark_held_locks+0xa6/0xf0 [ 399.693486] ? follow_pfn+0x260/0x260 [ 399.697287] ? __lock_acquire+0x6ee/0x49c0 [ 399.701655] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 399.706508] do_wp_page+0x518/0xfa0 [ 399.710169] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 399.715029] __handle_mm_fault+0x21a4/0x3b60 [ 399.719441] ? copy_page_range+0x1e70/0x1e70 [ 399.723874] ? count_memcg_event_mm+0x279/0x4c0 [ 399.728546] handle_mm_fault+0x1a5/0x670 [ 399.733732] __get_user_pages+0x599/0x1650 [ 399.737966] ? follow_page_mask+0x1a60/0x1a60 [ 399.742466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 399.747219] ? retint_kernel+0x2d/0x2d [ 399.751119] populate_vma_page_range+0x1fd/0x290 [ 399.755883] __mm_populate+0x1e8/0x350 [ 399.759767] ? populate_vma_page_range+0x290/0x290 [ 399.764685] ? do_mlock+0x6b0/0x6b0 [ 399.768308] __x64_sys_mlockall+0x340/0x500 [ 399.772640] do_syscall_64+0xf9/0x620 [ 399.776442] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 399.781658] RIP: 0033:0x45c479 [ 399.784841] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 399.803939] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 399.811661] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 399.819361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 399.826633] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 399.833893] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 399.841167] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 399.848990] Task in /syz4 killed as a result of limit of /syz4 [ 399.855222] memory: usage 307200kB, limit 307200kB, failcnt 165 [ 399.861581] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 399.868661] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 399.874936] Memory cgroup stats for /syz4: cache:56KB rss:296148KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:277852KB active_anon:76KB inactive_file:16KB active_file:16KB unevictable:18252KB [ 399.898272] Memory cgroup out of memory: Kill process 11745 (syz-executor.4) score 1233 or sacrifice child [ 399.908271] Killed process 11747 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:16 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:16 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:17 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xc018ae85, 0x0) 14:20:17 executing program 2: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:17 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:17 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x8}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:17 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x9}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xc020660b, 0x0) 14:20:17 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:18 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xa}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2) [ 402.535045] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 402.548213] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 402.553872] CPU: 0 PID: 11785 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 402.561787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 402.571512] Call Trace: [ 402.574143] dump_stack+0x188/0x20d [ 402.577793] dump_header+0x159/0xa5e [ 402.581536] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 402.586665] ? ___ratelimit+0x59/0x573 [ 402.590584] oom_kill_process.cold+0x10/0x6dc [ 402.595279] ? task_will_free_mem+0x134/0x6d0 [ 402.599811] out_of_memory+0x349/0x1250 [ 402.603819] ? oom_killer_disable+0x270/0x270 [ 402.610155] mem_cgroup_out_of_memory+0x1c7/0x240 [ 402.616188] ? memcg_event_wake+0x210/0x210 [ 402.620561] ? do_raw_spin_unlock+0x171/0x260 [ 402.625078] try_charge+0xe22/0x1300 [ 402.628857] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 402.633765] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 402.638635] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 402.644729] mem_cgroup_try_charge+0x249/0x5c0 [ 402.649461] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 402.654512] wp_page_copy+0x3fe/0x1530 [ 402.658426] ? mark_held_locks+0xa6/0xf0 [ 402.662509] ? follow_pfn+0x260/0x260 [ 402.666360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.671146] do_wp_page+0x518/0xfa0 [ 402.674801] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 402.679792] __handle_mm_fault+0x21a4/0x3b60 [ 402.684360] ? copy_page_range+0x1e70/0x1e70 [ 402.688800] ? count_memcg_event_mm+0x279/0x4c0 [ 402.693496] handle_mm_fault+0x1a5/0x670 [ 402.697568] __get_user_pages+0x599/0x1650 [ 402.701822] ? follow_page_mask+0x1a60/0x1a60 [ 402.706337] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 402.711107] ? retint_kernel+0x2d/0x2d [ 402.715098] populate_vma_page_range+0x1fd/0x290 [ 402.719859] __mm_populate+0x1e8/0x350 [ 402.723783] ? populate_vma_page_range+0x290/0x290 [ 402.728802] ? do_mlock+0x6b0/0x6b0 [ 402.732474] __x64_sys_mlockall+0x340/0x500 [ 402.736807] do_syscall_64+0xf9/0x620 [ 402.740902] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 402.746108] RIP: 0033:0x45c479 [ 402.749297] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 402.768215] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 402.776068] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 402.783346] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 402.790613] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 402.797873] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 402.805352] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 402.812910] Task in /syz5 killed as a result of limit of /syz5 [ 402.819434] memory: usage 307200kB, limit 307200kB, failcnt 39 [ 402.825434] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 14:20:19 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 402.832265] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 402.838519] Memory cgroup stats for /syz5: cache:0KB rss:297608KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:262948KB active_anon:60KB inactive_file:8KB active_file:24KB unevictable:34636KB [ 402.859735] Memory cgroup out of memory: Kill process 11781 (syz-executor.5) score 1233 or sacrifice child [ 402.869827] Killed process 11788 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3) 14:20:19 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:19 executing program 2: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4) 14:20:19 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:19 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:19 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 403.757505] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 403.768838] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 403.774276] CPU: 1 PID: 11817 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 403.782173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 403.791552] Call Trace: [ 403.794179] dump_stack+0x188/0x20d [ 403.797830] dump_header+0x159/0xa5e [ 403.801560] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 403.806868] ? ___ratelimit+0x59/0x573 [ 403.810775] oom_kill_process.cold+0x10/0x6dc [ 403.816845] ? task_will_free_mem+0x134/0x6d0 [ 403.821368] out_of_memory+0x349/0x1250 [ 403.825890] ? oom_killer_disable+0x270/0x270 [ 403.830416] mem_cgroup_out_of_memory+0x1c7/0x240 [ 403.835290] ? memcg_event_wake+0x210/0x210 [ 403.839740] ? do_raw_spin_unlock+0x171/0x260 [ 403.844271] try_charge+0xe22/0x1300 [ 403.848013] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 403.852968] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 403.857833] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 403.863914] ? mark_held_locks+0xf0/0xf0 [ 403.867999] mem_cgroup_try_charge+0x249/0x5c0 [ 403.872606] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 403.877560] __handle_mm_fault+0x1cfb/0x3b60 [ 403.881982] ? copy_page_range+0x1e70/0x1e70 [ 403.886541] ? count_memcg_event_mm+0x279/0x4c0 [ 403.891252] handle_mm_fault+0x1a5/0x670 [ 403.895335] __get_user_pages+0x599/0x1650 [ 403.899607] ? follow_page_mask+0x1a60/0x1a60 [ 403.904121] ? lock_acquire+0x170/0x400 [ 403.908114] populate_vma_page_range+0x1fd/0x290 [ 403.913015] __mm_populate+0x1e8/0x350 [ 403.916928] ? populate_vma_page_range+0x290/0x290 [ 403.921870] ? do_mlock+0x6b0/0x6b0 [ 403.925516] __x64_sys_mlockall+0x340/0x500 [ 403.929847] do_syscall_64+0xf9/0x620 [ 403.933661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 403.938872] RIP: 0033:0x45c479 [ 403.942083] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 403.961484] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 403.969461] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 403.976760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 403.984039] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 403.991315] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 403.998590] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 404.006147] Task in /syz2 killed as a result of limit of /syz2 [ 404.012351] memory: usage 307196kB, limit 307200kB, failcnt 805 [ 404.018520] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 404.025777] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 404.032292] Memory cgroup stats for /syz2: cache:72KB rss:296028KB rss_huge:204800KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:92536KB active_anon:8968KB inactive_file:8KB active_file:0KB unevictable:194620KB [ 404.054832] Memory cgroup out of memory: Kill process 10489 (syz-executor.2) score 1163 or sacrifice child [ 404.064753] Killed process 10489 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 404.421949] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 404.433387] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 404.439055] CPU: 0 PID: 11819 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 404.446929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 404.456269] Call Trace: [ 404.458856] dump_stack+0x188/0x20d [ 404.462479] dump_header+0x159/0xa5e [ 404.466186] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 404.471489] ? ___ratelimit+0x59/0x573 [ 404.475384] oom_kill_process.cold+0x10/0x6dc [ 404.480006] ? task_will_free_mem+0x134/0x6d0 [ 404.484510] out_of_memory+0x349/0x1250 [ 404.488516] ? oom_killer_disable+0x270/0x270 [ 404.493034] mem_cgroup_out_of_memory+0x1c7/0x240 [ 404.498758] ? memcg_event_wake+0x210/0x210 [ 404.503110] ? do_raw_spin_unlock+0x171/0x260 [ 404.507617] try_charge+0xe22/0x1300 [ 404.511346] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 404.516214] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 404.521073] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 404.527318] mem_cgroup_try_charge+0x249/0x5c0 [ 404.531927] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 404.536854] wp_page_copy+0x3fe/0x1530 [ 404.540748] ? follow_pfn+0x260/0x260 [ 404.544546] ? __lock_acquire+0x6ee/0x49c0 [ 404.548781] do_wp_page+0x518/0xfa0 [ 404.552403] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 404.557080] __handle_mm_fault+0x21a4/0x3b60 [ 404.561483] ? copy_page_range+0x1e70/0x1e70 [ 404.565885] ? count_memcg_event_mm+0x279/0x4c0 [ 404.570568] handle_mm_fault+0x1a5/0x670 [ 404.574710] __get_user_pages+0x599/0x1650 [ 404.579030] ? follow_page_mask+0x1a60/0x1a60 [ 404.583520] ? __get_user_pages+0x3f6/0x1650 [ 404.587927] populate_vma_page_range+0x1fd/0x290 [ 404.592679] __mm_populate+0x1e8/0x350 [ 404.596582] ? populate_vma_page_range+0x290/0x290 [ 404.601500] ? do_mlock+0x6b0/0x6b0 [ 404.605126] __x64_sys_mlockall+0x340/0x500 [ 404.609447] do_syscall_64+0xf9/0x620 [ 404.613268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 404.618450] RIP: 0033:0x45c479 [ 404.621634] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 404.640783] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 404.648499] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 404.655759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 404.663813] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 404.671078] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 404.678338] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 404.686569] Task in /syz5 killed as a result of limit of /syz5 [ 404.692708] memory: usage 307200kB, limit 307200kB, failcnt 77 [ 404.699081] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 404.706022] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 404.712334] Memory cgroup stats for /syz5: cache:0KB rss:297584KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:262948KB active_anon:60KB inactive_file:8KB active_file:8KB unevictable:34636KB [ 404.734081] Memory cgroup out of memory: Kill process 11816 (syz-executor.5) score 1233 or sacrifice child [ 404.744466] Killed process 11820 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 405.282597] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 405.294600] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 405.300102] CPU: 0 PID: 11825 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 405.308126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.317617] Call Trace: [ 405.320333] dump_stack+0x188/0x20d [ 405.323991] dump_header+0x159/0xa5e [ 405.327933] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 405.333133] ? ___ratelimit+0x59/0x573 [ 405.337027] oom_kill_process.cold+0x10/0x6dc [ 405.341591] ? task_will_free_mem+0x134/0x6d0 [ 405.346100] out_of_memory+0x349/0x1250 [ 405.350078] ? oom_killer_disable+0x270/0x270 [ 405.354581] mem_cgroup_out_of_memory+0x1c7/0x240 [ 405.359435] ? memcg_event_wake+0x210/0x210 [ 405.363778] ? do_raw_spin_unlock+0x171/0x260 [ 405.368283] try_charge+0xe22/0x1300 [ 405.372001] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 405.376888] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 405.381747] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 405.387936] ? mark_held_locks+0xf0/0xf0 [ 405.392173] mem_cgroup_try_charge+0x249/0x5c0 [ 405.396785] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 405.401728] __handle_mm_fault+0x1cfb/0x3b60 [ 405.406149] ? copy_page_range+0x1e70/0x1e70 [ 405.410570] ? count_memcg_event_mm+0x279/0x4c0 [ 405.415258] handle_mm_fault+0x1a5/0x670 [ 405.419444] __get_user_pages+0x599/0x1650 [ 405.423835] ? follow_page_mask+0x1a60/0x1a60 [ 405.428337] ? lock_acquire+0x170/0x400 [ 405.432358] populate_vma_page_range+0x1fd/0x290 [ 405.437126] __mm_populate+0x1e8/0x350 [ 405.441121] ? populate_vma_page_range+0x290/0x290 [ 405.446113] ? do_mlock+0x6b0/0x6b0 [ 405.449751] __x64_sys_mlockall+0x340/0x500 [ 405.454076] do_syscall_64+0xf9/0x620 [ 405.457895] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 405.463093] RIP: 0033:0x45c479 [ 405.466291] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 405.485326] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 405.493270] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 405.500575] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 405.507852] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 405.515122] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 405.522382] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 405.530020] Task in /syz4 killed as a result of limit of /syz4 [ 405.536043] memory: usage 307200kB, limit 307200kB, failcnt 184 [ 405.542192] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 405.549135] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 405.555289] Memory cgroup stats for /syz4: cache:56KB rss:296172KB rss_huge:0KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:292936KB active_anon:92KB inactive_file:12KB active_file:24KB unevictable:3192KB [ 405.576302] Memory cgroup out of memory: Kill process 11809 (syz-executor.4) score 1163 or sacrifice child [ 405.586380] Killed process 11809 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 405.621340] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 405.632796] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 405.638279] CPU: 0 PID: 11825 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 405.646166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 405.655528] Call Trace: [ 405.658133] dump_stack+0x188/0x20d [ 405.661786] dump_header+0x159/0xa5e [ 405.665509] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 405.670619] ? ___ratelimit+0x59/0x573 [ 405.674523] oom_kill_process.cold+0x10/0x6dc [ 405.679033] ? task_will_free_mem+0x134/0x6d0 [ 405.683554] out_of_memory+0x349/0x1250 [ 405.687725] ? oom_killer_disable+0x270/0x270 [ 405.692259] mem_cgroup_out_of_memory+0x1c7/0x240 [ 405.697149] ? memcg_event_wake+0x210/0x210 [ 405.701512] ? do_raw_spin_unlock+0x171/0x260 [ 405.706013] try_charge+0xe22/0x1300 [ 405.709784] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 405.714642] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 405.719495] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 405.725557] ? mark_held_locks+0xf0/0xf0 [ 405.729632] mem_cgroup_try_charge+0x249/0x5c0 [ 405.734224] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 405.739194] __handle_mm_fault+0x1cfb/0x3b60 [ 405.743617] ? copy_page_range+0x1e70/0x1e70 [ 405.748035] ? count_memcg_event_mm+0x279/0x4c0 [ 405.752732] handle_mm_fault+0x1a5/0x670 [ 405.756803] __get_user_pages+0x599/0x1650 [ 405.761073] ? follow_page_mask+0x1a60/0x1a60 [ 405.765672] ? lock_acquire+0x170/0x400 [ 405.769660] populate_vma_page_range+0x1fd/0x290 [ 405.774432] __mm_populate+0x1e8/0x350 [ 405.778329] ? populate_vma_page_range+0x290/0x290 [ 405.783261] ? do_mlock+0x6b0/0x6b0 [ 405.786902] __x64_sys_mlockall+0x340/0x500 [ 405.791231] do_syscall_64+0xf9/0x620 [ 405.795043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 405.800240] RIP: 0033:0x45c479 [ 405.803963] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 405.822872] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 405.830598] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 405.838073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 405.845347] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 405.852622] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 405.859982] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 405.867863] Task in /syz4 killed as a result of limit of /syz4 [ 405.874471] memory: usage 307200kB, limit 307200kB, failcnt 215 [ 405.882381] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 405.889163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 405.895307] Memory cgroup stats for /syz4: cache:56KB rss:296124KB rss_huge:4096KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:284280KB active_anon:92KB inactive_file:12KB active_file:16KB unevictable:10944KB [ 405.916666] Memory cgroup out of memory: Kill process 11213 (syz-executor.4) score 1163 or sacrifice child [ 405.926804] Killed process 11213 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 406.140485] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 406.152083] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 406.157559] CPU: 1 PID: 11817 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 406.165440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 406.174798] Call Trace: [ 406.177413] dump_stack+0x188/0x20d [ 406.181560] dump_header+0x159/0xa5e [ 406.185884] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 406.191062] ? ___ratelimit+0x59/0x573 [ 406.195203] oom_kill_process.cold+0x10/0x6dc [ 406.199720] ? task_will_free_mem+0x134/0x6d0 [ 406.204238] out_of_memory+0x349/0x1250 [ 406.208231] ? oom_killer_disable+0x270/0x270 [ 406.212747] mem_cgroup_out_of_memory+0x1c7/0x240 [ 406.217867] ? memcg_event_wake+0x210/0x210 [ 406.222381] ? do_raw_spin_unlock+0x171/0x260 [ 406.226890] try_charge+0xe22/0x1300 [ 406.230609] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 406.235657] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 406.240518] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 406.246602] mem_cgroup_try_charge+0x249/0x5c0 [ 406.251189] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 406.256143] wp_page_copy+0x3fe/0x1530 [ 406.260054] ? follow_pfn+0x260/0x260 [ 406.264052] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 406.268826] do_wp_page+0x518/0xfa0 [ 406.272462] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 406.277253] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 406.282030] __handle_mm_fault+0x21a4/0x3b60 [ 406.287486] ? copy_page_range+0x1e70/0x1e70 [ 406.291917] ? count_memcg_event_mm+0x279/0x4c0 [ 406.296620] handle_mm_fault+0x1a5/0x670 [ 406.300777] __get_user_pages+0x599/0x1650 [ 406.305058] ? follow_page_mask+0x1a60/0x1a60 [ 406.309687] ? populate_vma_page_range+0x1a6/0x290 [ 406.314709] populate_vma_page_range+0x1fd/0x290 [ 406.319482] __mm_populate+0x1e8/0x350 [ 406.323730] ? populate_vma_page_range+0x290/0x290 [ 406.328679] ? do_mlock+0x6b0/0x6b0 [ 406.332313] __x64_sys_mlockall+0x340/0x500 [ 406.336655] do_syscall_64+0xf9/0x620 [ 406.340471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 406.345686] RIP: 0033:0x45c479 [ 406.349060] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 406.368094] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 406.375907] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 406.383184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 406.390633] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 406.398024] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 406.405840] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 406.413764] Task in /syz2 killed as a result of limit of /syz2 [ 406.420135] memory: usage 307200kB, limit 307200kB, failcnt 6264 [ 406.426397] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 406.433455] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:20:22 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 406.439871] Memory cgroup stats for /syz2: cache:72KB rss:296156KB rss_huge:192512KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:102920KB active_anon:8952KB inactive_file:4KB active_file:0KB unevictable:184272KB [ 406.462249] Memory cgroup out of memory: Kill process 11811 (syz-executor.2) score 1233 or sacrifice child [ 406.472411] Killed process 11811 (syz-executor.2) total-vm:74832kB, anon-rss:18316kB, file-rss:56432kB, shmem-rss:0kB [ 406.515155] oom_reaper: reaped process 11809 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 406.535027] oom_reaper: reaped process 11811 (syz-executor.2), now anon-rss:18384kB, file-rss:56424kB, shmem-rss:0kB 14:20:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x11) [ 406.649111] oom_reaper: reaped process 11213 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 406.654164] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:20:22 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 406.725174] syz-executor.3 cpuset=syz3 mems_allowed=0-1 14:20:23 executing program 2: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 407.065860] CPU: 1 PID: 11823 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 407.074701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 407.084070] Call Trace: [ 407.086769] dump_stack+0x188/0x20d [ 407.090413] dump_header+0x159/0xa5e [ 407.094162] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 407.099293] ? ___ratelimit+0x59/0x573 [ 407.103450] oom_kill_process.cold+0x10/0x6dc [ 407.107962] ? task_will_free_mem+0x134/0x6d0 [ 407.112570] out_of_memory+0x349/0x1250 [ 407.116741] ? oom_killer_disable+0x270/0x270 [ 407.121370] mem_cgroup_out_of_memory+0x1c7/0x240 [ 407.126667] ? memcg_event_wake+0x210/0x210 [ 407.131027] ? do_raw_spin_unlock+0x171/0x260 [ 407.136317] try_charge+0xe22/0x1300 [ 407.140304] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 407.145183] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 407.150052] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 407.156125] ? mark_held_locks+0xf0/0xf0 [ 407.160218] mem_cgroup_try_charge+0x249/0x5c0 [ 407.164959] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 407.169935] __handle_mm_fault+0x1cfb/0x3b60 [ 407.174354] ? copy_page_range+0x1e70/0x1e70 [ 407.179073] ? count_memcg_event_mm+0x279/0x4c0 [ 407.183876] handle_mm_fault+0x1a5/0x670 [ 407.187968] __get_user_pages+0x599/0x1650 [ 407.192245] ? follow_page_mask+0x1a60/0x1a60 [ 407.197389] ? lock_acquire+0x170/0x400 [ 407.201398] populate_vma_page_range+0x1fd/0x290 [ 407.206284] __mm_populate+0x1e8/0x350 [ 407.210197] ? populate_vma_page_range+0x290/0x290 [ 407.215150] ? do_mlock+0x6b0/0x6b0 [ 407.218799] __x64_sys_mlockall+0x340/0x500 [ 407.223146] do_syscall_64+0xf9/0x620 [ 407.226971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 407.232169] RIP: 0033:0x45c479 [ 407.235370] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 407.254282] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 407.262005] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 407.269279] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 407.277774] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 407.285451] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 407.293025] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 407.755202] Task in /syz3 killed as a result of limit of /syz3 [ 407.772775] memory: usage 307168kB, limit 307200kB, failcnt 5194 14:20:23 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xf}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 407.834806] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 407.843053] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 407.856422] Memory cgroup stats for /syz3: cache:20KB rss:295144KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:77432KB active_anon:9052KB inactive_file:4KB active_file:0KB unevictable:208876KB [ 407.878527] Memory cgroup out of memory: Kill process 11810 (syz-executor.3) score 1163 or sacrifice child [ 407.889604] Killed process 11810 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 407.920707] oom_reaper: reaped process 11810 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:20:24 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:24 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:24 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x29) 14:20:24 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x10}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:25 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x10d) [ 409.091683] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 409.103496] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 409.108993] CPU: 0 PID: 11870 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 409.116991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.126356] Call Trace: [ 409.128967] dump_stack+0x188/0x20d [ 409.132630] dump_header+0x159/0xa5e [ 409.136370] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 409.141488] ? ___ratelimit+0x59/0x573 [ 409.145402] oom_kill_process.cold+0x10/0x6dc [ 409.149918] ? task_will_free_mem+0x134/0x6d0 [ 409.154552] out_of_memory+0x349/0x1250 [ 409.158576] ? oom_killer_disable+0x270/0x270 [ 409.163181] mem_cgroup_out_of_memory+0x1c7/0x240 [ 409.170316] ? memcg_event_wake+0x210/0x210 [ 409.174674] ? do_raw_spin_unlock+0x171/0x260 [ 409.179193] try_charge+0xe22/0x1300 [ 409.182949] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 409.187888] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 409.192756] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 409.199120] ? mark_held_locks+0xf0/0xf0 [ 409.203549] mem_cgroup_try_charge+0x249/0x5c0 [ 409.208234] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 409.213294] __handle_mm_fault+0x1cfb/0x3b60 [ 409.217815] ? copy_page_range+0x1e70/0x1e70 [ 409.222246] ? count_memcg_event_mm+0x279/0x4c0 [ 409.226962] handle_mm_fault+0x1a5/0x670 [ 409.231061] __get_user_pages+0x599/0x1650 [ 409.235437] ? follow_page_mask+0x1a60/0x1a60 [ 409.239954] ? lock_acquire+0x170/0x400 [ 409.244071] populate_vma_page_range+0x1fd/0x290 [ 409.248866] __mm_populate+0x1e8/0x350 [ 409.252768] ? populate_vma_page_range+0x290/0x290 [ 409.257707] ? do_mlock+0x6b0/0x6b0 [ 409.261543] __x64_sys_mlockall+0x340/0x500 [ 409.266001] do_syscall_64+0xf9/0x620 [ 409.269829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 409.275037] RIP: 0033:0x45c479 [ 409.278244] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 409.297163] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 409.304887] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 409.312181] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 409.319472] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 409.326767] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 409.334041] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 409.342055] Task in /syz5 killed as a result of limit of /syz5 [ 409.348094] memory: usage 307200kB, limit 307200kB, failcnt 470 [ 409.354164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 409.360972] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 409.367181] Memory cgroup stats for /syz5: cache:0KB rss:297404KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273984KB active_anon:72KB inactive_file:4KB active_file:4KB unevictable:23584KB [ 409.388649] Memory cgroup out of memory: Kill process 11410 (syz-executor.5) score 1163 or sacrifice child [ 409.398541] Killed process 11410 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:20:25 executing program 2: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 409.566271] oom_reaper: reaped process 11410 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 409.684413] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 409.695875] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 409.701370] CPU: 1 PID: 11874 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 409.709257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 409.718876] Call Trace: [ 409.721504] dump_stack+0x188/0x20d [ 409.725158] dump_header+0x159/0xa5e [ 409.728881] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 409.734339] ? ___ratelimit+0x59/0x573 [ 409.738258] oom_kill_process.cold+0x10/0x6dc [ 409.742765] ? task_will_free_mem+0x134/0x6d0 [ 409.747271] out_of_memory+0x349/0x1250 [ 409.751257] ? oom_killer_disable+0x270/0x270 [ 409.755778] mem_cgroup_out_of_memory+0x1c7/0x240 [ 409.760632] ? memcg_event_wake+0x210/0x210 [ 409.764967] ? do_raw_spin_unlock+0x171/0x260 [ 409.769488] try_charge+0xe22/0x1300 [ 409.773225] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 409.778080] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 409.782933] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 409.789005] ? mark_held_locks+0xf0/0xf0 [ 409.793086] mem_cgroup_try_charge+0x249/0x5c0 [ 409.797688] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 409.802627] __handle_mm_fault+0x1cfb/0x3b60 [ 409.807043] ? copy_page_range+0x1e70/0x1e70 [ 409.811457] ? count_memcg_event_mm+0x279/0x4c0 [ 409.816165] handle_mm_fault+0x1a5/0x670 [ 409.820238] __get_user_pages+0x599/0x1650 [ 409.824588] ? follow_page_mask+0x1a60/0x1a60 [ 409.829099] ? lock_acquire+0x170/0x400 [ 409.833096] populate_vma_page_range+0x1fd/0x290 [ 409.837874] __mm_populate+0x1e8/0x350 [ 409.841769] ? populate_vma_page_range+0x290/0x290 [ 409.846697] ? do_mlock+0x6b0/0x6b0 [ 409.850355] __x64_sys_mlockall+0x340/0x500 [ 409.854683] do_syscall_64+0xf9/0x620 [ 409.858489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 409.863675] RIP: 0033:0x45c479 [ 409.866868] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 409.885853] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 409.893560] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 409.900826] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 409.908114] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 409.915382] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 409.922661] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 409.930654] Task in /syz2 killed as a result of limit of /syz2 [ 409.936683] memory: usage 307200kB, limit 307200kB, failcnt 6289 [ 409.942872] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 409.949678] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 409.955827] Memory cgroup stats for /syz2: cache:72KB rss:296176KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:108780KB active_anon:8976KB inactive_file:0KB active_file:4KB unevictable:178420KB [ 409.977642] Memory cgroup out of memory: Kill process 10536 (syz-executor.2) score 1163 or sacrifice child [ 409.987587] Killed process 10536 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 410.001143] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 410.013190] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 410.018747] CPU: 0 PID: 11870 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 410.026635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.036003] Call Trace: [ 410.038632] dump_stack+0x188/0x20d [ 410.042276] dump_header+0x159/0xa5e [ 410.045991] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 410.051107] ? ___ratelimit+0x59/0x573 [ 410.054996] oom_kill_process.cold+0x10/0x6dc [ 410.059512] ? task_will_free_mem+0x134/0x6d0 [ 410.064032] out_of_memory+0x349/0x1250 [ 410.068023] ? oom_killer_disable+0x270/0x270 [ 410.072543] mem_cgroup_out_of_memory+0x1c7/0x240 [ 410.077406] ? memcg_event_wake+0x210/0x210 [ 410.081751] ? do_raw_spin_unlock+0x171/0x260 [ 410.086243] try_charge+0xe22/0x1300 [ 410.089958] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 410.095002] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 410.099858] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 410.105913] ? retint_kernel+0x2d/0x2d [ 410.109830] ? __lock_acquire+0x6ee/0x49c0 [ 410.114078] mem_cgroup_try_charge+0x249/0x5c0 [ 410.118678] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 410.123636] wp_page_copy+0x3fe/0x1530 [ 410.127544] ? follow_pfn+0x260/0x260 [ 410.131423] ? __lock_acquire+0x6ee/0x49c0 [ 410.135683] do_wp_page+0x518/0xfa0 [ 410.139326] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 410.144024] __handle_mm_fault+0x21a4/0x3b60 [ 410.148448] ? copy_page_range+0x1e70/0x1e70 [ 410.152856] ? count_memcg_event_mm+0x279/0x4c0 [ 410.157548] handle_mm_fault+0x1a5/0x670 [ 410.161612] __get_user_pages+0x599/0x1650 [ 410.165858] ? follow_page_mask+0x1a60/0x1a60 [ 410.170346] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 410.175101] ? retint_kernel+0x2d/0x2d [ 410.178988] populate_vma_page_range+0x1fd/0x290 [ 410.183754] __mm_populate+0x1e8/0x350 [ 410.187637] ? populate_vma_page_range+0x290/0x290 [ 410.192553] ? do_mlock+0x6b0/0x6b0 [ 410.196182] __x64_sys_mlockall+0x340/0x500 [ 410.200499] do_syscall_64+0xf9/0x620 [ 410.204293] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 410.209488] RIP: 0033:0x45c479 [ 410.212673] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 410.231579] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 410.239277] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 410.246534] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 410.253793] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 410.261050] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 410.268309] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 410.276377] Task in /syz5 killed as a result of limit of /syz5 [ 410.282550] memory: usage 307200kB, limit 307200kB, failcnt 830 [ 410.288893] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 410.296054] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 410.302725] Memory cgroup stats for /syz5: cache:0KB rss:297256KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260600KB active_anon:60KB inactive_file:0KB active_file:4KB unevictable:36684KB [ 410.324306] Memory cgroup out of memory: Kill process 11869 (syz-executor.5) score 1233 or sacrifice child [ 410.334851] Killed process 11875 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 410.825810] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 410.837946] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 410.843356] CPU: 1 PID: 11874 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 410.851453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 410.861034] Call Trace: [ 410.863647] dump_stack+0x188/0x20d [ 410.868577] dump_header+0x159/0xa5e [ 410.872314] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 410.877448] ? ___ratelimit+0x59/0x573 [ 410.881357] oom_kill_process.cold+0x10/0x6dc [ 410.885879] ? task_will_free_mem+0x134/0x6d0 [ 410.890400] out_of_memory+0x349/0x1250 [ 410.894402] ? oom_killer_disable+0x270/0x270 [ 410.898934] mem_cgroup_out_of_memory+0x1c7/0x240 [ 410.903806] ? memcg_event_wake+0x210/0x210 [ 410.908326] ? do_raw_spin_unlock+0x171/0x260 [ 410.912835] try_charge+0xe22/0x1300 [ 410.916574] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 410.921439] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 410.926302] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 410.932379] ? mark_held_locks+0xf0/0xf0 [ 410.936453] mem_cgroup_try_charge+0x249/0x5c0 [ 410.941058] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 410.945997] __handle_mm_fault+0x1cfb/0x3b60 [ 410.950420] ? copy_page_range+0x1e70/0x1e70 [ 410.954837] ? count_memcg_event_mm+0x279/0x4c0 [ 410.959543] handle_mm_fault+0x1a5/0x670 [ 410.963617] __get_user_pages+0x599/0x1650 [ 410.967869] ? follow_page_mask+0x1a60/0x1a60 [ 410.972378] ? lock_acquire+0x170/0x400 [ 410.976364] populate_vma_page_range+0x1fd/0x290 [ 410.981481] __mm_populate+0x1e8/0x350 [ 410.985391] ? populate_vma_page_range+0x290/0x290 [ 410.990544] ? do_mlock+0x6b0/0x6b0 [ 410.994189] __x64_sys_mlockall+0x340/0x500 [ 410.998522] do_syscall_64+0xf9/0x620 [ 411.002338] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 411.007539] RIP: 0033:0x45c479 [ 411.010748] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 411.029751] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 411.037567] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 411.044890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 411.052179] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 411.059468] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 411.066749] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 411.074584] Task in /syz2 killed as a result of limit of /syz2 [ 411.080625] memory: usage 292320kB, limit 307200kB, failcnt 9138 [ 411.086785] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 411.093733] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 411.099922] Memory cgroup stats for /syz2: cache:72KB rss:281452KB rss_huge:172032KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:106780KB active_anon:8976KB inactive_file:4KB active_file:0KB unevictable:165716KB 14:20:27 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x11}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x300) [ 411.121489] Memory cgroup out of memory: Kill process 11871 (syz-executor.2) score 1169 or sacrifice child [ 411.131381] Killed process 11871 (syz-executor.2) total-vm:74700kB, anon-rss:16160kB, file-rss:39080kB, shmem-rss:0kB 14:20:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3e8) 14:20:27 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x12}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:27 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:27 executing program 2: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:27 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:27 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xd01) 14:20:28 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x1100) 14:20:28 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x64}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:28 executing program 2: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2900) 14:20:29 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 412.971107] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 413.043142] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 413.054442] CPU: 1 PID: 11907 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 413.062887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.072466] Call Trace: [ 413.075070] dump_stack+0x188/0x20d [ 413.078821] dump_header+0x159/0xa5e [ 413.082641] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 413.087769] ? ___ratelimit+0x59/0x573 [ 413.091793] oom_kill_process.cold+0x10/0x6dc [ 413.096402] ? task_will_free_mem+0x134/0x6d0 [ 413.100998] out_of_memory+0x349/0x1250 [ 413.105012] ? oom_killer_disable+0x270/0x270 [ 413.109573] mem_cgroup_out_of_memory+0x1c7/0x240 [ 413.114451] ? memcg_event_wake+0x210/0x210 [ 413.118811] ? do_raw_spin_unlock+0x171/0x260 [ 413.123344] try_charge+0xe22/0x1300 [ 413.127077] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 413.131942] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 413.136798] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 413.142881] ? mark_held_locks+0xf0/0xf0 [ 413.150269] mem_cgroup_try_charge+0x249/0x5c0 [ 413.154872] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 413.159834] __handle_mm_fault+0x1cfb/0x3b60 [ 413.164252] ? copy_page_range+0x1e70/0x1e70 [ 413.168666] ? count_memcg_event_mm+0x279/0x4c0 [ 413.173377] handle_mm_fault+0x1a5/0x670 [ 413.177452] __get_user_pages+0x599/0x1650 [ 413.181699] ? follow_page_mask+0x1a60/0x1a60 [ 413.186480] ? lock_acquire+0x170/0x400 [ 413.190634] populate_vma_page_range+0x1fd/0x290 [ 413.195395] __mm_populate+0x1e8/0x350 [ 413.199300] ? populate_vma_page_range+0x290/0x290 [ 413.204225] ? do_mlock+0x6b0/0x6b0 [ 413.207863] __x64_sys_mlockall+0x340/0x500 [ 413.212189] do_syscall_64+0xf9/0x620 [ 413.216174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 413.221642] RIP: 0033:0x45c479 14:20:29 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 413.224869] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 413.245406] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 413.253139] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 413.260428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 413.267703] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 413.274984] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 413.282273] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 413.338348] Task in /syz3 killed as a result of limit of /syz3 [ 413.344555] memory: usage 307200kB, limit 307200kB, failcnt 5220 [ 413.351010] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 413.357894] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 413.364149] Memory cgroup stats for /syz3: cache:20KB rss:295460KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:77432KB active_anon:9052KB inactive_file:4KB active_file:0KB unevictable:209224KB 14:20:29 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x14d}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 413.443762] Memory cgroup out of memory: Kill process 11885 (syz-executor.3) score 1163 or sacrifice child 14:20:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f00) [ 413.497872] Killed process 11885 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 413.592977] oom_reaper: reaped process 11885 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 413.613827] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 413.630071] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 413.635493] CPU: 0 PID: 11925 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 413.643572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.652939] Call Trace: [ 413.655545] dump_stack+0x188/0x20d [ 413.659285] dump_header+0x159/0xa5e [ 413.663139] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 413.668264] ? ___ratelimit+0x59/0x573 [ 413.672165] oom_kill_process.cold+0x10/0x6dc [ 413.676672] ? task_will_free_mem+0x134/0x6d0 [ 413.681197] out_of_memory+0x349/0x1250 [ 413.685191] ? oom_killer_disable+0x270/0x270 [ 413.690007] mem_cgroup_out_of_memory+0x1c7/0x240 [ 413.694890] ? memcg_event_wake+0x210/0x210 [ 413.699254] ? do_raw_spin_unlock+0x171/0x260 [ 413.703755] try_charge+0xe22/0x1300 [ 413.707502] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 413.712371] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 413.717247] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 413.723370] ? mark_held_locks+0xf0/0xf0 [ 413.727466] mem_cgroup_try_charge+0x249/0x5c0 [ 413.732076] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 413.737030] __handle_mm_fault+0x1cfb/0x3b60 [ 413.741700] ? copy_page_range+0x1e70/0x1e70 [ 413.746124] ? count_memcg_event_mm+0x279/0x4c0 [ 413.750837] handle_mm_fault+0x1a5/0x670 [ 413.754936] __get_user_pages+0x599/0x1650 [ 413.759226] ? follow_page_mask+0x1a60/0x1a60 [ 413.763751] ? lock_acquire+0x170/0x400 [ 413.767760] populate_vma_page_range+0x1fd/0x290 [ 413.772537] __mm_populate+0x1e8/0x350 [ 413.776450] ? populate_vma_page_range+0x290/0x290 [ 413.781396] ? do_mlock+0x6b0/0x6b0 [ 413.785053] __x64_sys_mlockall+0x340/0x500 [ 413.789398] do_syscall_64+0xf9/0x620 [ 413.793221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 413.798969] RIP: 0033:0x45c479 [ 413.802180] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 413.821194] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 413.829723] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 413.837008] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 413.845635] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 413.853108] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 413.860916] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 413.869796] Task in /syz2 killed as a result of limit of /syz2 [ 413.875890] memory: usage 307200kB, limit 307200kB, failcnt 9179 [ 413.882220] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 413.889182] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 413.895423] Memory cgroup stats for /syz2: cache:72KB rss:296092KB rss_huge:176128KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:122984KB active_anon:8976KB inactive_file:4KB active_file:0KB unevictable:164140KB [ 413.917226] Memory cgroup out of memory: Kill process 10692 (syz-executor.2) score 1163 or sacrifice child [ 413.927255] Killed process 10692 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 413.939094] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 413.950589] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 413.955968] CPU: 1 PID: 11935 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 413.964355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 413.973697] Call Trace: [ 413.976286] dump_stack+0x188/0x20d [ 413.979913] dump_header+0x159/0xa5e [ 413.983621] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 413.988712] ? ___ratelimit+0x59/0x573 [ 413.992592] oom_kill_process.cold+0x10/0x6dc [ 413.997091] ? task_will_free_mem+0x134/0x6d0 [ 414.001579] out_of_memory+0x349/0x1250 [ 414.005548] ? oom_killer_disable+0x270/0x270 [ 414.010043] mem_cgroup_out_of_memory+0x1c7/0x240 [ 414.014876] ? memcg_event_wake+0x210/0x210 [ 414.019197] ? do_raw_spin_unlock+0x171/0x260 [ 414.023680] try_charge+0xe22/0x1300 [ 414.027405] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 414.032240] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 414.037257] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 414.043306] ? mark_held_locks+0xf0/0xf0 [ 414.047380] mem_cgroup_try_charge+0x249/0x5c0 [ 414.051971] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 414.056892] __handle_mm_fault+0x1cfb/0x3b60 [ 414.061295] ? copy_page_range+0x1e70/0x1e70 [ 414.065730] ? count_memcg_event_mm+0x279/0x4c0 [ 414.071292] handle_mm_fault+0x1a5/0x670 [ 414.075349] __get_user_pages+0x599/0x1650 [ 414.079587] ? follow_page_mask+0x1a60/0x1a60 [ 414.084078] ? lock_acquire+0x170/0x400 [ 414.088047] populate_vma_page_range+0x1fd/0x290 [ 414.092805] __mm_populate+0x1e8/0x350 [ 414.096688] ? populate_vma_page_range+0x290/0x290 [ 414.101607] ? do_mlock+0x6b0/0x6b0 [ 414.105263] __x64_sys_mlockall+0x340/0x500 [ 414.109753] do_syscall_64+0xf9/0x620 [ 414.113548] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 414.118743] RIP: 0033:0x45c479 [ 414.121974] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 414.140970] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 414.148688] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 414.155950] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 414.163208] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 414.170730] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 414.177993] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 414.187563] Task in /syz5 killed as a result of limit of /syz5 [ 414.193844] memory: usage 307200kB, limit 307200kB, failcnt 849 [ 414.199922] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 414.206663] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 414.212829] Memory cgroup stats for /syz5: cache:0KB rss:297344KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273980KB active_anon:72KB inactive_file:4KB active_file:4KB unevictable:23408KB [ 414.233910] Memory cgroup out of memory: Kill process 11705 (syz-executor.5) score 1163 or sacrifice child [ 414.243761] Killed process 11705 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 415.508307] sched: RT throttling activated [ 415.516240] oom_reaper: reaped process 10692 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 415.552631] oom_reaper: reaped process 11705 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 415.579113] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 415.590400] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 415.595790] CPU: 1 PID: 11935 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 415.603673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.613027] Call Trace: [ 415.615707] dump_stack+0x188/0x20d [ 415.619358] dump_header+0x159/0xa5e [ 415.623156] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 415.628675] ? ___ratelimit+0x59/0x573 [ 415.632614] oom_kill_process.cold+0x10/0x6dc [ 415.637156] ? task_will_free_mem+0x134/0x6d0 [ 415.641705] out_of_memory+0x349/0x1250 [ 415.645706] ? oom_killer_disable+0x270/0x270 [ 415.650233] mem_cgroup_out_of_memory+0x1c7/0x240 [ 415.655092] ? memcg_event_wake+0x210/0x210 [ 415.659436] ? do_raw_spin_unlock+0x171/0x260 [ 415.664056] try_charge+0xe22/0x1300 [ 415.667788] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 415.672731] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 415.677600] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 415.683674] ? mark_held_locks+0xf0/0xf0 [ 415.687765] mem_cgroup_try_charge+0x249/0x5c0 [ 415.692728] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 415.697687] __handle_mm_fault+0x1cfb/0x3b60 [ 415.702242] ? copy_page_range+0x1e70/0x1e70 [ 415.706679] ? count_memcg_event_mm+0x279/0x4c0 [ 415.711387] handle_mm_fault+0x1a5/0x670 [ 415.715477] __get_user_pages+0x599/0x1650 [ 415.719778] ? follow_page_mask+0x1a60/0x1a60 [ 415.724317] ? lock_acquire+0x170/0x400 [ 415.728311] populate_vma_page_range+0x1fd/0x290 [ 415.733093] __mm_populate+0x1e8/0x350 [ 415.737100] ? populate_vma_page_range+0x290/0x290 [ 415.742065] ? do_mlock+0x6b0/0x6b0 [ 415.745711] __x64_sys_mlockall+0x340/0x500 [ 415.750046] do_syscall_64+0xf9/0x620 [ 415.753871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 415.759070] RIP: 0033:0x45c479 [ 415.762271] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 415.781184] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 415.788912] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 415.796193] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 415.803484] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 415.810765] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 415.818045] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 415.825493] Task in /syz5 killed as a result of limit of /syz5 [ 415.831672] memory: usage 307200kB, limit 307200kB, failcnt 7729 [ 415.837996] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 415.844793] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:20:31 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:31 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x177}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:31 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 415.851111] Memory cgroup stats for /syz5: cache:0KB rss:293296KB rss_huge:26624KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:259720KB active_anon:60KB inactive_file:4KB active_file:4KB unevictable:33580KB [ 415.872324] Memory cgroup out of memory: Kill process 11933 (syz-executor.5) score 1166 or sacrifice child [ 415.882987] Killed process 11933 (syz-executor.5) total-vm:74700kB, anon-rss:15092kB, file-rss:39080kB, shmem-rss:0kB [ 415.894219] oom_reaper: reaped process 11933 (syz-executor.5), now anon-rss:15176kB, file-rss:40052kB, shmem-rss:0kB [ 416.816249] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 416.827784] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 416.833594] CPU: 1 PID: 11925 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 416.841499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.850961] Call Trace: [ 416.853569] dump_stack+0x188/0x20d [ 416.857207] dump_header+0x159/0xa5e [ 416.860929] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 416.866047] ? ___ratelimit+0x59/0x573 [ 416.869946] oom_kill_process.cold+0x10/0x6dc [ 416.874454] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 416.879218] ? task_will_free_mem+0x134/0x6d0 [ 416.883741] out_of_memory+0x349/0x1250 [ 416.887727] ? oom_killer_disable+0x270/0x270 [ 416.892241] mem_cgroup_out_of_memory+0x1c7/0x240 [ 416.897114] ? memcg_event_wake+0x210/0x210 [ 416.901449] ? do_raw_spin_unlock+0x171/0x260 [ 416.905949] try_charge+0xe22/0x1300 [ 416.909685] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 416.914537] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 416.919392] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 416.925469] mem_cgroup_try_charge+0x249/0x5c0 [ 416.930062] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 416.935004] wp_page_copy+0x3fe/0x1530 [ 416.938918] ? follow_pfn+0x260/0x260 [ 416.942722] ? __lock_acquire+0x6ee/0x49c0 [ 416.946965] do_wp_page+0x518/0xfa0 [ 416.950603] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 416.955302] __handle_mm_fault+0x21a4/0x3b60 [ 416.959719] ? copy_page_range+0x1e70/0x1e70 [ 416.964132] ? count_memcg_event_mm+0x279/0x4c0 [ 416.968826] handle_mm_fault+0x1a5/0x670 [ 416.972920] __get_user_pages+0x599/0x1650 [ 416.977170] ? follow_page_mask+0x1a60/0x1a60 [ 416.981688] ? lock_acquire+0x1ec/0x400 [ 416.985670] populate_vma_page_range+0x1fd/0x290 [ 416.990453] __mm_populate+0x1e8/0x350 [ 416.994350] ? populate_vma_page_range+0x290/0x290 [ 416.999286] ? do_mlock+0x6b0/0x6b0 [ 417.002926] __x64_sys_mlockall+0x340/0x500 [ 417.007278] do_syscall_64+0xf9/0x620 [ 417.011090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 417.016291] RIP: 0033:0x45c479 [ 417.020271] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 417.039177] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 417.046894] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 417.054205] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 417.061479] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 417.068763] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 417.076048] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 417.084731] Task in /syz2 killed as a result of limit of /syz2 [ 417.091759] memory: usage 307200kB, limit 307200kB, failcnt 16624 [ 417.098449] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.105419] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.111900] Memory cgroup stats for /syz2: cache:72KB rss:295924KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:131472KB active_anon:8960KB inactive_file:4KB active_file:0KB unevictable:155600KB [ 417.134182] Memory cgroup out of memory: Kill process 11924 (syz-executor.2) score 1233 or sacrifice child [ 417.144531] Killed process 11953 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 417.226775] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 417.238572] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 417.244272] CPU: 0 PID: 11957 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 417.252168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.261559] Call Trace: [ 417.264277] dump_stack+0x188/0x20d [ 417.267934] dump_header+0x159/0xa5e [ 417.271703] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 417.276830] ? ___ratelimit+0x59/0x573 [ 417.280755] oom_kill_process.cold+0x10/0x6dc [ 417.285277] ? task_will_free_mem+0x134/0x6d0 [ 417.289806] out_of_memory+0x349/0x1250 [ 417.293810] ? oom_killer_disable+0x270/0x270 [ 417.298328] mem_cgroup_out_of_memory+0x1c7/0x240 [ 417.303446] ? memcg_event_wake+0x210/0x210 [ 417.307803] ? do_raw_spin_unlock+0x171/0x260 [ 417.312307] try_charge+0xe22/0x1300 [ 417.316207] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 417.321319] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 417.326174] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 417.332231] ? retint_kernel+0x2d/0x2d [ 417.336133] mem_cgroup_try_charge+0x249/0x5c0 [ 417.340731] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 417.345667] wp_page_copy+0x3fe/0x1530 [ 417.349565] ? follow_pfn+0x260/0x260 [ 417.353367] ? __sanitizer_cov_trace_const_cmp8+0x4/0x20 [ 417.358937] do_wp_page+0x518/0xfa0 [ 417.362569] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 417.367243] __handle_mm_fault+0x21a4/0x3b60 [ 417.371655] ? copy_page_range+0x1e70/0x1e70 [ 417.376078] ? count_memcg_event_mm+0x279/0x4c0 [ 417.380767] handle_mm_fault+0x1a5/0x670 [ 417.384833] __get_user_pages+0x599/0x1650 [ 417.389247] ? follow_page_mask+0x1a60/0x1a60 [ 417.393740] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 417.398512] ? retint_kernel+0x2d/0x2d [ 417.402409] populate_vma_page_range+0x1fd/0x290 [ 417.407169] __mm_populate+0x1e8/0x350 [ 417.411079] ? populate_vma_page_range+0x290/0x290 [ 417.416270] ? up_write+0x4c/0x150 [ 417.419812] __x64_sys_mlockall+0x340/0x500 [ 417.424138] do_syscall_64+0xf9/0x620 [ 417.427968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 417.433160] RIP: 0033:0x45c479 [ 417.436355] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 417.455527] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 417.463325] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 417.470769] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 417.478216] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 417.486003] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 417.493358] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 417.501629] Task in /syz3 killed as a result of limit of /syz3 [ 417.507892] memory: usage 307200kB, limit 307200kB, failcnt 5259 [ 417.514133] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.521612] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.528038] Memory cgroup stats for /syz3: cache:20KB rss:295660KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:71788KB active_anon:9044KB inactive_file:4KB active_file:4KB unevictable:214992KB [ 417.550033] Memory cgroup out of memory: Kill process 11954 (syz-executor.3) score 1233 or sacrifice child [ 417.560286] Killed process 11960 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000) 14:20:32 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x29a}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 417.601884] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 417.613883] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 417.619534] CPU: 1 PID: 11957 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 417.627433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.636802] Call Trace: [ 417.639421] dump_stack+0x188/0x20d [ 417.643056] dump_header+0x159/0xa5e [ 417.646894] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 417.652142] ? ___ratelimit+0x59/0x573 [ 417.656058] oom_kill_process.cold+0x10/0x6dc [ 417.660656] ? task_will_free_mem+0x134/0x6d0 [ 417.665173] out_of_memory+0x349/0x1250 [ 417.669166] ? oom_killer_disable+0x270/0x270 [ 417.673867] mem_cgroup_out_of_memory+0x1c7/0x240 [ 417.678809] ? memcg_event_wake+0x210/0x210 [ 417.683137] ? do_raw_spin_unlock+0x171/0x260 [ 417.687643] try_charge+0xe22/0x1300 [ 417.691451] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 417.696316] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 417.701161] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 417.707225] ? retint_kernel+0x2d/0x2d [ 417.711131] mem_cgroup_try_charge+0x249/0x5c0 [ 417.715814] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 417.720761] wp_page_copy+0x3fe/0x1530 [ 417.724654] ? follow_pfn+0x260/0x260 [ 417.728462] ? __sanitizer_cov_trace_const_cmp8+0x4/0x20 [ 417.733913] do_wp_page+0x518/0xfa0 [ 417.737698] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 417.742372] __handle_mm_fault+0x21a4/0x3b60 [ 417.747319] ? copy_page_range+0x1e70/0x1e70 [ 417.751725] ? count_memcg_event_mm+0x279/0x4c0 [ 417.756601] handle_mm_fault+0x1a5/0x670 [ 417.761837] __get_user_pages+0x599/0x1650 [ 417.766090] ? follow_page_mask+0x1a60/0x1a60 [ 417.770593] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 417.775372] ? retint_kernel+0x2d/0x2d [ 417.779274] populate_vma_page_range+0x1fd/0x290 [ 417.784145] __mm_populate+0x1e8/0x350 [ 417.788034] ? populate_vma_page_range+0x290/0x290 [ 417.792991] ? up_write+0x4c/0x150 [ 417.796544] __x64_sys_mlockall+0x340/0x500 [ 417.800911] do_syscall_64+0xf9/0x620 [ 417.804726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 417.809923] RIP: 0033:0x45c479 [ 417.813115] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 417.832117] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 417.839961] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 417.847224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 417.854505] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 417.861914] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 417.869542] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 417.879583] Task in /syz3 killed as a result of limit of /syz3 [ 417.885846] memory: usage 294452kB, limit 307200kB, failcnt 5277 [ 417.892246] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.899226] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 417.905478] Memory cgroup stats for /syz3: cache:20KB rss:283036KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:59048KB active_anon:9036KB inactive_file:8KB active_file:0KB unevictable:214992KB [ 417.930012] Memory cgroup out of memory: Kill process 11954 (syz-executor.3) score 1233 or sacrifice child [ 417.940225] Killed process 11954 (syz-executor.3) total-vm:74832kB, anon-rss:18304kB, file-rss:56432kB, shmem-rss:0kB [ 417.953677] oom_reaper: reaped process 11954 (syz-executor.3), now anon-rss:18304kB, file-rss:56424kB, shmem-rss:0kB 14:20:34 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:34 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:34 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x300}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xe803) 14:20:34 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:34 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 418.566403] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 418.577999] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 418.583648] CPU: 0 PID: 11973 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 418.591539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.602392] Call Trace: [ 418.605002] dump_stack+0x188/0x20d [ 418.608848] dump_header+0x159/0xa5e [ 418.612665] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 418.617777] ? ___ratelimit+0x59/0x573 [ 418.621686] oom_kill_process.cold+0x10/0x6dc [ 418.626193] ? out_of_memory+0x2fc/0x1250 [ 418.630356] out_of_memory+0x349/0x1250 [ 418.634362] ? oom_killer_disable+0x270/0x270 [ 418.639048] mem_cgroup_out_of_memory+0x1c7/0x240 [ 418.643895] ? memcg_event_wake+0x210/0x210 [ 418.648325] ? do_raw_spin_unlock+0x171/0x260 [ 418.652838] try_charge+0xe22/0x1300 [ 418.656562] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 418.661412] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 418.666262] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 418.673195] ? lock_downgrade+0x740/0x740 [ 418.677361] mem_cgroup_try_charge+0x249/0x5c0 [ 418.682302] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 418.687251] do_huge_pmd_wp_page+0x921/0x32f0 [ 418.692835] ? mark_held_locks+0xa6/0xf0 [ 418.696920] ? __split_huge_pmd+0x29c0/0x29c0 [ 418.701435] ? pmd_val+0x7c/0xf0 [ 418.704819] ? add_mm_counter_fast.part.0+0x40/0x40 [ 418.709966] __handle_mm_fault+0x1561/0x3b60 [ 418.714378] ? copy_page_range+0x1e70/0x1e70 [ 418.718796] ? count_memcg_event_mm+0x279/0x4c0 [ 418.723503] handle_mm_fault+0x1a5/0x670 [ 418.727576] __get_user_pages+0x599/0x1650 [ 418.731822] ? follow_page_mask+0x1a60/0x1a60 [ 418.736405] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 418.741340] ? retint_kernel+0x2d/0x2d [ 418.745262] populate_vma_page_range+0x1fd/0x290 [ 418.750110] __mm_populate+0x1e8/0x350 [ 418.754001] ? populate_vma_page_range+0x290/0x290 [ 418.759189] ? do_mlock+0x6b0/0x6b0 [ 418.762825] __x64_sys_mlockall+0x340/0x500 [ 418.767151] do_syscall_64+0xf9/0x620 [ 418.770963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 418.776677] RIP: 0033:0x45c479 [ 418.779885] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 418.798930] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 418.806648] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 418.813923] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 418.821191] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 418.828480] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 418.835747] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 418.845304] Task in /syz5 killed as a result of limit of /syz5 [ 418.851551] memory: usage 307200kB, limit 307200kB, failcnt 7755 [ 418.857740] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 418.864859] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 418.872315] Memory cgroup stats for /syz5: cache:0KB rss:296048KB rss_huge:34816KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:257232KB active_anon:48KB inactive_file:8KB active_file:4KB unevictable:38864KB [ 418.894804] Memory cgroup out of memory: Kill process 11972 (syz-executor.5) score 1233 or sacrifice child [ 418.904947] Killed process 11977 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 421.041226] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 421.052913] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 421.058553] CPU: 1 PID: 11982 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 421.066606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.076583] Call Trace: [ 421.079189] dump_stack+0x188/0x20d [ 421.082826] dump_header+0x159/0xa5e [ 421.086546] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 421.091659] ? ___ratelimit+0x59/0x573 [ 421.095550] oom_kill_process.cold+0x10/0x6dc [ 421.100135] ? task_will_free_mem+0x134/0x6d0 [ 421.104643] out_of_memory+0x349/0x1250 [ 421.108626] ? oom_killer_disable+0x270/0x270 [ 421.113136] mem_cgroup_out_of_memory+0x1c7/0x240 [ 421.117981] ? memcg_event_wake+0x210/0x210 [ 421.122320] ? do_raw_spin_unlock+0x171/0x260 [ 421.126823] try_charge+0xe22/0x1300 [ 421.130654] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 421.135588] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 421.140435] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 421.146509] mem_cgroup_try_charge+0x249/0x5c0 [ 421.151206] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 421.156141] wp_page_copy+0x3fe/0x1530 [ 421.160034] ? mark_held_locks+0xa6/0xf0 [ 421.164120] ? follow_pfn+0x260/0x260 [ 421.167948] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 421.172706] do_wp_page+0x518/0xfa0 [ 421.176336] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 421.181012] __handle_mm_fault+0x21a4/0x3b60 [ 421.186737] ? copy_page_range+0x1e70/0x1e70 [ 421.191328] ? count_memcg_event_mm+0x279/0x4c0 [ 421.196018] handle_mm_fault+0x1a5/0x670 [ 421.200081] __get_user_pages+0x599/0x1650 [ 421.204510] ? follow_page_mask+0x1a60/0x1a60 [ 421.209007] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 421.213772] ? lock_acquire+0x170/0x400 [ 421.217779] populate_vma_page_range+0x1fd/0x290 [ 421.222539] __mm_populate+0x1e8/0x350 [ 421.226433] ? populate_vma_page_range+0x290/0x290 [ 421.231360] ? do_mlock+0x6b0/0x6b0 [ 421.235015] __x64_sys_mlockall+0x340/0x500 [ 421.239578] do_syscall_64+0xf9/0x620 [ 421.243565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 421.248850] RIP: 0033:0x45c479 [ 421.252053] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 421.270966] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 421.278687] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 421.285985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 421.293268] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 421.300542] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 421.308247] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 421.316233] Task in /syz2 killed as a result of limit of /syz2 [ 421.322457] memory: usage 307200kB, limit 307200kB, failcnt 16736 [ 421.328855] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 421.335724] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 421.342351] Memory cgroup stats for /syz2: cache:72KB rss:295940KB rss_huge:157696KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:133684KB active_anon:8960KB inactive_file:0KB active_file:4KB unevictable:153420KB [ 421.364443] Memory cgroup out of memory: Kill process 11981 (syz-executor.2) score 1233 or sacrifice child [ 421.374660] Killed process 11990 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x80ffff) [ 421.716439] oom_reaper: reaped process 11977 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:20:37 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x500}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:37 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:38 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x1000000) 14:20:38 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x600}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 422.539309] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 422.550787] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 422.556416] CPU: 0 PID: 11998 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 422.564306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.573671] Call Trace: [ 422.576284] dump_stack+0x188/0x20d [ 422.579936] dump_header+0x159/0xa5e [ 422.583671] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 14:20:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x10d0000) [ 422.588791] ? ___ratelimit+0x59/0x573 [ 422.592698] oom_kill_process.cold+0x10/0x6dc [ 422.597218] ? out_of_memory+0x19f/0x1250 [ 422.601386] out_of_memory+0x349/0x1250 [ 422.605582] ? css_next_descendant_pre+0x7f/0x180 [ 422.610560] ? oom_killer_disable+0x270/0x270 [ 422.615089] mem_cgroup_out_of_memory+0x1c7/0x240 [ 422.619961] ? memcg_event_wake+0x210/0x210 [ 422.624311] ? do_raw_spin_unlock+0x171/0x260 [ 422.628831] try_charge+0xe22/0x1300 [ 422.632567] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 14:20:38 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 422.637433] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 422.642389] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 422.648480] mem_cgroup_try_charge+0x249/0x5c0 [ 422.653089] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 422.658049] wp_page_copy+0x3fe/0x1530 [ 422.661991] ? mark_held_locks+0xa6/0xf0 [ 422.666087] ? follow_pfn+0x260/0x260 [ 422.669910] ? __lock_acquire+0x6ee/0x49c0 [ 422.674169] do_wp_page+0x518/0xfa0 [ 422.677811] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 422.682700] __handle_mm_fault+0x21a4/0x3b60 [ 422.687129] ? copy_page_range+0x1e70/0x1e70 [ 422.691562] ? count_memcg_event_mm+0x279/0x4c0 [ 422.696277] handle_mm_fault+0x1a5/0x670 [ 422.700360] __get_user_pages+0x599/0x1650 [ 422.704617] ? follow_page_mask+0x1a60/0x1a60 [ 422.709130] ? populate_vma_page_range+0x10e/0x290 [ 422.714056] populate_vma_page_range+0x1fd/0x290 [ 422.718809] __mm_populate+0x1e8/0x350 [ 422.722690] ? populate_vma_page_range+0x290/0x290 [ 422.727611] ? do_mlock+0x6b0/0x6b0 [ 422.731243] __x64_sys_mlockall+0x340/0x500 [ 422.735560] do_syscall_64+0xf9/0x620 [ 422.739357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 422.744535] RIP: 0033:0x45c479 [ 422.747720] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 422.766632] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 422.774338] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 422.781605] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 422.788863] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 422.796121] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 422.803396] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 422.811979] Task in /syz3 killed as a result of limit of /syz3 [ 422.818081] memory: usage 307200kB, limit 307200kB, failcnt 5304 [ 422.824237] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 422.831179] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 422.837421] Memory cgroup stats for /syz3: cache:20KB rss:295976KB rss_huge:215040KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:66108KB active_anon:9036KB inactive_file:0KB active_file:4KB unevictable:221004KB [ 422.858965] Memory cgroup out of memory: Kill process 11997 (syz-executor.3) score 1233 or sacrifice child [ 422.869219] Killed process 12004 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:39 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:39 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2000000) 14:20:39 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 423.563306] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 423.574922] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 423.580783] CPU: 1 PID: 12018 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 423.588680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.598222] Call Trace: [ 423.600840] dump_stack+0x188/0x20d [ 423.604485] dump_header+0x159/0xa5e [ 423.608217] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 423.613339] ? ___ratelimit+0x59/0x573 [ 423.617244] oom_kill_process.cold+0x10/0x6dc [ 423.621756] ? task_will_free_mem+0x134/0x6d0 [ 423.632224] out_of_memory+0x349/0x1250 [ 423.636227] ? oom_killer_disable+0x270/0x270 [ 423.640760] mem_cgroup_out_of_memory+0x1c7/0x240 [ 423.645627] ? memcg_event_wake+0x210/0x210 [ 423.650002] ? do_raw_spin_unlock+0x171/0x260 [ 423.654516] try_charge+0xe22/0x1300 [ 423.658265] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 423.663127] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 423.667996] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 423.674080] ? retint_kernel+0x2d/0x2d [ 423.678000] mem_cgroup_try_charge+0x249/0x5c0 [ 423.682610] ? mem_cgroup_try_charge+0xf/0x5c0 [ 423.687216] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 423.692352] wp_page_copy+0x3fe/0x1530 [ 423.696265] ? follow_pfn+0x260/0x260 [ 423.700423] ? __lock_acquire+0x6ee/0x49c0 [ 423.704672] do_wp_page+0x518/0xfa0 [ 423.708308] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 423.712992] __handle_mm_fault+0x21a4/0x3b60 [ 423.717411] ? copy_page_range+0x1e70/0x1e70 [ 423.721845] ? count_memcg_event_mm+0x279/0x4c0 [ 423.726542] handle_mm_fault+0x1a5/0x670 [ 423.730828] __get_user_pages+0x599/0x1650 [ 423.735079] ? follow_page_mask+0x1a60/0x1a60 [ 423.739580] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 423.744343] ? retint_kernel+0x2d/0x2d [ 423.748244] populate_vma_page_range+0x1fd/0x290 [ 423.753021] __mm_populate+0x1e8/0x350 [ 423.756958] ? populate_vma_page_range+0x290/0x290 [ 423.761905] ? do_mlock+0x6b0/0x6b0 [ 423.765558] __x64_sys_mlockall+0x340/0x500 [ 423.769899] do_syscall_64+0xf9/0x620 [ 423.773731] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 423.778931] RIP: 0033:0x45c479 [ 423.782139] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 423.801048] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 423.808782] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 423.816230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 423.823510] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 423.831218] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 423.838617] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 423.847760] Task in /syz2 killed as a result of limit of /syz2 [ 423.853946] memory: usage 307200kB, limit 307200kB, failcnt 16760 [ 423.860367] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 423.867228] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 423.873607] Memory cgroup stats for /syz2: cache:72KB rss:296008KB rss_huge:169984KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:127512KB active_anon:8960KB inactive_file:4KB active_file:0KB unevictable:159564KB [ 423.895967] Memory cgroup out of memory: Kill process 12016 (syz-executor.2) score 1233 or sacrifice child [ 423.905932] Killed process 12023 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:40 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 424.425213] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 424.437150] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 424.443042] CPU: 0 PID: 12037 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 424.451040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 424.460516] Call Trace: [ 424.463120] dump_stack+0x188/0x20d [ 424.466773] dump_header+0x159/0xa5e [ 424.470506] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 424.475635] ? ___ratelimit+0x59/0x573 [ 424.479544] oom_kill_process.cold+0x10/0x6dc [ 424.484055] ? task_will_free_mem+0x134/0x6d0 [ 424.488575] out_of_memory+0x349/0x1250 [ 424.492568] ? oom_killer_disable+0x270/0x270 [ 424.497089] mem_cgroup_out_of_memory+0x1c7/0x240 [ 424.501949] ? memcg_event_wake+0x210/0x210 [ 424.506309] ? do_raw_spin_unlock+0x171/0x260 [ 424.510918] try_charge+0xe22/0x1300 [ 424.514641] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 424.519492] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 424.524335] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 424.530507] mem_cgroup_try_charge+0x249/0x5c0 [ 424.535108] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 424.540055] wp_page_copy+0x3fe/0x1530 [ 424.543951] ? follow_pfn+0x260/0x260 [ 424.547760] ? __lock_acquire+0x6ee/0x49c0 [ 424.552000] do_wp_page+0x518/0xfa0 [ 424.555644] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 424.560314] __handle_mm_fault+0x21a4/0x3b60 [ 424.564762] ? copy_page_range+0x1e70/0x1e70 [ 424.569187] ? count_memcg_event_mm+0x279/0x4c0 [ 424.573882] handle_mm_fault+0x1a5/0x670 [ 424.578132] __get_user_pages+0x599/0x1650 [ 424.582382] ? follow_page_mask+0x1a60/0x1a60 [ 424.586892] ? __get_user_pages+0x3f6/0x1650 [ 424.591747] populate_vma_page_range+0x1fd/0x290 [ 424.596528] __mm_populate+0x1e8/0x350 [ 424.600430] ? populate_vma_page_range+0x290/0x290 [ 424.605392] ? do_mlock+0x6b0/0x6b0 [ 424.609026] __x64_sys_mlockall+0x340/0x500 [ 424.613376] do_syscall_64+0xf9/0x620 [ 424.617277] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 424.622476] RIP: 0033:0x45c479 [ 424.625693] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 424.644714] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 424.652585] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 424.659906] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 424.669273] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 14:20:40 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x900}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:40 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3000000) [ 424.676580] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 424.683983] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 424.695306] Task in /syz3 killed as a result of limit of /syz3 [ 424.701624] memory: usage 307200kB, limit 307200kB, failcnt 5333 [ 424.708309] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 424.715225] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 424.721660] Memory cgroup stats for /syz3: cache:20KB rss:296120KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72252KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 424.743993] Memory cgroup out of memory: Kill process 12034 (syz-executor.3) score 1233 or sacrifice child [ 424.754325] Killed process 12040 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:41 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xa00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:41 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:41 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000000) 14:20:41 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:41 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x11000000) 14:20:42 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:42 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:42 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xe00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:42 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xf00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:42 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x29000000) 14:20:42 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:43 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 427.030194] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 427.041532] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 427.046923] CPU: 1 PID: 12095 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 427.054806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.064164] Call Trace: [ 427.066769] dump_stack+0x188/0x20d [ 427.070415] dump_header+0x159/0xa5e [ 427.074583] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 427.079693] ? ___ratelimit+0x59/0x573 [ 427.083591] oom_kill_process.cold+0x10/0x6dc [ 427.088102] ? task_will_free_mem+0x134/0x6d0 [ 427.092642] out_of_memory+0x349/0x1250 [ 427.096626] ? oom_killer_disable+0x270/0x270 [ 427.101164] mem_cgroup_out_of_memory+0x1c7/0x240 [ 427.106277] ? memcg_event_wake+0x210/0x210 [ 427.110612] ? do_raw_spin_unlock+0x171/0x260 [ 427.115113] try_charge+0xe22/0x1300 [ 427.118845] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 427.123715] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 427.128591] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 427.134765] ? mark_held_locks+0xf0/0xf0 [ 427.138856] mem_cgroup_try_charge+0x249/0x5c0 [ 427.143693] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 427.148657] __handle_mm_fault+0x1cfb/0x3b60 [ 427.153081] ? copy_page_range+0x1e70/0x1e70 [ 427.157510] ? count_memcg_event_mm+0x279/0x4c0 [ 427.162306] handle_mm_fault+0x1a5/0x670 [ 427.166390] __get_user_pages+0x599/0x1650 [ 427.170650] ? follow_page_mask+0x1a60/0x1a60 [ 427.175263] ? lock_acquire+0x170/0x400 [ 427.179283] populate_vma_page_range+0x1fd/0x290 [ 427.184241] __mm_populate+0x1e8/0x350 [ 427.188157] ? populate_vma_page_range+0x290/0x290 [ 427.193094] ? do_mlock+0x6b0/0x6b0 [ 427.196748] __x64_sys_mlockall+0x340/0x500 [ 427.201079] do_syscall_64+0xf9/0x620 [ 427.204892] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 427.210102] RIP: 0033:0x45c479 [ 427.213407] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 427.232410] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 427.240295] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 427.247746] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 427.255017] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 427.262286] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 427.269567] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 427.277064] Task in /syz2 killed as a result of limit of /syz2 [ 427.283209] memory: usage 307200kB, limit 307200kB, failcnt 16798 [ 427.289623] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.296634] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.302843] Memory cgroup stats for /syz2: cache:72KB rss:296004KB rss_huge:167936KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137444KB active_anon:8976KB inactive_file:4KB active_file:4KB unevictable:149680KB [ 427.324739] Memory cgroup out of memory: Kill process 12066 (syz-executor.2) score 1163 or sacrifice child [ 427.334606] Killed process 12066 (syz-executor.2) total-vm:74964kB, anon-rss:18508kB, file-rss:34816kB, shmem-rss:0kB [ 427.346776] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 427.358049] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 427.363503] CPU: 0 PID: 12082 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 427.371386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.380726] Call Trace: [ 427.383314] dump_stack+0x188/0x20d [ 427.386937] dump_header+0x159/0xa5e [ 427.390644] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 427.395749] ? ___ratelimit+0x59/0x573 [ 427.399631] oom_kill_process.cold+0x10/0x6dc [ 427.404122] ? task_will_free_mem+0x134/0x6d0 [ 427.408626] out_of_memory+0x349/0x1250 [ 427.412621] ? mark_held_locks+0xa6/0xf0 [ 427.416702] ? oom_killer_disable+0x270/0x270 [ 427.421213] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 427.425817] mem_cgroup_out_of_memory+0x1c7/0x240 [ 427.430673] ? memcg_event_wake+0x210/0x210 [ 427.435016] try_charge+0xe22/0x1300 [ 427.438736] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 427.443575] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 427.448424] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 427.454476] ? __lock_acquire+0x6ee/0x49c0 [ 427.458704] mem_cgroup_try_charge+0x249/0x5c0 [ 427.463290] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 427.468251] wp_page_copy+0x3fe/0x1530 [ 427.472146] ? follow_pfn+0x260/0x260 [ 427.475957] ? __lock_acquire+0x6ee/0x49c0 [ 427.480222] do_wp_page+0x518/0xfa0 [ 427.483851] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 427.488564] __handle_mm_fault+0x21a4/0x3b60 [ 427.492990] ? copy_page_range+0x1e70/0x1e70 [ 427.497410] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 427.502188] ? handle_mm_fault+0x197/0x670 [ 427.506451] handle_mm_fault+0x1a5/0x670 [ 427.510561] __get_user_pages+0x599/0x1650 [ 427.514817] ? follow_page_mask+0x1a60/0x1a60 [ 427.519444] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 427.524334] ? retint_kernel+0x2d/0x2d [ 427.528239] populate_vma_page_range+0x1fd/0x290 [ 427.533002] __mm_populate+0x1e8/0x350 [ 427.536889] ? populate_vma_page_range+0x290/0x290 [ 427.541829] ? do_mlock+0x6b0/0x6b0 [ 427.545461] __x64_sys_mlockall+0x340/0x500 [ 427.549784] do_syscall_64+0xf9/0x620 [ 427.553774] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 427.559047] RIP: 0033:0x45c479 [ 427.562246] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 427.581273] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 427.588993] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 427.596321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 427.603738] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 427.611126] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 427.618497] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 427.625844] Task in /syz3 killed as a result of limit of /syz3 [ 427.632823] memory: usage 307200kB, limit 307200kB, failcnt 5353 [ 427.639092] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.645860] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.652082] Memory cgroup stats for /syz3: cache:20KB rss:296108KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72348KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 427.673944] Memory cgroup out of memory: Kill process 12081 (syz-executor.3) score 1233 or sacrifice child [ 427.683875] Killed process 12083 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 427.720038] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 427.731395] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 427.736805] CPU: 1 PID: 12095 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 427.744814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.754302] Call Trace: [ 427.756910] dump_stack+0x188/0x20d [ 427.760557] dump_header+0x159/0xa5e [ 427.764304] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 427.769435] ? ___ratelimit+0x59/0x573 [ 427.773331] oom_kill_process.cold+0x10/0x6dc [ 427.777861] ? task_will_free_mem+0x134/0x6d0 [ 427.782369] out_of_memory+0x349/0x1250 [ 427.786355] ? oom_killer_disable+0x270/0x270 [ 427.790966] mem_cgroup_out_of_memory+0x1c7/0x240 [ 427.795817] ? memcg_event_wake+0x210/0x210 [ 427.800148] ? do_raw_spin_unlock+0x171/0x260 [ 427.804660] try_charge+0xe22/0x1300 [ 427.808401] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 427.813268] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 427.818129] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 427.824208] ? mark_held_locks+0xf0/0xf0 [ 427.828298] mem_cgroup_try_charge+0x249/0x5c0 [ 427.832900] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 427.837832] __handle_mm_fault+0x1cfb/0x3b60 [ 427.842258] ? copy_page_range+0x1e70/0x1e70 [ 427.848924] ? count_memcg_event_mm+0x279/0x4c0 [ 427.853611] handle_mm_fault+0x1a5/0x670 [ 427.857678] __get_user_pages+0x599/0x1650 [ 427.861919] ? follow_page_mask+0x1a60/0x1a60 [ 427.866439] ? lock_acquire+0x170/0x400 [ 427.870418] populate_vma_page_range+0x1fd/0x290 [ 427.875183] __mm_populate+0x1e8/0x350 [ 427.879092] ? populate_vma_page_range+0x290/0x290 [ 427.884035] ? do_mlock+0x6b0/0x6b0 [ 427.887686] __x64_sys_mlockall+0x340/0x500 [ 427.892056] do_syscall_64+0xf9/0x620 [ 427.895888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 427.901158] RIP: 0033:0x45c479 [ 427.904387] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 427.923315] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 427.931046] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 427.938330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 427.945606] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 427.952885] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 427.960270] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 427.967911] Task in /syz2 killed as a result of limit of /syz2 [ 427.973942] memory: usage 288504kB, limit 307200kB, failcnt 16804 [ 427.980703] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.987504] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 427.993794] Memory cgroup stats for /syz2: cache:72KB rss:277588KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:120984KB active_anon:8976KB inactive_file:8KB active_file:0KB unevictable:147632KB [ 428.015373] Memory cgroup out of memory: Kill process 11616 (syz-executor.2) score 1163 or sacrifice child [ 428.025287] Killed process 11616 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 428.166973] oom_reaper: reaped process 11616 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:20:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f000000) 14:20:45 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:45 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1100}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:45 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000000) 14:20:45 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 429.329903] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 430.109547] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 430.149150] CPU: 0 PID: 12090 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 430.157168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.166564] Call Trace: [ 430.169180] dump_stack+0x188/0x20d [ 430.172833] dump_header+0x159/0xa5e [ 430.176660] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 430.181787] ? ___ratelimit+0x59/0x573 [ 430.185699] oom_kill_process.cold+0x10/0x6dc [ 430.190228] ? task_will_free_mem+0x134/0x6d0 [ 430.194748] out_of_memory+0x349/0x1250 [ 430.198746] ? oom_killer_disable+0x270/0x270 [ 430.204526] mem_cgroup_out_of_memory+0x1c7/0x240 [ 430.209393] ? memcg_event_wake+0x210/0x210 [ 430.213887] ? do_raw_spin_unlock+0x171/0x260 [ 430.219187] try_charge+0xe22/0x1300 [ 430.223057] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 430.227942] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 430.232907] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 430.239069] ? lock_downgrade+0x740/0x740 [ 430.244548] mem_cgroup_try_charge+0x249/0x5c0 [ 430.250399] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 430.255456] do_huge_pmd_wp_page+0x921/0x32f0 [ 430.260148] ? __split_huge_pmd+0x29c0/0x29c0 [ 430.264658] ? pmd_val+0x7c/0xf0 [ 430.268057] ? add_mm_counter_fast.part.0+0x40/0x40 [ 430.273095] __handle_mm_fault+0x1561/0x3b60 [ 430.278142] ? copy_page_range+0x1e70/0x1e70 [ 430.282555] ? count_memcg_event_mm+0x279/0x4c0 [ 430.287451] handle_mm_fault+0x1a5/0x670 [ 430.291532] __do_page_fault+0x5ed/0xdd0 [ 430.295656] ? trace_hardirqs_off_caller+0x55/0x210 [ 430.300806] ? vmalloc_fault+0x730/0x730 [ 430.305007] ? page_fault+0x8/0x30 [ 430.308557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 430.313496] ? page_fault+0x8/0x30 [ 430.317212] page_fault+0x1e/0x30 [ 430.320669] RIP: 0033:0x4006c4 [ 430.323865] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 430.342764] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 430.348127] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 14:20:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xe8030000) [ 430.355392] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 430.363003] RBP: 0000000000770550 R08: 0000000000000000 R09: 0000000000000000 [ 430.370284] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 430.377726] R13: 0000000000770558 R14: 0000000000068cf1 R15: 000000000076bf2c 14:20:46 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 430.404206] Task in /syz4 killed as a result of limit of /syz4 [ 430.413164] memory: usage 307200kB, limit 307200kB, failcnt 1311 [ 430.422783] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 430.432854] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 430.441907] Memory cgroup stats for /syz4: cache:56KB rss:295168KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270392KB active_anon:2368KB inactive_file:4KB active_file:4KB unevictable:22480KB [ 430.474936] Memory cgroup out of memory: Kill process 12090 (syz-executor.4) score 1232 or sacrifice child 14:20:46 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 430.515209] Killed process 12133 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 430.550739] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 430.562169] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 430.567578] CPU: 1 PID: 12131 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 430.575468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.584858] Call Trace: [ 430.587487] dump_stack+0x188/0x20d [ 430.591215] dump_header+0x159/0xa5e [ 430.594941] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 430.600058] ? ___ratelimit+0x59/0x573 [ 430.603970] oom_kill_process.cold+0x10/0x6dc [ 430.608486] ? task_will_free_mem+0x134/0x6d0 14:20:46 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 430.613001] out_of_memory+0x349/0x1250 [ 430.616992] ? oom_killer_disable+0x270/0x270 [ 430.621516] mem_cgroup_out_of_memory+0x1c7/0x240 [ 430.626380] ? memcg_event_wake+0x210/0x210 [ 430.630727] ? do_raw_spin_unlock+0x171/0x260 [ 430.635327] try_charge+0xe22/0x1300 [ 430.639067] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 430.644462] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 430.650195] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 430.656269] mem_cgroup_try_charge+0x249/0x5c0 [ 430.660864] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 430.665802] wp_page_copy+0x3fe/0x1530 [ 430.669882] ? follow_pfn+0x260/0x260 [ 430.673686] ? __lock_acquire+0x6ee/0x49c0 [ 430.677931] do_wp_page+0x518/0xfa0 [ 430.681563] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 430.686254] __handle_mm_fault+0x21a4/0x3b60 [ 430.690672] ? copy_page_range+0x1e70/0x1e70 [ 430.695104] ? count_memcg_event_mm+0x279/0x4c0 [ 430.699805] handle_mm_fault+0x1a5/0x670 [ 430.703869] __get_user_pages+0x599/0x1650 [ 430.708101] ? follow_page_mask+0x1a60/0x1a60 [ 430.712593] ? populate_vma_page_range+0x10e/0x290 [ 430.717600] populate_vma_page_range+0x1fd/0x290 [ 430.722352] __mm_populate+0x1e8/0x350 [ 430.726234] ? populate_vma_page_range+0x290/0x290 [ 430.731173] ? do_mlock+0x6b0/0x6b0 [ 430.734796] __x64_sys_mlockall+0x340/0x500 [ 430.739139] do_syscall_64+0xf9/0x620 [ 430.742941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 430.748119] RIP: 0033:0x45c479 [ 430.751306] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 430.770284] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 430.778157] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 430.785433] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 430.792713] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 430.799991] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 430.807303] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 430.814934] Task in /syz3 killed as a result of limit of /syz3 [ 430.820983] memory: usage 307200kB, limit 307200kB, failcnt 5379 [ 430.827137] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 430.833976] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 430.840198] Memory cgroup stats for /syz3: cache:20KB rss:296240KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72440KB active_anon:9036KB inactive_file:0KB active_file:4KB unevictable:214860KB [ 430.861823] Memory cgroup out of memory: Kill process 12129 (syz-executor.3) score 1233 or sacrifice child [ 430.871915] Killed process 12132 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 430.926821] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 430.940618] oom_reaper: reaped process 12133 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 430.958712] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 430.990693] CPU: 1 PID: 12129 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 430.998621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.008022] Call Trace: [ 431.010857] dump_stack+0x188/0x20d [ 431.014509] dump_header+0x159/0xa5e [ 431.018249] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 431.023463] ? ___ratelimit+0x59/0x573 [ 431.027377] oom_kill_process.cold+0x10/0x6dc [ 431.031993] ? task_will_free_mem+0x134/0x6d0 [ 431.036513] out_of_memory+0x349/0x1250 [ 431.040515] ? oom_killer_disable+0x270/0x270 [ 431.045040] mem_cgroup_out_of_memory+0x1c7/0x240 [ 431.049919] ? memcg_event_wake+0x210/0x210 [ 431.054256] ? do_raw_spin_unlock+0x171/0x260 [ 431.058760] try_charge+0xbdf/0x1300 [ 431.062497] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 431.067347] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 431.072377] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 431.078443] ? __lock_acquire+0x6ee/0x49c0 [ 431.082683] mem_cgroup_try_charge+0x249/0x5c0 [ 431.087293] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 431.092239] wp_page_copy+0x3fe/0x1530 [ 431.096163] ? follow_pfn+0x260/0x260 [ 431.100066] ? __lock_acquire+0x6ee/0x49c0 [ 431.104392] ? lock_downgrade+0x740/0x740 [ 431.108548] do_wp_page+0x518/0xfa0 [ 431.112201] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 431.116894] __handle_mm_fault+0x21a4/0x3b60 [ 431.121321] ? copy_page_range+0x1e70/0x1e70 [ 431.125746] ? count_memcg_event_mm+0x279/0x4c0 [ 431.130454] handle_mm_fault+0x1a5/0x670 [ 431.134652] __do_page_fault+0x5ed/0xdd0 [ 431.138740] ? trace_hardirqs_off_caller+0x55/0x210 [ 431.143897] ? vmalloc_fault+0x730/0x730 [ 431.147984] ? page_fault+0x8/0x30 [ 431.152067] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 431.156931] ? page_fault+0x8/0x30 [ 431.160492] page_fault+0x1e/0x30 [ 431.163957] RIP: 0033:0x410900 [ 431.167187] Code: e8 45 63 00 00 8b 10 48 8d b4 24 80 00 00 00 bf 30 0f 4d 00 31 c0 e8 af 15 ff ff e9 62 fd ff ff bb 03 00 00 00 89 df 83 c3 01 db 56 00 00 83 fb 1e 75 f1 e9 85 fd ff ff 89 d8 bf 60 0d 4d 00 [ 431.187210] RSP: 002b:00007ffc217fe020 EFLAGS: 00010202 [ 431.193702] RAX: 0000000000000000 RBX: 0000000000000004 RCX: 0000000000000064 [ 431.202038] RDX: 0000000000000000 RSI: 000000000000155f RDI: 0000000000000003 [ 431.209315] RBP: 0000000000000000 R08: 0000000021b8755f R09: 0000000021b87563 [ 431.216586] R10: 00007ffc217fdf40 R11: 0000000000000000 R12: 0000000000000000 [ 431.223968] R13: 00007ffc217fe050 R14: 0000000000000000 R15: 00007ffc217fe060 14:20:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xffff8000) 14:20:47 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:47 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x157c}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:47 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x8000000000) [ 431.739285] Task in /syz3 killed as a result of limit of /syz3 [ 431.745734] memory: usage 293624kB, limit 307200kB, failcnt 5381 [ 431.751970] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 431.758813] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 431.765020] Memory cgroup stats for /syz3: cache:20KB rss:282856KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:59048KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 431.786525] Memory cgroup out of memory: Kill process 12129 (syz-executor.3) score 1233 or sacrifice child [ 431.796738] Killed process 12129 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB [ 431.831318] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 431.831450] oom_reaper: reaped process 12129 (syz-executor.3), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB [ 431.842585] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 431.842614] CPU: 0 PID: 12142 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 431.842622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.842626] Call Trace: [ 431.842646] dump_stack+0x188/0x20d [ 431.842664] dump_header+0x159/0xa5e [ 431.842680] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 431.842694] ? ___ratelimit+0x59/0x573 [ 431.842711] oom_kill_process.cold+0x10/0x6dc [ 431.842729] ? task_will_free_mem+0x134/0x6d0 [ 431.842748] out_of_memory+0x349/0x1250 [ 431.842766] ? oom_killer_disable+0x270/0x270 [ 431.842789] mem_cgroup_out_of_memory+0x1c7/0x240 [ 431.918325] ? memcg_event_wake+0x210/0x210 [ 431.923266] ? do_raw_spin_unlock+0x171/0x260 [ 431.927772] try_charge+0xe22/0x1300 [ 431.931506] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 431.936366] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 431.941222] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 431.947376] ? mark_held_locks+0xf0/0xf0 [ 431.951455] mem_cgroup_try_charge+0x249/0x5c0 [ 431.956168] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 431.961117] __handle_mm_fault+0x1cfb/0x3b60 [ 431.965715] ? copy_page_range+0x1e70/0x1e70 [ 431.970253] ? count_memcg_event_mm+0x279/0x4c0 [ 431.974943] handle_mm_fault+0x1a5/0x670 [ 431.979035] __get_user_pages+0x599/0x1650 [ 431.983281] ? follow_page_mask+0x1a60/0x1a60 [ 431.987899] ? lock_acquire+0x170/0x400 [ 431.991893] populate_vma_page_range+0x1fd/0x290 [ 431.996668] __mm_populate+0x1e8/0x350 [ 432.000572] ? populate_vma_page_range+0x290/0x290 [ 432.005495] ? do_mlock+0x6b0/0x6b0 [ 432.009282] __x64_sys_mlockall+0x340/0x500 [ 432.013637] do_syscall_64+0xf9/0x620 [ 432.017451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 432.022646] RIP: 0033:0x45c479 [ 432.025986] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 432.045510] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 432.053253] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 432.060510] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 432.067767] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.075033] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 432.082315] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 432.089911] Task in /syz2 killed as a result of limit of /syz2 [ 432.095973] memory: usage 307200kB, limit 307200kB, failcnt 16845 [ 432.102460] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 432.109377] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:20:48 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1d00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 432.115547] Memory cgroup stats for /syz2: cache:72KB rss:295840KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:8KB active_file:0KB unevictable:147864KB [ 432.137346] Memory cgroup out of memory: Kill process 11776 (syz-executor.2) score 1163 or sacrifice child [ 432.147548] Killed process 11776 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 432.160592] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 432.171899] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 432.177387] CPU: 0 PID: 12142 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 432.185280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.185429] oom_reaper: reaped process 11776 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 432.195501] Call Trace: [ 432.195526] dump_stack+0x188/0x20d [ 432.195544] dump_header+0x159/0xa5e [ 432.195560] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 432.195573] ? ___ratelimit+0x59/0x573 [ 432.195589] oom_kill_process.cold+0x10/0x6dc [ 432.195606] ? task_will_free_mem+0x134/0x6d0 [ 432.195625] out_of_memory+0x349/0x1250 [ 432.239523] ? oom_killer_disable+0x270/0x270 [ 432.244055] mem_cgroup_out_of_memory+0x1c7/0x240 [ 432.248919] ? memcg_event_wake+0x210/0x210 [ 432.253284] ? do_raw_spin_unlock+0x171/0x260 [ 432.257807] try_charge+0xe22/0x1300 [ 432.261910] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 432.267644] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 432.272517] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 432.279113] ? mark_held_locks+0xf0/0xf0 [ 432.283198] mem_cgroup_try_charge+0x249/0x5c0 [ 432.287833] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 432.292809] __handle_mm_fault+0x1cfb/0x3b60 [ 432.297247] ? copy_page_range+0x1e70/0x1e70 [ 432.301786] ? count_memcg_event_mm+0x279/0x4c0 [ 432.306500] handle_mm_fault+0x1a5/0x670 [ 432.310610] __get_user_pages+0x599/0x1650 [ 432.314888] ? follow_page_mask+0x1a60/0x1a60 [ 432.319417] ? lock_acquire+0x170/0x400 [ 432.323423] populate_vma_page_range+0x1fd/0x290 [ 432.328299] __mm_populate+0x1e8/0x350 14:20:48 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1f00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 432.332230] ? populate_vma_page_range+0x290/0x290 [ 432.337530] ? do_mlock+0x6b0/0x6b0 [ 432.341379] __x64_sys_mlockall+0x340/0x500 [ 432.345742] do_syscall_64+0xf9/0x620 [ 432.349931] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 432.355135] RIP: 0033:0x45c479 [ 432.358349] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:20:48 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 432.379155] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 432.386888] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 432.394176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 432.401500] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 432.409099] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 432.416520] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 432.424071] Task in /syz2 killed as a result of limit of /syz2 [ 432.430833] memory: usage 288636kB, limit 307200kB, failcnt 16854 [ 432.439321] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 432.446178] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 432.453013] Memory cgroup stats for /syz2: cache:72KB rss:277728KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:120852KB active_anon:8976KB inactive_file:0KB active_file:4KB unevictable:147868KB [ 432.474683] Memory cgroup out of memory: Kill process 12110 (syz-executor.2) score 1163 or sacrifice child [ 432.484913] Killed process 12110 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 432.547731] oom_reaper: reaped process 12110 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:20:50 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:50 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1f40}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x80ffff00000000) 14:20:50 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x100000000000000) [ 435.284871] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 435.296635] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 435.302344] CPU: 1 PID: 12184 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 435.310229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.319598] Call Trace: [ 435.322204] dump_stack+0x188/0x20d [ 435.325839] dump_header+0x159/0xa5e [ 435.329573] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 435.334679] ? ___ratelimit+0x59/0x573 [ 435.338576] oom_kill_process.cold+0x10/0x6dc [ 435.343091] out_of_memory+0x349/0x1250 [ 435.347092] ? oom_killer_disable+0x270/0x270 [ 435.351608] ? mem_cgroup_out_of_memory+0x97/0x240 [ 435.356563] mem_cgroup_out_of_memory+0x1c7/0x240 [ 435.361423] ? memcg_event_wake+0x210/0x210 [ 435.365777] ? do_raw_spin_unlock+0x171/0x260 [ 435.370302] try_charge+0xe22/0x1300 [ 435.374138] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 435.379241] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 435.384185] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 435.390259] mem_cgroup_try_charge+0x249/0x5c0 [ 435.395593] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 435.400535] wp_page_copy+0x3fe/0x1530 [ 435.404453] ? follow_pfn+0x260/0x260 [ 435.408411] ? __lock_acquire+0x6ee/0x49c0 [ 435.412674] do_wp_page+0x518/0xfa0 [ 435.416324] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 435.421025] __handle_mm_fault+0x21a4/0x3b60 [ 435.425459] ? copy_page_range+0x1e70/0x1e70 [ 435.429897] ? count_memcg_event_mm+0x279/0x4c0 [ 435.434591] handle_mm_fault+0x1a5/0x670 [ 435.438793] __get_user_pages+0x599/0x1650 [ 435.443046] ? follow_page_mask+0x1a60/0x1a60 [ 435.448190] ? populate_vma_page_range+0x8d/0x290 [ 435.453755] populate_vma_page_range+0x1fd/0x290 [ 435.458638] __mm_populate+0x1e8/0x350 [ 435.462536] ? populate_vma_page_range+0x290/0x290 [ 435.467493] ? do_mlock+0x6b0/0x6b0 [ 435.471143] __x64_sys_mlockall+0x340/0x500 [ 435.475476] do_syscall_64+0xf9/0x620 [ 435.479740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 435.487204] RIP: 0033:0x45c479 [ 435.490427] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 435.513347] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 435.521063] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 435.528539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 435.536028] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 435.543311] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 435.550594] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 435.559623] Task in /syz3 killed as a result of limit of /syz3 [ 435.565879] memory: usage 307200kB, limit 307200kB, failcnt 5392 [ 435.572269] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 435.579968] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 435.586361] Memory cgroup stats for /syz3: cache:20KB rss:296372KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72516KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 435.608482] Memory cgroup out of memory: Kill process 12183 (syz-executor.3) score 1233 or sacrifice child [ 435.618702] Killed process 12191 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 435.632145] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 435.643910] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 435.649595] CPU: 0 PID: 12190 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 435.657512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.666881] Call Trace: [ 435.669496] dump_stack+0x188/0x20d [ 435.673145] dump_header+0x159/0xa5e [ 435.676874] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 435.681993] ? ___ratelimit+0x59/0x573 [ 435.686021] oom_kill_process.cold+0x10/0x6dc [ 435.690531] ? task_will_free_mem+0x134/0x6d0 [ 435.695133] out_of_memory+0x349/0x1250 [ 435.699251] ? oom_killer_disable+0x270/0x270 [ 435.703751] mem_cgroup_out_of_memory+0x1c7/0x240 [ 435.708783] ? memcg_event_wake+0x210/0x210 [ 435.713112] ? do_raw_spin_unlock+0x171/0x260 [ 435.717690] try_charge+0xe22/0x1300 [ 435.721425] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 435.726265] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 435.731135] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 435.737229] ? retint_kernel+0x2d/0x2d [ 435.741142] mem_cgroup_try_charge+0x249/0x5c0 [ 435.745744] ? mem_cgroup_try_charge+0x12/0x5c0 [ 435.750533] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 435.755472] wp_page_copy+0x3fe/0x1530 [ 435.759378] ? follow_pfn+0x260/0x260 [ 435.763192] ? unlock_page+0x54/0x280 [ 435.767000] ? unlock_page+0x73/0x280 [ 435.770832] do_wp_page+0x518/0xfa0 [ 435.775775] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 435.781068] __handle_mm_fault+0x21a4/0x3b60 [ 435.785504] ? copy_page_range+0x1e70/0x1e70 [ 435.789927] ? count_memcg_event_mm+0x279/0x4c0 [ 435.794608] handle_mm_fault+0x1a5/0x670 [ 435.798688] __get_user_pages+0x599/0x1650 [ 435.802948] ? follow_page_mask+0x1a60/0x1a60 [ 435.807464] populate_vma_page_range+0x1fd/0x290 [ 435.812225] __mm_populate+0x1e8/0x350 [ 435.816111] ? populate_vma_page_range+0x290/0x290 [ 435.821059] ? do_mlock+0x6b0/0x6b0 [ 435.824691] __x64_sys_mlockall+0x340/0x500 [ 435.829039] do_syscall_64+0xf9/0x620 [ 435.832878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 435.839221] RIP: 0033:0x45c479 [ 435.842520] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 435.861515] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 435.869230] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 435.876509] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 14:20:52 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x2000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 435.885007] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 435.892567] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 435.899844] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 435.908867] Task in /syz2 killed as a result of limit of /syz2 [ 435.915137] memory: usage 307200kB, limit 307200kB, failcnt 16878 [ 435.921556] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 435.928461] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 435.934759] Memory cgroup stats for /syz2: cache:72KB rss:296000KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:127504KB active_anon:8960KB inactive_file:4KB active_file:4KB unevictable:159564KB [ 435.957028] Memory cgroup out of memory: Kill process 12189 (syz-executor.2) score 1233 or sacrifice child [ 435.967899] Killed process 12195 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 436.004454] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 436.016908] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 436.022808] CPU: 1 PID: 12184 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 436.031058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.040417] Call Trace: [ 436.043020] dump_stack+0x188/0x20d [ 436.046828] dump_header+0x159/0xa5e [ 436.050593] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 436.055702] ? ___ratelimit+0x59/0x573 [ 436.059620] oom_kill_process.cold+0x10/0x6dc [ 436.064122] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 436.068880] ? task_will_free_mem+0x134/0x6d0 [ 436.073382] out_of_memory+0x349/0x1250 [ 436.077448] ? oom_killer_disable+0x270/0x270 [ 436.082042] mem_cgroup_out_of_memory+0x1c7/0x240 [ 436.086899] ? memcg_event_wake+0x210/0x210 [ 436.091246] ? do_raw_spin_unlock+0x171/0x260 [ 436.095886] try_charge+0xe22/0x1300 [ 436.099654] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 436.104524] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 436.109399] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 436.115773] mem_cgroup_try_charge+0x249/0x5c0 [ 436.120499] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 436.125462] wp_page_copy+0x3fe/0x1530 [ 436.129530] ? follow_pfn+0x260/0x260 [ 436.133359] ? __lock_acquire+0x6ee/0x49c0 [ 436.137629] do_wp_page+0x518/0xfa0 [ 436.141275] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 436.146420] __handle_mm_fault+0x21a4/0x3b60 [ 436.150871] ? copy_page_range+0x1e70/0x1e70 [ 436.155299] ? count_memcg_event_mm+0x279/0x4c0 [ 436.160023] handle_mm_fault+0x1a5/0x670 [ 436.164114] __get_user_pages+0x599/0x1650 [ 436.169005] ? follow_page_mask+0x1a60/0x1a60 [ 436.173560] ? populate_vma_page_range+0x8d/0x290 [ 436.178554] populate_vma_page_range+0x1fd/0x290 [ 436.183340] __mm_populate+0x1e8/0x350 [ 436.187349] ? populate_vma_page_range+0x290/0x290 [ 436.192313] ? do_mlock+0x6b0/0x6b0 [ 436.196535] __x64_sys_mlockall+0x340/0x500 [ 436.200888] do_syscall_64+0xf9/0x620 [ 436.204710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 436.209913] RIP: 0033:0x45c479 [ 436.213122] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 436.232036] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 436.239765] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 436.247252] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 436.254538] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 436.262393] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 436.269854] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 436.278306] Task in /syz3 killed as a result of limit of /syz3 [ 436.284699] memory: usage 293548kB, limit 307200kB, failcnt 5398 [ 436.291231] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 436.298141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 436.304758] Memory cgroup stats for /syz3: cache:20KB rss:282940KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:59048KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 436.327837] Memory cgroup out of memory: Kill process 12183 (syz-executor.3) score 1233 or sacrifice child [ 436.338230] Killed process 12183 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB 14:20:52 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:52 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 436.352443] oom_reaper: reaped process 12183 (syz-executor.3), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB 14:20:52 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x10d000000000000) 14:20:52 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x401f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x200000000000000) 14:20:53 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:53 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:53 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4d01}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 438.069663] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 438.081631] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 438.087349] CPU: 0 PID: 12224 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 438.095541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.105093] Call Trace: [ 438.107701] dump_stack+0x188/0x20d [ 438.111347] dump_header+0x159/0xa5e [ 438.115434] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 438.120560] ? ___ratelimit+0x59/0x573 [ 438.124605] oom_kill_process.cold+0x10/0x6dc [ 438.129138] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 438.133915] ? task_will_free_mem+0x134/0x6d0 [ 438.138890] out_of_memory+0x349/0x1250 [ 438.142897] ? oom_killer_disable+0x270/0x270 [ 438.147412] ? mem_cgroup_out_of_memory+0x97/0x240 [ 438.152367] mem_cgroup_out_of_memory+0x1c7/0x240 [ 438.157239] ? memcg_event_wake+0x210/0x210 [ 438.161589] ? do_raw_spin_unlock+0x171/0x260 [ 438.166110] try_charge+0xe22/0x1300 [ 438.169859] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 438.174721] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 438.179591] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 438.191913] mem_cgroup_try_charge+0x249/0x5c0 [ 438.196544] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 438.201495] wp_page_copy+0x3fe/0x1530 [ 438.205620] ? follow_pfn+0x260/0x260 [ 438.209462] do_wp_page+0x518/0xfa0 [ 438.213115] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 438.218511] __handle_mm_fault+0x21a4/0x3b60 [ 438.224075] ? copy_page_range+0x1e70/0x1e70 [ 438.228516] ? count_memcg_event_mm+0x279/0x4c0 [ 438.233245] handle_mm_fault+0x1a5/0x670 [ 438.237608] __get_user_pages+0x599/0x1650 [ 438.241995] ? follow_page_mask+0x1a60/0x1a60 [ 438.246508] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 438.251370] ? retint_kernel+0x2d/0x2d [ 438.255335] populate_vma_page_range+0x1fd/0x290 [ 438.260124] __mm_populate+0x1e8/0x350 [ 438.264054] ? populate_vma_page_range+0x290/0x290 [ 438.269002] ? do_mlock+0x6b0/0x6b0 [ 438.272649] __x64_sys_mlockall+0x340/0x500 [ 438.276997] do_syscall_64+0xf9/0x620 [ 438.280820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 438.286319] RIP: 0033:0x45c479 [ 438.289522] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 438.308867] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 438.316599] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 438.323936] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 438.331328] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 438.338789] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 438.346064] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 438.354426] Task in /syz2 killed as a result of limit of /syz2 [ 438.360826] memory: usage 307200kB, limit 307200kB, failcnt 16900 [ 438.367214] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 438.374394] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 438.380706] Memory cgroup stats for /syz2: cache:72KB rss:295864KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:127508KB active_anon:8960KB inactive_file:0KB active_file:4KB unevictable:159564KB [ 438.407749] Memory cgroup out of memory: Kill process 12223 (syz-executor.2) score 1233 or sacrifice child [ 438.418221] Killed process 12231 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 438.431458] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 438.443717] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 438.451788] CPU: 0 PID: 12235 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 438.459797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.469603] Call Trace: [ 438.472273] dump_stack+0x188/0x20d [ 438.475941] dump_header+0x159/0xa5e [ 438.479702] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 438.484833] ? ___ratelimit+0x59/0x573 [ 438.488727] oom_kill_process.cold+0x10/0x6dc [ 438.493353] ? task_will_free_mem+0x134/0x6d0 [ 438.497864] out_of_memory+0x349/0x1250 [ 438.501867] ? oom_killer_disable+0x270/0x270 [ 438.506392] mem_cgroup_out_of_memory+0x1c7/0x240 [ 438.511238] ? memcg_event_wake+0x210/0x210 [ 438.515564] ? do_raw_spin_unlock+0x171/0x260 [ 438.520092] try_charge+0xe22/0x1300 [ 438.523831] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 438.528695] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 438.533555] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 438.539630] ? __lock_acquire+0x6ee/0x49c0 [ 438.543865] mem_cgroup_try_charge+0x249/0x5c0 [ 438.548642] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 438.553778] wp_page_copy+0x3fe/0x1530 [ 438.557713] ? follow_pfn+0x260/0x260 [ 438.561513] ? __lock_acquire+0x6ee/0x49c0 [ 438.565775] do_wp_page+0x518/0xfa0 [ 438.569401] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 438.574085] __handle_mm_fault+0x21a4/0x3b60 [ 438.578505] ? copy_page_range+0x1e70/0x1e70 [ 438.582919] ? count_memcg_event_mm+0x279/0x4c0 [ 438.587617] handle_mm_fault+0x1a5/0x670 [ 438.591731] __get_user_pages+0x599/0x1650 [ 438.596023] ? follow_page_mask+0x1a60/0x1a60 [ 438.600534] populate_vma_page_range+0x1fd/0x290 [ 438.605307] __mm_populate+0x1e8/0x350 [ 438.609228] ? populate_vma_page_range+0x290/0x290 [ 438.614242] ? do_mlock+0x6b0/0x6b0 [ 438.617894] __x64_sys_mlockall+0x340/0x500 [ 438.622383] do_syscall_64+0xf9/0x620 [ 438.626217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 438.631531] RIP: 0033:0x45c479 [ 438.634723] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 438.653635] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 438.661631] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 438.668910] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 438.676300] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 438.683667] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 438.690947] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 438.699097] Task in /syz3 killed as a result of limit of /syz3 [ 438.706202] memory: usage 307140kB, limit 307200kB, failcnt 5422 [ 438.712666] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 438.721287] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 438.727673] Memory cgroup stats for /syz3: cache:20KB rss:296384KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72500KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 438.751446] Memory cgroup out of memory: Kill process 12233 (syz-executor.3) score 1233 or sacrifice child [ 438.762209] Killed process 12236 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB [ 438.799727] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 438.811913] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 438.817633] CPU: 0 PID: 12224 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 438.825785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.835164] Call Trace: [ 438.837770] dump_stack+0x188/0x20d [ 438.841749] dump_header+0x159/0xa5e [ 438.845512] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 438.850648] ? ___ratelimit+0x59/0x573 [ 438.854554] oom_kill_process.cold+0x10/0x6dc [ 438.859155] ? task_will_free_mem+0x134/0x6d0 [ 438.863854] out_of_memory+0x349/0x1250 [ 438.868373] ? oom_killer_disable+0x270/0x270 [ 438.873596] mem_cgroup_out_of_memory+0x1c7/0x240 [ 438.878459] ? memcg_event_wake+0x210/0x210 [ 438.883028] ? do_raw_spin_unlock+0x171/0x260 [ 438.890062] try_charge+0xe22/0x1300 [ 438.893805] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 438.898706] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 438.904529] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 438.910615] mem_cgroup_try_charge+0x249/0x5c0 [ 438.915224] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 438.920273] wp_page_copy+0x3fe/0x1530 [ 438.924199] ? follow_pfn+0x260/0x260 [ 438.928064] do_wp_page+0x518/0xfa0 [ 438.932194] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 438.936909] __handle_mm_fault+0x21a4/0x3b60 [ 438.941531] ? copy_page_range+0x1e70/0x1e70 [ 438.945969] ? count_memcg_event_mm+0x279/0x4c0 [ 438.950773] handle_mm_fault+0x1a5/0x670 [ 438.955586] __get_user_pages+0x599/0x1650 [ 438.960288] ? follow_page_mask+0x1a60/0x1a60 [ 438.964815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 438.969853] ? retint_kernel+0x2d/0x2d [ 438.973788] populate_vma_page_range+0x1fd/0x290 [ 438.978562] __mm_populate+0x1e8/0x350 [ 438.982480] ? populate_vma_page_range+0x290/0x290 [ 438.987480] ? do_mlock+0x6b0/0x6b0 [ 438.991187] __x64_sys_mlockall+0x340/0x500 [ 438.995633] do_syscall_64+0xf9/0x620 [ 438.999434] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 439.004620] RIP: 0033:0x45c479 [ 439.007815] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 439.026934] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 439.034659] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 439.041947] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 439.049348] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 439.056827] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 439.064118] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 439.073472] Task in /syz2 killed as a result of limit of /syz2 [ 439.080147] memory: usage 294192kB, limit 307200kB, failcnt 16906 [ 439.086694] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 439.093886] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 439.100500] Memory cgroup stats for /syz2: cache:72KB rss:283148KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:114708KB active_anon:8960KB inactive_file:4KB active_file:0KB unevictable:159564KB [ 439.122820] Memory cgroup out of memory: Kill process 12223 (syz-executor.2) score 1233 or sacrifice child [ 439.133173] Killed process 12223 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB 14:20:55 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x6400}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 439.145443] oom_reaper: reaped process 12223 (syz-executor.2), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB 14:20:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x300000000000000) 14:20:55 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7701}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:55 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:55 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:55 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7c15}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:55 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:55 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400000000000000) [ 440.815127] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 440.826881] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 440.832746] CPU: 1 PID: 12260 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 440.840709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.850127] Call Trace: [ 440.852767] dump_stack+0x188/0x20d [ 440.856424] dump_header+0x159/0xa5e [ 440.860280] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 440.865489] ? ___ratelimit+0x59/0x573 [ 440.869502] oom_kill_process.cold+0x10/0x6dc [ 440.874049] ? task_will_free_mem+0x134/0x6d0 [ 440.878651] out_of_memory+0x349/0x1250 [ 440.882764] ? oom_killer_disable+0x270/0x270 [ 440.887403] mem_cgroup_out_of_memory+0x1c7/0x240 [ 440.892421] ? memcg_event_wake+0x210/0x210 [ 440.896873] ? do_raw_spin_unlock+0x171/0x260 [ 440.901414] try_charge+0xe22/0x1300 [ 440.905271] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 440.910219] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 440.915145] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 440.921352] ? retint_kernel+0x2d/0x2d [ 440.925413] mem_cgroup_try_charge+0x249/0x5c0 [ 440.930151] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 440.935226] wp_page_copy+0x3fe/0x1530 [ 440.939210] ? follow_pfn+0x260/0x260 [ 440.943160] ? __lock_acquire+0x6ee/0x49c0 [ 440.947533] do_wp_page+0x518/0xfa0 [ 440.952280] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 440.957112] __handle_mm_fault+0x21a4/0x3b60 [ 440.961713] ? copy_page_range+0x1e70/0x1e70 [ 440.966288] ? count_memcg_event_mm+0x279/0x4c0 [ 440.971082] handle_mm_fault+0x1a5/0x670 [ 440.975252] __get_user_pages+0x599/0x1650 [ 440.979561] ? follow_page_mask+0x1a60/0x1a60 [ 440.984231] populate_vma_page_range+0x1fd/0x290 [ 440.989155] __mm_populate+0x1e8/0x350 [ 440.993171] ? populate_vma_page_range+0x290/0x290 [ 440.998146] ? do_mlock+0x6b0/0x6b0 [ 441.001835] __x64_sys_mlockall+0x340/0x500 [ 441.006190] do_syscall_64+0xf9/0x620 [ 441.010024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 441.015313] RIP: 0033:0x45c479 [ 441.018575] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 441.038566] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 441.046409] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 441.053739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 441.061009] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 441.068381] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 441.075848] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 441.087051] Task in /syz2 killed as a result of limit of /syz2 [ 441.093493] memory: usage 307196kB, limit 307200kB, failcnt 16918 [ 441.100806] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 441.108454] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 441.115064] Memory cgroup stats for /syz2: cache:72KB rss:295904KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:127532KB active_anon:8960KB inactive_file:0KB active_file:4KB unevictable:159564KB [ 441.138604] Memory cgroup out of memory: Kill process 12258 (syz-executor.2) score 1233 or sacrifice child [ 441.149597] Killed process 12266 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 441.252013] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 441.263548] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 441.269616] CPU: 0 PID: 12259 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 441.277602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 441.287145] Call Trace: [ 441.289885] dump_stack+0x188/0x20d [ 441.293858] dump_header+0x159/0xa5e [ 441.297602] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 441.302851] ? ___ratelimit+0x59/0x573 [ 441.306838] oom_kill_process.cold+0x10/0x6dc [ 441.311433] ? task_will_free_mem+0x134/0x6d0 [ 441.316079] out_of_memory+0x349/0x1250 [ 441.320107] ? oom_killer_disable+0x270/0x270 [ 441.324890] mem_cgroup_out_of_memory+0x1c7/0x240 [ 441.329806] ? memcg_event_wake+0x210/0x210 [ 441.334269] ? do_raw_spin_unlock+0x171/0x260 [ 441.338845] try_charge+0xe22/0x1300 [ 441.342675] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 441.347577] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 441.352524] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 441.358788] mem_cgroup_try_charge+0x249/0x5c0 [ 441.363503] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 441.368549] wp_page_copy+0x3fe/0x1530 [ 441.372596] ? follow_pfn+0x260/0x260 [ 441.376462] ? __lock_acquire+0x6ee/0x49c0 [ 441.380781] do_wp_page+0x518/0xfa0 [ 441.384760] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 441.389574] __handle_mm_fault+0x21a4/0x3b60 [ 441.394007] ? copy_page_range+0x1e70/0x1e70 [ 441.398954] ? count_memcg_event_mm+0x279/0x4c0 [ 441.403686] handle_mm_fault+0x1a5/0x670 [ 441.407860] __get_user_pages+0x599/0x1650 [ 441.412246] ? follow_page_mask+0x1a60/0x1a60 [ 441.416918] ? lock_acquire+0x1ec/0x400 [ 441.421086] populate_vma_page_range+0x1fd/0x290 [ 441.426016] __mm_populate+0x1e8/0x350 [ 441.430163] ? populate_vma_page_range+0x290/0x290 [ 441.435194] ? do_mlock+0x6b0/0x6b0 [ 441.438887] __x64_sys_mlockall+0x340/0x500 [ 441.443315] do_syscall_64+0xf9/0x620 [ 441.447273] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 441.452526] RIP: 0033:0x45c479 [ 441.455833] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 441.475007] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 441.482814] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 441.490162] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 441.497493] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 441.504832] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 441.512184] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 441.519556] Task in /syz3 killed as a result of limit of /syz3 [ 441.525937] memory: usage 307200kB, limit 307200kB, failcnt 5431 [ 441.532621] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 441.539727] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 441.546240] Memory cgroup stats for /syz3: cache:20KB rss:296384KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:72556KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:214860KB [ 441.568470] Memory cgroup out of memory: Kill process 12255 (syz-executor.3) score 1233 or sacrifice child [ 441.579714] Killed process 12267 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:20:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x1100000000000000) [ 442.073886] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 442.141688] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 442.147260] CPU: 0 PID: 12272 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 442.155424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.165216] Call Trace: [ 442.167999] dump_stack+0x188/0x20d [ 442.171802] dump_header+0x159/0xa5e [ 442.175773] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 442.180916] ? ___ratelimit+0x59/0x573 [ 442.184940] oom_kill_process.cold+0x10/0x6dc [ 442.189736] ? task_will_free_mem+0x134/0x6d0 [ 442.194485] out_of_memory+0x349/0x1250 [ 442.198846] ? oom_killer_disable+0x270/0x270 [ 442.203508] mem_cgroup_out_of_memory+0x1c7/0x240 [ 442.208521] ? memcg_event_wake+0x210/0x210 [ 442.213049] ? do_raw_spin_unlock+0x171/0x260 [ 442.217636] try_charge+0xe22/0x1300 [ 442.221505] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 442.226478] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 442.236256] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 442.242431] ? mark_held_locks+0xf0/0xf0 [ 442.246649] mem_cgroup_try_charge+0x249/0x5c0 [ 442.251378] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 442.256455] __handle_mm_fault+0x1cfb/0x3b60 [ 442.260991] ? copy_page_range+0x1e70/0x1e70 [ 442.265545] ? count_memcg_event_mm+0x279/0x4c0 [ 442.270401] handle_mm_fault+0x1a5/0x670 [ 442.274638] __get_user_pages+0x599/0x1650 [ 442.278966] ? follow_page_mask+0x1a60/0x1a60 [ 442.284782] ? lock_acquire+0x170/0x400 [ 442.289105] populate_vma_page_range+0x1fd/0x290 [ 442.293990] __mm_populate+0x1e8/0x350 [ 442.298101] ? populate_vma_page_range+0x290/0x290 [ 442.303172] ? do_mlock+0x6b0/0x6b0 [ 442.307060] __x64_sys_mlockall+0x340/0x500 [ 442.311506] do_syscall_64+0xf9/0x620 [ 442.315736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 442.321069] RIP: 0033:0x45c479 [ 442.324485] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 442.343608] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 442.351439] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 442.358798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 442.366132] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 442.373453] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 442.380784] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c 14:20:58 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x9a02}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 442.660094] Task in /syz4 killed as a result of limit of /syz4 [ 442.703157] memory: usage 307200kB, limit 307200kB, failcnt 2004 [ 442.742026] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 442.761143] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 442.787014] Memory cgroup stats for /syz4: cache:56KB rss:296132KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:288700KB active_anon:2428KB inactive_file:0KB active_file:12KB unevictable:5116KB 14:20:58 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2900000000000000) [ 442.825929] Memory cgroup out of memory: Kill process 11338 (syz-executor.4) score 1163 or sacrifice child [ 442.849442] Killed process 11338 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:20:59 executing program 3: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:59 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xff00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:59 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:59 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:20:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f00000000000000) 14:20:59 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x2000b}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:59 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7d000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:20:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000000000000000) 14:21:00 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x100000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:00 executing program 3: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 444.217994] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 444.229409] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 444.234903] CPU: 1 PID: 12325 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 444.242798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.252300] Call Trace: [ 444.254924] dump_stack+0x188/0x20d [ 444.258739] dump_header+0x159/0xa5e [ 444.262566] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 444.267677] ? ___ratelimit+0x59/0x573 [ 444.272007] oom_kill_process.cold+0x10/0x6dc [ 444.276498] ? task_will_free_mem+0x134/0x6d0 [ 444.280993] out_of_memory+0x349/0x1250 [ 444.284974] ? oom_killer_disable+0x270/0x270 [ 444.289493] mem_cgroup_out_of_memory+0x1c7/0x240 [ 444.294553] ? memcg_event_wake+0x210/0x210 [ 444.298899] ? do_raw_spin_unlock+0x171/0x260 [ 444.303421] try_charge+0xe22/0x1300 [ 444.307274] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 444.312139] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 444.317095] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 444.323165] ? mark_held_locks+0xf0/0xf0 [ 444.327247] mem_cgroup_try_charge+0x249/0x5c0 [ 444.331827] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 444.337028] __handle_mm_fault+0x1cfb/0x3b60 [ 444.341435] ? copy_page_range+0x1e70/0x1e70 [ 444.345927] ? count_memcg_event_mm+0x279/0x4c0 [ 444.350789] handle_mm_fault+0x1a5/0x670 [ 444.355372] __get_user_pages+0x599/0x1650 [ 444.359616] ? follow_page_mask+0x1a60/0x1a60 [ 444.364111] ? lock_acquire+0x170/0x400 [ 444.368085] populate_vma_page_range+0x1fd/0x290 [ 444.372834] __mm_populate+0x1e8/0x350 [ 444.376710] ? populate_vma_page_range+0x290/0x290 [ 444.381636] ? do_mlock+0x6b0/0x6b0 [ 444.385262] __x64_sys_mlockall+0x340/0x500 [ 444.389578] do_syscall_64+0xf9/0x620 [ 444.393378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.398583] RIP: 0033:0x45c479 [ 444.401973] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 444.420862] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 444.428743] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 444.436001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 444.443356] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 444.450684] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 444.457976] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 444.465719] Task in /syz3 killed as a result of limit of /syz3 [ 444.472097] memory: usage 307200kB, limit 307200kB, failcnt 5482 [ 444.478351] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 444.485117] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 444.491498] Memory cgroup stats for /syz3: cache:20KB rss:296488KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:77432KB active_anon:9052KB inactive_file:4KB active_file:0KB unevictable:210028KB [ 444.513446] Memory cgroup out of memory: Kill process 12299 (syz-executor.3) score 1163 or sacrifice child [ 444.523556] Killed process 12299 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 444.554078] oom_reaper: reaped process 12299 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:21:00 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:00 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x3e8000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x8000000000000000) 14:21:01 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 445.270407] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 445.298171] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 445.303832] CPU: 0 PID: 12343 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 445.311725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.321087] Call Trace: [ 445.323696] dump_stack+0x188/0x20d [ 445.327339] dump_header+0x159/0xa5e [ 445.331073] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 445.336184] ? ___ratelimit+0x59/0x573 [ 445.340115] oom_kill_process.cold+0x10/0x6dc [ 445.344635] ? task_will_free_mem+0x134/0x6d0 [ 445.349153] out_of_memory+0x349/0x1250 [ 445.353150] ? oom_killer_disable+0x270/0x270 [ 445.357669] mem_cgroup_out_of_memory+0x1c7/0x240 [ 445.362552] ? memcg_event_wake+0x210/0x210 [ 445.366888] ? do_raw_spin_unlock+0x171/0x260 [ 445.371485] try_charge+0xe22/0x1300 [ 445.375196] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 445.380056] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 445.384923] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 445.391174] ? mark_held_locks+0xf0/0xf0 [ 445.395243] mem_cgroup_try_charge+0x249/0x5c0 [ 445.400171] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 445.405117] __handle_mm_fault+0x1cfb/0x3b60 [ 445.409536] ? copy_page_range+0x1e70/0x1e70 [ 445.413973] ? count_memcg_event_mm+0x279/0x4c0 [ 445.418687] handle_mm_fault+0x1a5/0x670 [ 445.422853] __get_user_pages+0x599/0x1650 [ 445.427096] ? follow_page_mask+0x1a60/0x1a60 [ 445.431619] ? lock_acquire+0x170/0x400 [ 445.435592] populate_vma_page_range+0x1fd/0x290 [ 445.440365] __mm_populate+0x1e8/0x350 [ 445.444315] ? populate_vma_page_range+0x290/0x290 [ 445.449403] ? do_mlock+0x6b0/0x6b0 [ 445.453071] __x64_sys_mlockall+0x340/0x500 [ 445.457398] do_syscall_64+0xf9/0x620 [ 445.461227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 445.466425] RIP: 0033:0x45c479 [ 445.469608] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 445.488524] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 445.496227] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 445.503930] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 445.511376] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 14:21:01 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x400000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:01 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xe803000000000000) 14:21:01 executing program 3: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 445.518659] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 445.525933] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 445.552527] Task in /syz5 killed as a result of limit of /syz5 [ 445.688602] memory: usage 307200kB, limit 307200kB, failcnt 9419 [ 445.698954] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 445.705932] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 445.718761] Memory cgroup stats for /syz5: cache:0KB rss:297060KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273992KB active_anon:280KB inactive_file:4KB active_file:4KB unevictable:22872KB [ 445.742211] Memory cgroup out of memory: Kill process 11758 (syz-executor.5) score 1163 or sacrifice child [ 445.752743] Killed process 11758 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:21:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) mount$9p_virtio(&(0x7f0000000000)='syz\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x41, &(0x7f0000000100)={'trans=virtio,', {[{@nodevmap='nodevmap'}, {@fscache='fscache'}, {@fscache='fscache'}, {@cache_fscache='cache=fscache'}, {@uname={'uname', 0x3d, '/dev/kvm\x00'}}, {@debug={'debug', 0x3d, 0xae}}, {@cache_fscache='cache=fscache'}, {@version_9p2000='version=9p2000'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '/dev/kvm\x00'}}, {@audit='audit'}, {@fsmagic={'fsmagic', 0x3d, 0x81}}]}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 445.797256] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 445.806979] oom_reaper: reaped process 11758 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 445.841386] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 445.846977] CPU: 1 PID: 12341 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 445.854966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.864345] Call Trace: [ 445.866999] dump_stack+0x188/0x20d [ 445.870648] dump_header+0x159/0xa5e [ 445.874386] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 445.879518] ? ___ratelimit+0x59/0x573 [ 445.883459] oom_kill_process.cold+0x10/0x6dc [ 445.888300] ? task_will_free_mem+0x134/0x6d0 [ 445.892842] out_of_memory+0x349/0x1250 [ 445.896843] ? oom_killer_disable+0x270/0x270 [ 445.901373] mem_cgroup_out_of_memory+0x1c7/0x240 [ 445.907553] ? memcg_event_wake+0x210/0x210 [ 445.911905] ? do_raw_spin_unlock+0x171/0x260 [ 445.916549] try_charge+0xe22/0x1300 [ 445.920383] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 445.925254] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 445.930123] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 445.936205] ? mark_held_locks+0xf0/0xf0 [ 445.940291] mem_cgroup_try_charge+0x249/0x5c0 [ 445.944886] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 445.949830] __handle_mm_fault+0x1cfb/0x3b60 [ 445.954246] ? copy_page_range+0x1e70/0x1e70 [ 445.958757] ? count_memcg_event_mm+0x279/0x4c0 [ 445.963450] handle_mm_fault+0x1a5/0x670 [ 445.967521] __get_user_pages+0x599/0x1650 [ 445.971766] ? follow_page_mask+0x1a60/0x1a60 [ 445.976274] ? lock_acquire+0x170/0x400 [ 445.980256] populate_vma_page_range+0x1fd/0x290 [ 445.985037] __mm_populate+0x1e8/0x350 [ 445.988930] ? populate_vma_page_range+0x290/0x290 [ 445.993864] ? do_mlock+0x6b0/0x6b0 [ 445.997497] __x64_sys_mlockall+0x340/0x500 [ 446.001824] do_syscall_64+0xf9/0x620 [ 446.005631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.010821] RIP: 0033:0x45c479 [ 446.014037] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.033108] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 446.040820] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 446.048538] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 446.055825] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 446.063121] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 446.070392] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 446.082827] Task in /syz2 killed as a result of limit of /syz2 14:21:02 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x800000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 446.089145] memory: usage 307200kB, limit 307200kB, failcnt 16960 [ 446.095799] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.103296] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.110447] Memory cgroup stats for /syz2: cache:72KB rss:296088KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:133092KB active_anon:8976KB inactive_file:4KB active_file:0KB unevictable:154100KB [ 446.132906] Memory cgroup out of memory: Kill process 12174 (syz-executor.2) score 1163 or sacrifice child [ 446.143415] Killed process 12174 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 446.177635] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 446.189916] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 446.195325] CPU: 0 PID: 12349 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 446.203336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.212709] Call Trace: [ 446.215326] dump_stack+0x188/0x20d [ 446.219118] dump_header+0x159/0xa5e [ 446.222912] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 446.228035] ? ___ratelimit+0x59/0x573 [ 446.231980] oom_kill_process.cold+0x10/0x6dc [ 446.236598] ? task_will_free_mem+0x134/0x6d0 [ 446.241118] out_of_memory+0x349/0x1250 [ 446.245105] ? oom_killer_disable+0x270/0x270 [ 446.249710] mem_cgroup_out_of_memory+0x1c7/0x240 [ 446.254586] ? memcg_event_wake+0x210/0x210 [ 446.258930] ? do_raw_spin_unlock+0x171/0x260 [ 446.263439] try_charge+0xe22/0x1300 [ 446.267384] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 446.272358] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 446.277220] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 446.283300] ? mark_held_locks+0xf0/0xf0 [ 446.287397] mem_cgroup_try_charge+0x249/0x5c0 [ 446.292098] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 446.297088] __handle_mm_fault+0x1cfb/0x3b60 [ 446.301597] ? copy_page_range+0x1e70/0x1e70 [ 446.306023] ? count_memcg_event_mm+0x279/0x4c0 [ 446.310710] handle_mm_fault+0x1a5/0x670 [ 446.315818] __get_user_pages+0x599/0x1650 [ 446.320100] ? follow_page_mask+0x1a60/0x1a60 [ 446.324607] ? lock_acquire+0x170/0x400 [ 446.328590] populate_vma_page_range+0x1fd/0x290 [ 446.333341] __mm_populate+0x1e8/0x350 [ 446.337250] ? populate_vma_page_range+0x290/0x290 [ 446.342282] ? do_mlock+0x6b0/0x6b0 [ 446.345924] __x64_sys_mlockall+0x340/0x500 [ 446.350262] do_syscall_64+0xf9/0x620 [ 446.354082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.359278] RIP: 0033:0x45c479 [ 446.362479] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.381472] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 446.389220] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 446.396517] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 446.403796] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 446.411074] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 446.418444] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 446.425973] Task in /syz3 killed as a result of limit of /syz3 [ 446.432190] memory: usage 307200kB, limit 307200kB, failcnt 5503 [ 446.438480] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.445386] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.451727] Memory cgroup stats for /syz3: cache:20KB rss:296316KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:77432KB active_anon:9052KB inactive_file:4KB active_file:0KB unevictable:210000KB [ 446.474603] Memory cgroup out of memory: Kill process 12329 (syz-executor.3) score 1163 or sacrifice child [ 446.484747] Killed process 12329 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 446.496202] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:21:02 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x803e00}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 446.540627] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 446.550190] oom_reaper: reaped process 12329 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 446.578029] CPU: 1 PID: 12354 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 446.585964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.595376] Call Trace: [ 446.598112] dump_stack+0x188/0x20d [ 446.601744] dump_header+0x159/0xa5e [ 446.605483] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 446.610596] ? ___ratelimit+0x59/0x573 [ 446.614511] oom_kill_process.cold+0x10/0x6dc [ 446.619024] ? task_will_free_mem+0x134/0x6d0 [ 446.623533] out_of_memory+0x349/0x1250 [ 446.627518] ? oom_killer_disable+0x270/0x270 [ 446.632048] mem_cgroup_out_of_memory+0x1c7/0x240 [ 446.636903] ? memcg_event_wake+0x210/0x210 [ 446.641242] ? do_raw_spin_unlock+0x171/0x260 [ 446.645768] try_charge+0xe22/0x1300 [ 446.649490] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 446.654339] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 446.659322] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 446.665513] ? mark_held_locks+0xf0/0xf0 [ 446.669622] mem_cgroup_try_charge+0x249/0x5c0 [ 446.674242] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 446.679186] __handle_mm_fault+0x1cfb/0x3b60 [ 446.683605] ? copy_page_range+0x1e70/0x1e70 [ 446.688022] ? count_memcg_event_mm+0x279/0x4c0 [ 446.692719] handle_mm_fault+0x1a5/0x670 [ 446.696812] __get_user_pages+0x599/0x1650 [ 446.701161] ? follow_page_mask+0x1a60/0x1a60 [ 446.705767] ? lock_acquire+0x170/0x400 [ 446.709756] populate_vma_page_range+0x1fd/0x290 [ 446.714546] __mm_populate+0x1e8/0x350 [ 446.718483] ? populate_vma_page_range+0x290/0x290 [ 446.723453] ? do_mlock+0x6b0/0x6b0 [ 446.727109] __x64_sys_mlockall+0x340/0x500 [ 446.731453] do_syscall_64+0xf9/0x620 [ 446.735318] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.740513] RIP: 0033:0x45c479 [ 446.743711] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.762888] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 446.770623] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 446.777913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 446.785199] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 446.792716] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 446.800710] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 446.819245] Task in /syz4 killed as a result of limit of /syz4 [ 446.825273] memory: usage 307200kB, limit 307200kB, failcnt 2052 14:21:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x100, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2000, 0x0) ioctl$EVIOCGSND(r3, 0x8040451a, &(0x7f0000000080)=""/28) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r4, 0x0) ioctl$EVIOCGABS2F(r4, 0x8018456f, &(0x7f00000005c0)=""/182) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) r7 = dup3(r2, r6, 0x80000) r8 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r7, 0x29, 0x2d, &(0x7f00000002c0)={0x4d60, {{0xa, 0x4e21, 0x4, @rand_addr="e656e0b10cb065ef7e0940ea641d3981", 0x80}}}, 0x88) r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r9, 0x0) ioctl$EVIOCGMASK(r9, 0x80104592, &(0x7f0000000180)={0x14, 0x135, &(0x7f0000000440)="830429df6c8bc1371c69d42981e7b2db7e707fa59a321b5b8cc7a38d56786a9b11c7681d7fb291599b0d1991acced7c760aaf3ca0defb641b7cd9bdcc9bd1dd0cbab81f69c306a9ce1ee7e21fb3d282387aa146527c69a57b1ba9b3c390ac38d6f31f2380eba44b4bc51c256bb3597de5551a7b82c566ff2460af612e8c6d410214e8d5181b4391e83bc994b2efa511630eb6d32d23bb4f3cf278c09d5e065760ddc19f72128add27a934779e1cc805b7a98841b88a32ef9b035b14e3820efb86af3b8e4dcdf4dd15b2263090b988cb82c729f032cd7669069cc53c43edad3a6b443b69c6063fb077697480928436156"}) r10 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r10, 0x1, 0xffffffffffffffff, 0x2) r11 = syz_open_procfs(r10, &(0x7f0000000680)='net/udp\x00') write$P9_RLOCK(r11, &(0x7f0000000140)={0x8, 0x35, 0x1}, 0x8) openat$autofs(0xffffffffffffff9c, &(0x7f0000000780)='/dev/autofs\x00', 0x501081, 0x0) accept4$packet(r8, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000540)=0x14, 0x0) ftruncate(r8, 0x2008002) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r8, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 446.858726] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.866405] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 446.940732] Memory cgroup stats for /syz4: cache:56KB rss:296268KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:288700KB active_anon:2428KB inactive_file:0KB active_file:8KB unevictable:5296KB [ 447.019090] Memory cgroup out of memory: Kill process 11387 (syz-executor.4) score 1163 or sacrifice child [ 447.070068] Killed process 11387 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 447.138780] oom_reaper: reaped process 11387 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 447.150122] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 447.161461] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 447.166866] CPU: 0 PID: 12349 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 447.174769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.184136] Call Trace: [ 447.186753] dump_stack+0x188/0x20d [ 447.190412] dump_header+0x159/0xa5e [ 447.194147] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 447.199381] ? ___ratelimit+0x59/0x573 [ 447.204520] oom_kill_process.cold+0x10/0x6dc [ 447.209581] ? task_will_free_mem+0x134/0x6d0 [ 447.214112] out_of_memory+0x349/0x1250 [ 447.215688] audit: type=1804 audit(1583245263.314:191): pid=12371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/245/bus" dev="sda1" ino=16617 res=1 [ 447.218139] ? oom_killer_disable+0x270/0x270 [ 447.218166] mem_cgroup_out_of_memory+0x1c7/0x240 [ 447.218180] ? memcg_event_wake+0x210/0x210 [ 447.218200] ? do_raw_spin_unlock+0x171/0x260 [ 447.218213] try_charge+0xe22/0x1300 [ 447.218234] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 447.218252] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 447.276864] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 447.282941] ? mark_held_locks+0xf0/0xf0 [ 447.287044] mem_cgroup_try_charge+0x249/0x5c0 [ 447.291653] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 447.296591] __handle_mm_fault+0x1cfb/0x3b60 [ 447.301019] ? copy_page_range+0x1e70/0x1e70 [ 447.305441] ? count_memcg_event_mm+0x279/0x4c0 [ 447.310375] handle_mm_fault+0x1a5/0x670 [ 447.314448] __get_user_pages+0x599/0x1650 [ 447.319236] ? follow_page_mask+0x1a60/0x1a60 [ 447.323741] ? lock_acquire+0x170/0x400 [ 447.327733] populate_vma_page_range+0x1fd/0x290 [ 447.332504] __mm_populate+0x1e8/0x350 [ 447.336484] ? populate_vma_page_range+0x290/0x290 [ 447.341412] ? do_mlock+0x6b0/0x6b0 [ 447.345061] __x64_sys_mlockall+0x340/0x500 [ 447.349390] do_syscall_64+0xf9/0x620 [ 447.353203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 447.358409] RIP: 0033:0x45c479 [ 447.361632] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 447.380550] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 447.388272] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 447.395556] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 447.402842] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 447.410122] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 447.417395] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 447.424912] Task in /syz3 killed as a result of limit of /syz3 [ 447.430955] memory: usage 288612kB, limit 307200kB, failcnt 5512 [ 447.437109] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 447.443939] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 447.450313] Memory cgroup stats for /syz3: cache:20KB rss:278236KB rss_huge:202752KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:59048KB active_anon:9052KB inactive_file:0KB active_file:0KB unevictable:210004KB [ 447.471923] Memory cgroup out of memory: Kill process 10875 (syz-executor.3) score 1163 or sacrifice child [ 447.481984] Killed process 10875 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 14:21:03 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:03 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd00700}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:03 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:04 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 447.949598] audit: type=1804 audit(1583245264.054:192): pid=12372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/245/bus" dev="sda1" ino=16617 res=1 [ 448.039355] audit: type=1804 audit(1583245264.144:193): pid=12376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/245/bus" dev="sda1" ino=16617 res=1 14:21:04 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 448.136569] audit: type=1400 audit(1583245264.184:194): avc: denied { map } for pid=12370 comm="syz-executor.0" path="/dev/swradio1" dev="devtmpfs" ino=17859 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 448.192856] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 448.220938] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 448.226558] CPU: 1 PID: 12386 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 448.234541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.244084] Call Trace: [ 448.246952] dump_stack+0x188/0x20d [ 448.250744] dump_header+0x159/0xa5e [ 448.254500] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 448.259630] ? ___ratelimit+0x59/0x573 [ 448.263534] oom_kill_process.cold+0x10/0x6dc [ 448.268066] ? task_will_free_mem+0x134/0x6d0 [ 448.272586] out_of_memory+0x349/0x1250 [ 448.276587] ? oom_killer_disable+0x270/0x270 [ 448.281290] mem_cgroup_out_of_memory+0x1c7/0x240 [ 448.286204] ? memcg_event_wake+0x210/0x210 [ 448.290672] ? do_raw_spin_unlock+0x171/0x260 [ 448.295474] try_charge+0xe22/0x1300 [ 448.299461] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 448.305114] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 448.309982] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 448.316055] ? mark_held_locks+0xf0/0xf0 [ 448.320759] mem_cgroup_try_charge+0x249/0x5c0 [ 448.325509] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 448.330471] __handle_mm_fault+0x1cfb/0x3b60 [ 448.334891] ? copy_page_range+0x1e70/0x1e70 [ 448.339341] ? count_memcg_event_mm+0x279/0x4c0 [ 448.344662] handle_mm_fault+0x1a5/0x670 [ 448.348752] __get_user_pages+0x599/0x1650 [ 448.353023] ? follow_page_mask+0x1a60/0x1a60 [ 448.357667] ? lock_acquire+0x170/0x400 [ 448.361706] populate_vma_page_range+0x1fd/0x290 [ 448.367709] __mm_populate+0x1e8/0x350 [ 448.371639] ? populate_vma_page_range+0x290/0x290 [ 448.376585] ? do_mlock+0x6b0/0x6b0 [ 448.380240] __x64_sys_mlockall+0x340/0x500 [ 448.384757] do_syscall_64+0xf9/0x620 [ 448.388524] audit: type=1800 audit(1583245264.244:195): pid=12371 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16617 res=0 [ 448.388578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 448.415613] RIP: 0033:0x45c479 [ 448.418827] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 448.438450] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 448.441778] audit: type=1800 audit(1583245264.244:196): pid=12372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16617 res=0 [ 448.446188] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 448.446197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 448.446204] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 448.446212] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 448.446218] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 448.455216] Task in /syz5 killed as a result of limit of /syz5 [ 448.507905] audit: type=1800 audit(1583245264.244:197): pid=12376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16617 res=0 [ 448.520029] memory: usage 307200kB, limit 307200kB, failcnt 9449 [ 448.546865] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 448.555774] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 448.572834] Memory cgroup stats for /syz5: cache:0KB rss:297092KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273992KB active_anon:280KB inactive_file:0KB active_file:4KB unevictable:22956KB [ 448.599906] Memory cgroup out of memory: Kill process 12327 (syz-executor.5) score 1163 or sacrifice child [ 448.613007] Killed process 12327 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 448.646148] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 448.690267] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 448.709790] oom_reaper: reaped process 12327 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 448.733491] CPU: 1 PID: 12381 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 448.741435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.751143] Call Trace: [ 448.753749] dump_stack+0x188/0x20d [ 448.757390] dump_header+0x159/0xa5e [ 448.761291] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 448.766418] ? ___ratelimit+0x59/0x573 [ 448.770488] oom_kill_process.cold+0x10/0x6dc [ 448.774990] ? task_will_free_mem+0x134/0x6d0 [ 448.779670] out_of_memory+0x349/0x1250 [ 448.783654] ? oom_killer_disable+0x270/0x270 [ 448.789320] mem_cgroup_out_of_memory+0x1c7/0x240 [ 448.794185] ? memcg_event_wake+0x210/0x210 [ 448.798719] ? do_raw_spin_unlock+0x171/0x260 [ 448.803221] try_charge+0xe22/0x1300 [ 448.807732] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 448.812810] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 448.817771] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 448.824718] ? mark_held_locks+0xf0/0xf0 [ 448.828812] mem_cgroup_try_charge+0x249/0x5c0 [ 448.833418] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 448.838403] __handle_mm_fault+0x1cfb/0x3b60 [ 448.842915] ? copy_page_range+0x1e70/0x1e70 [ 448.847336] ? count_memcg_event_mm+0x279/0x4c0 [ 448.852209] handle_mm_fault+0x1a5/0x670 [ 448.856309] __get_user_pages+0x599/0x1650 [ 448.860570] ? follow_page_mask+0x1a60/0x1a60 [ 448.865079] ? lock_acquire+0x170/0x400 [ 448.869242] populate_vma_page_range+0x1fd/0x290 [ 448.874022] __mm_populate+0x1e8/0x350 [ 448.880967] ? populate_vma_page_range+0x290/0x290 [ 448.885902] ? do_mlock+0x6b0/0x6b0 [ 448.889555] __x64_sys_mlockall+0x340/0x500 [ 448.893888] do_syscall_64+0xf9/0x620 [ 448.897704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 448.902924] RIP: 0033:0x45c479 [ 448.906119] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 448.925059] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 448.932951] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 448.940225] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 448.947499] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 448.954774] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 448.962052] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 449.129643] Task in /syz2 killed as a result of limit of /syz2 [ 449.143193] memory: usage 307196kB, limit 307200kB, failcnt 16985 [ 449.149615] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 449.156478] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:21:05 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x2000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r2, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f00000000c0)={0x0, 0x9, 0x7ff, r2, 0x0, &(0x7f0000000080)={0x9a0001, 0x341f, [], @p_u16=&(0x7f0000000000)=0x22}}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_SET_STATION(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r4, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x80}, @NL80211_ATTR_STA_PLINK_ACTION={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) [ 449.163107] Memory cgroup stats for /syz2: cache:72KB rss:296168KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:0KB active_file:0KB unevictable:148028KB [ 449.185246] Memory cgroup out of memory: Kill process 12316 (syz-executor.2) score 1163 or sacrifice child [ 449.196358] Killed process 12316 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 449.245372] audit: type=1804 audit(1583245265.344:198): pid=12398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/246/bus" dev="sda1" ino=16645 res=1 14:21:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x3000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:05 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 449.629901] audit: type=1804 audit(1583245265.554:199): pid=12398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/246/bus" dev="sda1" ino=16645 res=1 [ 449.669931] audit: type=1804 audit(1583245265.724:200): pid=12408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/246/bus" dev="sda1" ino=16645 res=1 [ 449.769835] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 449.781601] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 449.787171] CPU: 1 PID: 12403 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 449.795063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 449.804502] Call Trace: [ 449.807093] dump_stack+0x188/0x20d [ 449.810718] dump_header+0x159/0xa5e [ 449.814437] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 449.819539] ? ___ratelimit+0x59/0x573 [ 449.823421] oom_kill_process.cold+0x10/0x6dc [ 449.827929] ? task_will_free_mem+0x134/0x6d0 [ 449.832505] out_of_memory+0x349/0x1250 [ 449.836491] ? oom_killer_disable+0x270/0x270 [ 449.841161] mem_cgroup_out_of_memory+0x1c7/0x240 [ 449.845999] ? memcg_event_wake+0x210/0x210 [ 449.850316] ? do_raw_spin_unlock+0x171/0x260 [ 449.854906] try_charge+0xe22/0x1300 [ 449.858640] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 449.863487] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 449.868675] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 449.874728] mem_cgroup_try_charge+0x249/0x5c0 [ 449.879391] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 449.884323] wp_page_copy+0x3fe/0x1530 [ 449.888209] ? follow_pfn+0x260/0x260 [ 449.892174] ? __lock_acquire+0x6ee/0x49c0 [ 449.896581] do_wp_page+0x518/0xfa0 [ 449.900205] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 449.904869] __handle_mm_fault+0x21a4/0x3b60 [ 449.909712] ? copy_page_range+0x1e70/0x1e70 [ 449.914124] ? count_memcg_event_mm+0x279/0x4c0 [ 449.918799] handle_mm_fault+0x1a5/0x670 [ 449.922949] __get_user_pages+0x599/0x1650 [ 449.927180] ? follow_page_mask+0x1a60/0x1a60 [ 449.931762] ? populate_vma_page_range+0x1a6/0x290 [ 449.936686] populate_vma_page_range+0x1fd/0x290 [ 449.941447] __mm_populate+0x1e8/0x350 [ 449.945333] ? populate_vma_page_range+0x290/0x290 [ 449.950253] ? do_mlock+0x6b0/0x6b0 [ 449.953874] __x64_sys_mlockall+0x340/0x500 [ 449.958477] do_syscall_64+0xf9/0x620 [ 449.962271] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 449.967759] RIP: 0033:0x45c479 [ 449.970951] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 449.989855] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 449.997582] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 450.004849] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 450.012121] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 450.019390] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 450.026667] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 450.035048] Task in /syz4 killed as a result of limit of /syz4 [ 450.041258] memory: usage 307200kB, limit 307200kB, failcnt 2062 [ 450.047421] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 450.054251] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 450.060518] Memory cgroup stats for /syz4: cache:56KB rss:296412KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271800KB active_anon:2384KB inactive_file:8KB active_file:8KB unevictable:22348KB [ 450.082124] Memory cgroup out of memory: Kill process 12401 (syz-executor.4) score 1233 or sacrifice child [ 450.092455] Killed process 12414 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 450.118895] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 450.130197] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 450.135623] CPU: 0 PID: 12413 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 450.143503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.152873] Call Trace: [ 450.155476] dump_stack+0x188/0x20d [ 450.159113] dump_header+0x159/0xa5e [ 450.162836] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 450.167942] ? ___ratelimit+0x59/0x573 [ 450.171835] oom_kill_process.cold+0x10/0x6dc [ 450.176339] ? task_will_free_mem+0x134/0x6d0 [ 450.180843] out_of_memory+0x349/0x1250 [ 450.184827] ? oom_killer_disable+0x270/0x270 [ 450.189337] mem_cgroup_out_of_memory+0x1c7/0x240 [ 450.194187] ? memcg_event_wake+0x210/0x210 [ 450.198549] ? do_raw_spin_unlock+0x171/0x260 [ 450.203145] try_charge+0xe22/0x1300 [ 450.206890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 450.211749] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 450.216616] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 450.222691] ? mark_held_locks+0xf0/0xf0 [ 450.226785] mem_cgroup_try_charge+0x249/0x5c0 [ 450.231389] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 450.236343] __handle_mm_fault+0x1cfb/0x3b60 [ 450.240809] ? copy_page_range+0x1e70/0x1e70 [ 450.245242] ? count_memcg_event_mm+0x279/0x4c0 [ 450.249956] handle_mm_fault+0x1a5/0x670 [ 450.254046] __get_user_pages+0x599/0x1650 [ 450.258303] ? follow_page_mask+0x1a60/0x1a60 [ 450.262834] ? lock_acquire+0x170/0x400 [ 450.266836] populate_vma_page_range+0x1fd/0x290 [ 450.271620] __mm_populate+0x1e8/0x350 [ 450.275522] ? populate_vma_page_range+0x290/0x290 [ 450.280468] ? do_mlock+0x6b0/0x6b0 [ 450.284126] __x64_sys_mlockall+0x340/0x500 [ 450.288502] do_syscall_64+0xf9/0x620 [ 450.292328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 450.297541] RIP: 0033:0x45c479 [ 450.300757] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 450.319795] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 450.327520] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 450.335018] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 450.342305] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 450.349688] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 450.356994] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 450.365068] Task in /syz3 killed as a result of limit of /syz3 [ 450.371122] memory: usage 307200kB, limit 307200kB, failcnt 5553 [ 450.377340] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 450.384178] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 450.390368] Memory cgroup stats for /syz3: cache:20KB rss:296296KB rss_huge:190464KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:93688KB active_anon:9052KB inactive_file:0KB active_file:4KB unevictable:193724KB [ 450.412138] Memory cgroup out of memory: Kill process 12378 (syz-executor.3) score 1163 or sacrifice child [ 450.422049] Killed process 12378 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:21:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r4, 0x0) r5 = socket(0xa, 0x5, 0x0) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f0000000340)={r7}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000080)={r7, @in6={{0xa, 0x4e22, 0x80, @local, 0x6}}}, &(0x7f0000000000)=0x84) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:06 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 450.528226] oom_reaper: reaped process 12378 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:21:07 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:07 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x5000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:07 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x8) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:07 executing program 3: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x6000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 451.280591] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 451.317770] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 451.358866] CPU: 1 PID: 12431 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 451.366796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 451.376159] Call Trace: [ 451.378774] dump_stack+0x188/0x20d [ 451.382415] dump_header+0x159/0xa5e [ 451.386150] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 451.391265] ? ___ratelimit+0x59/0x573 [ 451.395199] oom_kill_process.cold+0x10/0x6dc [ 451.399721] ? task_will_free_mem+0x134/0x6d0 [ 451.404242] out_of_memory+0x349/0x1250 [ 451.408236] ? oom_killer_disable+0x270/0x270 [ 451.412754] mem_cgroup_out_of_memory+0x1c7/0x240 [ 451.417633] ? memcg_event_wake+0x210/0x210 [ 451.422007] ? do_raw_spin_unlock+0x171/0x260 [ 451.426543] try_charge+0xe22/0x1300 [ 451.430377] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 451.435327] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 451.440171] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 451.446241] ? lock_downgrade+0x740/0x740 [ 451.450398] mem_cgroup_try_charge+0x249/0x5c0 [ 451.454999] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 451.460034] do_huge_pmd_wp_page+0x921/0x32f0 [ 451.465058] ? __split_huge_pmd+0x29c0/0x29c0 [ 451.469646] ? pmd_val+0x7c/0xf0 [ 451.473188] ? add_mm_counter_fast.part.0+0x40/0x40 [ 451.478213] __handle_mm_fault+0x1561/0x3b60 [ 451.483254] ? copy_page_range+0x1e70/0x1e70 [ 451.487662] ? count_memcg_event_mm+0x279/0x4c0 [ 451.492364] handle_mm_fault+0x1a5/0x670 [ 451.496428] __do_page_fault+0x5ed/0xdd0 [ 451.500580] ? trace_hardirqs_off_caller+0x55/0x210 [ 451.505601] ? vmalloc_fault+0x730/0x730 [ 451.509664] ? page_fault+0x8/0x30 [ 451.513294] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 451.518140] ? page_fault+0x8/0x30 [ 451.521782] page_fault+0x1e/0x30 [ 451.525420] RIP: 0033:0x4006c4 [ 451.528906] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 451.548167] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 14:21:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7ff, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r4, 0x0) ioctl$KDFONTOP_GET(r4, 0x4b72, &(0x7f0000000000)={0x1, 0x1, 0x8, 0x2, 0x26, &(0x7f00000002c0)}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000080)={[0xfffffffffffffffe, 0x8, 0x400000000000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x0, 0x4ce, 0x0, 0x0, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x3000}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 451.553547] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 451.560824] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 451.568100] RBP: 0000000000770688 R08: 0000000000000000 R09: 0000000000000000 [ 451.575562] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 451.583022] R13: 0000000000770690 R14: 000000000006e2da R15: 000000000076bf2c [ 451.615039] Task in /syz4 killed as a result of limit of /syz4 [ 451.639151] memory: usage 307192kB, limit 307200kB, failcnt 2090 14:21:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x8000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) setrlimit(0xb, &(0x7f0000000000)={0x1, 0x3}) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000000c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x4, 0x1, 0x0, 0x2000000000, 0x7fffffff], 0x0, 0x10000}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x34000) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 451.672261] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 451.697991] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 451.717563] Memory cgroup stats for /syz4: cache:56KB rss:295236KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270388KB active_anon:2384KB inactive_file:0KB active_file:4KB unevictable:22480KB [ 451.744601] Memory cgroup out of memory: Kill process 12431 (syz-executor.4) score 1232 or sacrifice child 14:21:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x9000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 451.785832] Killed process 12449 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 451.833459] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 451.845214] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 451.850784] CPU: 0 PID: 12447 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 451.858773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 451.868137] Call Trace: [ 451.870729] dump_stack+0x188/0x20d [ 451.874372] dump_header+0x159/0xa5e [ 451.878081] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 451.883182] ? ___ratelimit+0x59/0x573 [ 451.887063] oom_kill_process.cold+0x10/0x6dc [ 451.891551] ? task_will_free_mem+0x134/0x6d0 [ 451.896137] out_of_memory+0x349/0x1250 [ 451.900108] ? oom_killer_disable+0x270/0x270 [ 451.904610] mem_cgroup_out_of_memory+0x1c7/0x240 [ 451.909528] ? memcg_event_wake+0x210/0x210 [ 451.913855] ? do_raw_spin_unlock+0x171/0x260 [ 451.918338] try_charge+0xe22/0x1300 [ 451.922317] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 451.927151] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 451.931994] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 451.938235] ? mark_held_locks+0xf0/0xf0 [ 451.942301] mem_cgroup_try_charge+0x249/0x5c0 [ 451.946895] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 451.951816] __handle_mm_fault+0x1cfb/0x3b60 [ 451.956224] ? copy_page_range+0x1e70/0x1e70 [ 451.960624] ? count_memcg_event_mm+0x279/0x4c0 [ 451.965293] handle_mm_fault+0x1a5/0x670 [ 451.969346] __get_user_pages+0x599/0x1650 [ 451.973575] ? follow_page_mask+0x1a60/0x1a60 [ 451.978155] ? lock_acquire+0x170/0x400 [ 451.982133] populate_vma_page_range+0x1fd/0x290 [ 451.986880] __mm_populate+0x1e8/0x350 [ 451.990762] ? populate_vma_page_range+0x290/0x290 [ 451.995674] ? do_mlock+0x6b0/0x6b0 [ 451.999295] __x64_sys_mlockall+0x340/0x500 [ 452.003619] do_syscall_64+0xf9/0x620 [ 452.007423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 452.012701] RIP: 0033:0x45c479 [ 452.015884] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 452.035752] RSP: 002b:00007fad00cf0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 452.043516] RAX: ffffffffffffffda RBX: 00007fad00cf16d4 RCX: 000000000045c479 [ 452.050819] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 452.058439] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 452.065724] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 452.073310] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076c06c [ 452.081169] Task in /syz3 killed as a result of limit of /syz3 [ 452.087265] memory: usage 307196kB, limit 307200kB, failcnt 5586 [ 452.093470] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.100306] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.107451] Memory cgroup stats for /syz3: cache:20KB rss:296304KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:93688KB active_anon:9068KB inactive_file:0KB active_file:0KB unevictable:193592KB [ 452.132163] Memory cgroup out of memory: Kill process 12421 (syz-executor.3) score 1163 or sacrifice child [ 452.142303] Killed process 12421 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 452.162508] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 452.174588] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 452.180042] CPU: 0 PID: 12447 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 452.187948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.199012] Call Trace: [ 452.201625] dump_stack+0x188/0x20d [ 452.206059] dump_header+0x159/0xa5e [ 452.209796] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 452.215133] ? ___ratelimit+0x59/0x573 [ 452.219043] oom_kill_process.cold+0x10/0x6dc [ 452.223557] ? task_will_free_mem+0x134/0x6d0 [ 452.228081] out_of_memory+0x349/0x1250 [ 452.228828] oom_reaper: reaped process 12421 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 452.232081] ? oom_killer_disable+0x270/0x270 [ 452.232110] mem_cgroup_out_of_memory+0x1c7/0x240 [ 452.232123] ? memcg_event_wake+0x210/0x210 [ 452.232149] ? do_raw_spin_unlock+0x171/0x260 [ 452.261158] try_charge+0xe22/0x1300 [ 452.264905] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 452.269781] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 452.275183] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 452.281342] ? mark_held_locks+0xf0/0xf0 [ 452.285425] mem_cgroup_try_charge+0x249/0x5c0 [ 452.290031] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 452.294983] __handle_mm_fault+0x1cfb/0x3b60 [ 452.299422] ? copy_page_range+0x1e70/0x1e70 [ 452.303863] ? count_memcg_event_mm+0x279/0x4c0 [ 452.308600] handle_mm_fault+0x1a5/0x670 [ 452.312711] __get_user_pages+0x599/0x1650 [ 452.316983] ? follow_page_mask+0x1a60/0x1a60 [ 452.321946] ? lock_acquire+0x170/0x400 [ 452.325946] populate_vma_page_range+0x1fd/0x290 [ 452.330717] __mm_populate+0x1e8/0x350 [ 452.334628] ? populate_vma_page_range+0x290/0x290 [ 452.339571] ? do_mlock+0x6b0/0x6b0 [ 452.343221] __x64_sys_mlockall+0x340/0x500 [ 452.347830] do_syscall_64+0xf9/0x620 [ 452.351642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 452.356840] RIP: 0033:0x45c479 [ 452.360035] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 452.379200] RSP: 002b:00007fad00cf0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 452.387534] RAX: ffffffffffffffda RBX: 00007fad00cf16d4 RCX: 000000000045c479 [ 452.397414] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 452.404679] RBP: 000000000076c060 R08: 0000000000000000 R09: 0000000000000000 [ 452.411949] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 452.419302] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076c06c [ 452.426815] Task in /syz3 killed as a result of limit of /syz3 [ 452.432876] memory: usage 290268kB, limit 307200kB, failcnt 5621 [ 452.439209] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.448585] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.454737] Memory cgroup stats for /syz3: cache:20KB rss:279536KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:75304KB active_anon:9068KB inactive_file:0KB active_file:0KB unevictable:195232KB [ 452.477502] Memory cgroup out of memory: Kill process 12437 (syz-executor.3) score 1165 or sacrifice child [ 452.487402] Killed process 12437 (syz-executor.3) total-vm:74964kB, anon-rss:14840kB, file-rss:39080kB, shmem-rss:0kB [ 452.501327] oom_reaper: reaped process 12437 (syz-executor.3), now anon-rss:15056kB, file-rss:40048kB, shmem-rss:0kB [ 452.501611] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 452.528367] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 452.533799] CPU: 1 PID: 12435 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 452.541696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.551097] Call Trace: [ 452.553975] dump_stack+0x188/0x20d [ 452.557629] dump_header+0x159/0xa5e [ 452.561366] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 452.566501] ? ___ratelimit+0x59/0x573 [ 452.570419] oom_kill_process.cold+0x10/0x6dc [ 452.574939] ? task_will_free_mem+0x134/0x6d0 [ 452.579623] out_of_memory+0x349/0x1250 [ 452.583645] ? oom_killer_disable+0x270/0x270 [ 452.588185] mem_cgroup_out_of_memory+0x1c7/0x240 [ 452.593035] ? memcg_event_wake+0x210/0x210 [ 452.597525] ? do_raw_spin_unlock+0x171/0x260 [ 452.602024] try_charge+0xe22/0x1300 [ 452.606403] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 452.611259] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 452.616109] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 452.622240] ? mark_held_locks+0xf0/0xf0 [ 452.626366] mem_cgroup_try_charge+0x249/0x5c0 [ 452.630977] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 452.635960] __handle_mm_fault+0x1cfb/0x3b60 [ 452.640594] ? copy_page_range+0x1e70/0x1e70 [ 452.645052] ? count_memcg_event_mm+0x279/0x4c0 [ 452.649774] handle_mm_fault+0x1a5/0x670 [ 452.653943] __get_user_pages+0x599/0x1650 [ 452.658179] ? follow_page_mask+0x1a60/0x1a60 [ 452.662682] ? lock_acquire+0x170/0x400 [ 452.667542] populate_vma_page_range+0x1fd/0x290 [ 452.672312] __mm_populate+0x1e8/0x350 [ 452.676230] ? populate_vma_page_range+0x290/0x290 [ 452.681167] ? do_mlock+0x6b0/0x6b0 [ 452.684831] __x64_sys_mlockall+0x340/0x500 [ 452.689179] do_syscall_64+0xf9/0x620 [ 452.693015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 452.698217] RIP: 0033:0x45c479 [ 452.701421] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 452.720446] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 452.728439] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 452.736429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 452.743711] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 452.750990] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 452.758257] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 452.769035] Task in /syz5 killed as a result of limit of /syz5 [ 452.775274] memory: usage 307200kB, limit 307200kB, failcnt 9477 [ 452.782178] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.790590] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 452.796995] Memory cgroup stats for /syz5: cache:0KB rss:297108KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273992KB active_anon:280KB inactive_file:0KB active_file:4KB unevictable:23012KB [ 452.819433] Memory cgroup out of memory: Kill process 12374 (syz-executor.5) score 1163 or sacrifice child [ 452.829496] Killed process 12374 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 452.846095] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 452.868296] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 452.884697] oom_reaper: reaped process 12374 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 452.895271] CPU: 0 PID: 12442 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 452.903182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.912552] Call Trace: [ 452.915181] dump_stack+0x188/0x20d [ 452.919011] dump_header+0x159/0xa5e [ 452.922752] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 452.927878] ? ___ratelimit+0x59/0x573 [ 452.931793] oom_kill_process.cold+0x10/0x6dc [ 452.936308] ? task_will_free_mem+0x134/0x6d0 [ 452.940838] out_of_memory+0x349/0x1250 [ 452.944942] ? oom_killer_disable+0x270/0x270 [ 452.949744] mem_cgroup_out_of_memory+0x1c7/0x240 [ 452.954702] ? memcg_event_wake+0x210/0x210 [ 452.959049] ? do_raw_spin_unlock+0x171/0x260 [ 452.963580] try_charge+0xe22/0x1300 [ 452.967403] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 452.973041] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 452.977901] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 452.984005] ? mark_held_locks+0xf0/0xf0 [ 452.988103] mem_cgroup_try_charge+0x249/0x5c0 [ 452.992706] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 452.997693] __handle_mm_fault+0x1cfb/0x3b60 [ 453.002159] ? copy_page_range+0x1e70/0x1e70 [ 453.006591] ? count_memcg_event_mm+0x279/0x4c0 [ 453.011319] handle_mm_fault+0x1a5/0x670 [ 453.015422] __get_user_pages+0x599/0x1650 [ 453.019981] ? follow_page_mask+0x1a60/0x1a60 [ 453.024534] ? lock_acquire+0x170/0x400 [ 453.028556] populate_vma_page_range+0x1fd/0x290 [ 453.033444] __mm_populate+0x1e8/0x350 [ 453.037345] ? populate_vma_page_range+0x290/0x290 [ 453.042283] ? do_mlock+0x6b0/0x6b0 [ 453.046042] __x64_sys_mlockall+0x340/0x500 [ 453.050423] do_syscall_64+0xf9/0x620 [ 453.054285] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 453.059556] RIP: 0033:0x45c479 [ 453.062800] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 453.081770] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 453.089516] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 453.097348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 453.104672] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 453.112084] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 453.119409] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 453.129688] Task in /syz2 killed as a result of limit of /syz2 [ 453.135936] memory: usage 307196kB, limit 307200kB, failcnt 17013 [ 453.142350] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 453.150113] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 453.156295] Memory cgroup stats for /syz2: cache:72KB rss:296300KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137188KB active_anon:8976KB inactive_file:0KB active_file:4KB unevictable:150164KB [ 453.178985] Memory cgroup out of memory: Kill process 12366 (syz-executor.2) score 1163 or sacrifice child [ 453.189354] Killed process 12366 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 453.220533] oom_reaper: reaped process 12366 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 453.231448] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 453.250832] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 453.256258] CPU: 0 PID: 12431 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 453.264150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.273521] Call Trace: [ 453.276136] dump_stack+0x188/0x20d [ 453.279883] dump_header+0x159/0xa5e [ 453.283623] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 453.288750] ? ___ratelimit+0x59/0x573 [ 453.292753] oom_kill_process.cold+0x10/0x6dc [ 453.297812] ? task_will_free_mem+0x134/0x6d0 [ 453.302329] out_of_memory+0x349/0x1250 [ 453.306346] ? oom_killer_disable+0x270/0x270 [ 453.311319] mem_cgroup_out_of_memory+0x1c7/0x240 [ 453.316180] ? memcg_event_wake+0x210/0x210 [ 453.320605] ? do_raw_spin_unlock+0x171/0x260 [ 453.325295] try_charge+0xe22/0x1300 [ 453.329103] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 453.333961] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 453.338830] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 453.344903] ? lock_downgrade+0x740/0x740 [ 453.349052] mem_cgroup_try_charge+0x249/0x5c0 [ 453.353630] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 453.358565] do_huge_pmd_wp_page+0x921/0x32f0 [ 453.363058] ? __split_huge_pmd+0x29c0/0x29c0 [ 453.367564] ? pmd_val+0x7c/0xf0 [ 453.371047] ? add_mm_counter_fast.part.0+0x40/0x40 [ 453.376063] __handle_mm_fault+0x1561/0x3b60 [ 453.380569] ? copy_page_range+0x1e70/0x1e70 [ 453.384980] ? count_memcg_event_mm+0x279/0x4c0 [ 453.389774] handle_mm_fault+0x1a5/0x670 [ 453.393836] __do_page_fault+0x5ed/0xdd0 [ 453.397898] ? trace_hardirqs_off_caller+0x55/0x210 [ 453.402920] ? vmalloc_fault+0x730/0x730 [ 453.407404] ? page_fault+0x8/0x30 [ 453.410943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.415798] ? page_fault+0x8/0x30 [ 453.419964] page_fault+0x1e/0x30 [ 453.423428] RIP: 0033:0x4006c4 [ 453.426625] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 453.445523] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 453.451181] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 453.458535] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 453.465790] RBP: 0000000000770688 R08: 0000000000000000 R09: 0000000000000000 [ 453.473047] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 453.480545] R13: 0000000000770690 R14: 000000000006e2da R15: 000000000076bf2c [ 453.523414] Task in /syz4 killed as a result of limit of /syz4 [ 453.534050] memory: usage 307004kB, limit 307200kB, failcnt 2118 [ 453.540611] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 453.548571] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 453.555135] Memory cgroup stats for /syz4: cache:56KB rss:295236KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2384KB inactive_file:0KB active_file:4KB unevictable:22480KB [ 453.578017] Memory cgroup out of memory: Kill process 12431 (syz-executor.4) score 1232 or sacrifice child [ 453.589195] Killed process 12431 (syz-executor.4) total-vm:74832kB, anon-rss:18076kB, file-rss:56424kB, shmem-rss:0kB [ 453.600519] oom_reaper: reaped process 12431 (syz-executor.4), now anon-rss:18308kB, file-rss:56424kB, shmem-rss:0kB 14:21:09 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:09 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xa000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:09 executing program 3: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:09 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:09 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 453.891312] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 453.904586] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 453.910453] CPU: 0 PID: 12485 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 453.919031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.928374] Call Trace: [ 453.930963] dump_stack+0x188/0x20d [ 453.934595] dump_header+0x159/0xa5e [ 453.938308] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 453.943419] ? ___ratelimit+0x59/0x573 [ 453.947422] oom_kill_process.cold+0x10/0x6dc [ 453.951958] ? task_will_free_mem+0x134/0x6d0 [ 453.956460] out_of_memory+0x349/0x1250 [ 453.960447] ? oom_killer_disable+0x270/0x270 [ 453.965053] mem_cgroup_out_of_memory+0x1c7/0x240 [ 453.970160] ? memcg_event_wake+0x210/0x210 [ 453.974496] ? do_raw_spin_unlock+0x171/0x260 [ 453.978981] try_charge+0xe22/0x1300 [ 453.982707] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 453.987543] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 453.992378] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 453.998423] ? mark_held_locks+0xf0/0xf0 [ 454.002480] mem_cgroup_try_charge+0x249/0x5c0 [ 454.007064] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 454.011988] __handle_mm_fault+0x1cfb/0x3b60 [ 454.016387] ? copy_page_range+0x1e70/0x1e70 [ 454.020785] ? count_memcg_event_mm+0x279/0x4c0 [ 454.025672] handle_mm_fault+0x1a5/0x670 [ 454.029746] __get_user_pages+0x599/0x1650 [ 454.033997] ? follow_page_mask+0x1a60/0x1a60 [ 454.038489] ? lock_acquire+0x170/0x400 [ 454.042500] populate_vma_page_range+0x1fd/0x290 [ 454.047274] __mm_populate+0x1e8/0x350 [ 454.051164] ? populate_vma_page_range+0x290/0x290 [ 454.056112] ? do_mlock+0x6b0/0x6b0 [ 454.059748] __x64_sys_mlockall+0x340/0x500 [ 454.064086] do_syscall_64+0xf9/0x620 [ 454.067889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 454.073351] RIP: 0033:0x45c479 [ 454.076540] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 454.095547] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 454.103462] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 454.110913] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 454.118209] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 454.125479] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 454.132842] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 454.140383] Task in /syz5 killed as a result of limit of /syz5 [ 454.146797] memory: usage 307200kB, limit 307200kB, failcnt 9504 [ 454.153543] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 454.160367] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 454.166510] Memory cgroup stats for /syz5: cache:0KB rss:297236KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271944KB active_anon:280KB inactive_file:4KB active_file:4KB unevictable:25064KB [ 454.187730] Memory cgroup out of memory: Kill process 12395 (syz-executor.5) score 1163 or sacrifice child [ 454.198663] Killed process 12395 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 454.306453] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 454.318010] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 454.323886] CPU: 0 PID: 12485 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 454.331792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.341779] Call Trace: [ 454.344388] dump_stack+0x188/0x20d [ 454.348358] dump_header+0x159/0xa5e [ 454.352095] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 454.357219] ? ___ratelimit+0x59/0x573 [ 454.361126] oom_kill_process.cold+0x10/0x6dc [ 454.366096] ? task_will_free_mem+0x134/0x6d0 [ 454.370629] out_of_memory+0x349/0x1250 [ 454.374636] ? oom_killer_disable+0x270/0x270 [ 454.379166] mem_cgroup_out_of_memory+0x1c7/0x240 [ 454.384038] ? memcg_event_wake+0x210/0x210 [ 454.388387] ? do_raw_spin_unlock+0x171/0x260 [ 454.393026] try_charge+0xe22/0x1300 [ 454.396848] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 454.401710] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 454.406572] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 454.412646] ? mark_held_locks+0xf0/0xf0 [ 454.416732] mem_cgroup_try_charge+0x249/0x5c0 [ 454.421433] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 454.426559] __handle_mm_fault+0x1cfb/0x3b60 [ 454.430996] ? copy_page_range+0x1e70/0x1e70 [ 454.435431] ? count_memcg_event_mm+0x279/0x4c0 [ 454.440138] handle_mm_fault+0x1a5/0x670 [ 454.444223] __get_user_pages+0x599/0x1650 [ 454.448495] ? follow_page_mask+0x1a60/0x1a60 [ 454.453011] ? lock_acquire+0x170/0x400 [ 454.457434] populate_vma_page_range+0x1fd/0x290 [ 454.462523] __mm_populate+0x1e8/0x350 [ 454.466613] ? populate_vma_page_range+0x290/0x290 [ 454.471646] ? do_mlock+0x6b0/0x6b0 [ 454.475301] __x64_sys_mlockall+0x340/0x500 [ 454.479999] do_syscall_64+0xf9/0x620 [ 454.483825] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 454.488556] oom_reaper: reaped process 12395 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 454.490172] RIP: 0033:0x45c479 [ 454.490189] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 454.490201] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 454.530497] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 454.537777] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 454.545055] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 454.552325] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 454.559594] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 454.568034] Task in /syz5 killed as a result of limit of /syz5 [ 454.574098] memory: usage 301088kB, limit 307200kB, failcnt 10072 [ 454.580382] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 454.587145] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 454.593389] Memory cgroup stats for /syz5: cache:0KB rss:291132KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:265832KB active_anon:280KB inactive_file:0KB active_file:4KB unevictable:25068KB [ 454.614681] Memory cgroup out of memory: Kill process 12477 (syz-executor.5) score 1163 or sacrifice child [ 454.624592] Killed process 12477 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 454.789238] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 454.828069] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 454.844372] oom_reaper: reaped process 12477 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 454.856117] CPU: 0 PID: 12482 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 454.864199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.873567] Call Trace: [ 454.876172] dump_stack+0x188/0x20d [ 454.879811] dump_header+0x159/0xa5e [ 454.883547] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 454.888661] ? ___ratelimit+0x59/0x573 [ 454.892650] oom_kill_process.cold+0x10/0x6dc [ 454.897250] ? task_will_free_mem+0x134/0x6d0 [ 454.901936] out_of_memory+0x349/0x1250 [ 454.908010] ? oom_killer_disable+0x270/0x270 [ 454.912532] mem_cgroup_out_of_memory+0x1c7/0x240 [ 454.917382] ? memcg_event_wake+0x210/0x210 [ 454.921733] ? do_raw_spin_unlock+0x171/0x260 [ 454.926240] try_charge+0xe22/0x1300 [ 454.930255] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 454.935192] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 454.940047] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 454.946130] ? lock_downgrade+0x740/0x740 [ 454.950291] mem_cgroup_try_charge+0x249/0x5c0 [ 454.954888] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 454.959835] do_huge_pmd_wp_page+0x921/0x32f0 [ 454.964367] ? __split_huge_pmd+0x29c0/0x29c0 [ 454.968882] ? pmd_val+0x7c/0xf0 [ 454.972270] ? add_mm_counter_fast.part.0+0x40/0x40 [ 454.977315] __handle_mm_fault+0x1561/0x3b60 [ 454.981749] ? copy_page_range+0x1e70/0x1e70 [ 454.986170] ? count_memcg_event_mm+0x279/0x4c0 [ 454.990950] handle_mm_fault+0x1a5/0x670 [ 454.995156] __do_page_fault+0x5ed/0xdd0 [ 454.999421] ? trace_hardirqs_off_caller+0x55/0x210 [ 455.004495] ? vmalloc_fault+0x730/0x730 [ 455.008667] ? page_fault+0x8/0x30 [ 455.012227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.017088] ? page_fault+0x8/0x30 [ 455.020644] page_fault+0x1e/0x30 [ 455.024109] RIP: 0033:0x4006c4 14:21:11 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 455.027395] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 455.046308] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 455.051686] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 455.058977] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 455.066349] RBP: 0000000000770688 R08: 0000000000000000 R09: 0000000000000000 [ 455.073633] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 455.081011] R13: 0000000000770690 R14: 000000000006ef59 R15: 000000000076bf2c 14:21:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x2, 0x2d, 0x0, 0xf800, 0x0, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f0000000180)="64f364f20f0666b811018ed866b808000f00d0c4e34d7ca600000000a5b9800000c00f3235000800000f300f20d835080000000f22d8b88153a4020f23c00f21f83501000d000f23f80f784624b8000000000f23c00f21f835000001000f23f8660f50c0", 0x64}], 0x1, 0x28, 0x0, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r3, 0x2008002) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/hash_stats\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(r5, &(0x7f0000000300)={&(0x7f0000000140), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="620000000101010300000000000000000300010650000d800c0003cdcea10e004e2300000c4fd1038fc8f492f6240000080001000000000008000200ac1414bb14000500fe000000000000000108000200ac1414aa08000200e000400100000000000000"], 0x64}, 0x1, 0x0, 0x0, 0x80}, 0x44000) r6 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r6, 0x2008002) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480)='nl80211\x00') sendmsg$NL80211_CMD_DEL_KEY(r6, &(0x7f0000000580)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b33d50a8", @ANYRES16=r7, @ANYBLOB="645125bd7000ffdbdf250c0000001100070051c8dd9b1aea56e861e652d71f00000008003700020000000800370001000000090007006f3985ab590000000500080001000000080037000100000004000b00"], 0x58}}, 0x44801) r8 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r8, 0x2008002) getpeername$llc(r8, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000340)=0x10) r9 = shmget(0x0, 0x4000, 0x200, &(0x7f0000020000/0x4000)=nil) shmctl$SHM_STAT_ANY(r9, 0xf, &(0x7f0000000c80)=""/4096) ioctl$KVM_S390_VCPU_FAULT(r4, 0x4008ae52, &(0x7f0000000080)=0x7fffffff) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) r10 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r10, 0x0) sendmsg$TIPC_NL_BEARER_GET(r10, &(0x7f0000000640)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000600)={&(0x7f0000000900)={0x34c, 0x0, 0x2, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0xdc, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffffb}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6d12}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x23}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x1, @initdev={0xfe, 0x88, [], 0x7, 0x0}, 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x3a, @mcast1, 0x2}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20}}, {0x14, 0x2, @in={0x2, 0x4e24, @empty}}}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}]}, @TIPC_NLA_NODE={0x28, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1f}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x10, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}, @TIPC_NLA_BEARER={0x11c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x100, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x9, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x100}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'geneve1\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan1\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x0, @local, 0xfffffff9}}, {0x14, 0x2, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x2b}}}}}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x688c}]}, @TIPC_NLA_SOCK={0x64, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x57}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000000}]}, @TIPC_NLA_SOCK_CON={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xd2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x1}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}]}]}, @TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_BEARER={0x84, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0xffffffcf, @rand_addr="170187825f4339ccbc8ee5285f7b7177", 0x1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'batadv0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x101, @remote, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast2}}}}]}]}, 0x34c}, 0x1, 0x0, 0x0, 0x4000000}, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 455.142073] Task in /syz4 killed as a result of limit of /syz4 [ 455.148281] memory: usage 307132kB, limit 307200kB, failcnt 2312 [ 455.154520] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 455.161522] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 455.168142] Memory cgroup stats for /syz4: cache:56KB rss:295100KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270380KB active_anon:2384KB inactive_file:0KB active_file:4KB unevictable:22348KB [ 455.207960] Memory cgroup out of memory: Kill process 12482 (syz-executor.4) score 1232 or sacrifice child [ 455.228857] Killed process 12495 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 455.265641] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 455.283141] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 455.289114] CPU: 1 PID: 12482 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 455.297003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.306806] Call Trace: [ 455.309607] dump_stack+0x188/0x20d [ 455.313243] dump_header+0x159/0xa5e [ 455.316982] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 455.322103] ? ___ratelimit+0x59/0x573 [ 455.325997] oom_kill_process.cold+0x10/0x6dc [ 455.330701] ? task_will_free_mem+0x134/0x6d0 [ 455.335297] out_of_memory+0x349/0x1250 [ 455.339313] ? oom_killer_disable+0x270/0x270 [ 455.343917] mem_cgroup_out_of_memory+0x1c7/0x240 [ 455.348856] ? memcg_event_wake+0x210/0x210 [ 455.353193] ? do_raw_spin_unlock+0x171/0x260 [ 455.357694] try_charge+0xe22/0x1300 [ 455.361425] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 455.366274] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 455.371124] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 455.377189] ? lock_downgrade+0x740/0x740 [ 455.381355] mem_cgroup_try_charge+0x249/0x5c0 [ 455.386034] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 455.390970] do_huge_pmd_wp_page+0x921/0x32f0 [ 455.395499] ? __split_huge_pmd+0x29c0/0x29c0 [ 455.400002] ? pmd_val+0x7c/0xf0 [ 455.403372] ? add_mm_counter_fast.part.0+0x40/0x40 [ 455.408573] __handle_mm_fault+0x1561/0x3b60 [ 455.412996] ? copy_page_range+0x1e70/0x1e70 [ 455.417414] ? count_memcg_event_mm+0x279/0x4c0 [ 455.422554] handle_mm_fault+0x1a5/0x670 [ 455.426642] __do_page_fault+0x5ed/0xdd0 [ 455.430732] ? trace_hardirqs_off_caller+0x55/0x210 [ 455.435790] ? vmalloc_fault+0x730/0x730 [ 455.439865] ? page_fault+0x8/0x30 [ 455.443417] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.448281] ? page_fault+0x8/0x30 [ 455.451831] page_fault+0x1e/0x30 [ 455.455616] RIP: 0033:0x4006c4 [ 455.458826] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 455.478090] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 455.483480] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 455.490769] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 455.498128] RBP: 0000000000770688 R08: 0000000000000000 R09: 0000000000000000 [ 455.505400] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 455.512678] R13: 0000000000770690 R14: 000000000006ef59 R15: 000000000076bf2c 14:21:11 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb000200}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 455.666618] kauditd_printk_skb: 2 callbacks suppressed [ 455.666633] audit: type=1804 audit(1583245271.764:203): pid=12514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/252/bus" dev="sda1" ino=16665 res=1 [ 455.705818] Task in /syz4 killed as a result of limit of /syz4 [ 455.712189] memory: usage 307200kB, limit 307200kB, failcnt 2335 [ 455.718552] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 455.725390] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 455.731861] Memory cgroup stats for /syz4: cache:56KB rss:295100KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2384KB inactive_file:0KB active_file:4KB unevictable:22348KB [ 455.753527] Memory cgroup out of memory: Kill process 12482 (syz-executor.4) score 1232 or sacrifice child [ 455.763601] Killed process 12482 (syz-executor.4) total-vm:74700kB, anon-rss:18020kB, file-rss:56424kB, shmem-rss:0kB [ 455.774703] oom_reaper: reaped process 12482 (syz-executor.4), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB 14:21:12 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 455.870862] audit: type=1804 audit(1583245271.974:204): pid=12520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/252/bus" dev="sda1" ino=16665 res=1 14:21:12 executing program 3: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 455.957087] audit: type=1800 audit(1583245272.024:205): pid=12515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16665 res=0 [ 455.962282] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 455.998055] syz-executor.2 cpuset=syz2 mems_allowed=0-1 14:21:12 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(r3, &(0x7f0000000000)={0x38, 0x2, 0x42, 0x9, 0x12252000, 0x9, 0x100, 0x0, 0x800, 0x8}, 0x0) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 456.003483] CPU: 0 PID: 12502 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 456.011372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.020747] Call Trace: [ 456.023359] dump_stack+0x188/0x20d [ 456.027007] dump_header+0x159/0xa5e [ 456.031244] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 456.036366] ? ___ratelimit+0x59/0x573 [ 456.040452] oom_kill_process.cold+0x10/0x6dc [ 456.045064] ? task_will_free_mem+0x134/0x6d0 [ 456.047386] audit: type=1800 audit(1583245272.024:206): pid=12514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16665 res=0 [ 456.049628] out_of_memory+0x349/0x1250 [ 456.049649] ? oom_killer_disable+0x270/0x270 [ 456.049674] mem_cgroup_out_of_memory+0x1c7/0x240 [ 456.049688] ? memcg_event_wake+0x210/0x210 [ 456.049708] ? do_raw_spin_unlock+0x171/0x260 [ 456.049723] try_charge+0xe22/0x1300 [ 456.097480] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 456.102358] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 456.107488] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 456.113598] ? mark_held_locks+0xf0/0xf0 [ 456.117700] mem_cgroup_try_charge+0x249/0x5c0 [ 456.122322] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 456.127285] __handle_mm_fault+0x1cfb/0x3b60 [ 456.131727] ? copy_page_range+0x1e70/0x1e70 [ 456.136174] ? count_memcg_event_mm+0x279/0x4c0 [ 456.140887] handle_mm_fault+0x1a5/0x670 [ 456.145056] __get_user_pages+0x599/0x1650 [ 456.149320] ? follow_page_mask+0x1a60/0x1a60 [ 456.153847] ? lock_acquire+0x170/0x400 [ 456.157869] populate_vma_page_range+0x1fd/0x290 [ 456.162646] __mm_populate+0x1e8/0x350 [ 456.166545] ? populate_vma_page_range+0x290/0x290 [ 456.171502] ? do_mlock+0x6b0/0x6b0 [ 456.175163] __x64_sys_mlockall+0x340/0x500 [ 456.179498] do_syscall_64+0xf9/0x620 [ 456.183572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 456.188767] RIP: 0033:0x45c479 [ 456.192048] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 456.210976] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 456.218692] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 456.225984] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 456.233898] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 456.241172] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 456.248442] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 456.344682] Task in /syz2 killed as a result of limit of /syz2 [ 456.352210] memory: usage 307200kB, limit 307200kB, failcnt 17084 [ 456.363835] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 456.370994] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 456.377150] Memory cgroup stats for /syz2: cache:72KB rss:296304KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137188KB active_anon:8976KB inactive_file:0KB active_file:0KB unevictable:150152KB [ 456.404442] Memory cgroup out of memory: Kill process 12423 (syz-executor.2) score 1163 or sacrifice child [ 456.437727] Killed process 12423 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 456.441526] audit: type=1800 audit(1583245272.044:207): pid=12509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16665 res=0 [ 456.458070] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 456.483472] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 456.488954] CPU: 0 PID: 12535 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 456.496853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.506219] Call Trace: [ 456.508833] dump_stack+0x188/0x20d [ 456.512495] dump_header+0x159/0xa5e [ 456.516235] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 456.521476] ? ___ratelimit+0x59/0x573 [ 456.525419] oom_kill_process.cold+0x10/0x6dc [ 456.529943] ? task_will_free_mem+0x134/0x6d0 [ 456.534467] out_of_memory+0x349/0x1250 [ 456.536201] oom_reaper: reaped process 12423 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 456.538467] ? oom_killer_disable+0x270/0x270 [ 456.538498] mem_cgroup_out_of_memory+0x1c7/0x240 [ 456.538512] ? memcg_event_wake+0x210/0x210 [ 456.538533] ? do_raw_spin_unlock+0x171/0x260 [ 456.538547] try_charge+0xe22/0x1300 [ 456.538567] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 456.538587] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 456.581313] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 456.587747] ? mark_held_locks+0xf0/0xf0 [ 456.591832] mem_cgroup_try_charge+0x249/0x5c0 [ 456.596440] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 456.601400] __handle_mm_fault+0x1cfb/0x3b60 [ 456.605807] audit: type=1800 audit(1583245272.044:208): pid=12520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16665 res=0 [ 456.606169] ? copy_page_range+0x1e70/0x1e70 [ 456.632564] ? count_memcg_event_mm+0x279/0x4c0 [ 456.637406] handle_mm_fault+0x1a5/0x670 [ 456.641501] __get_user_pages+0x599/0x1650 [ 456.645765] ? follow_page_mask+0x1a60/0x1a60 [ 456.651445] ? lock_acquire+0x170/0x400 [ 456.655547] populate_vma_page_range+0x1fd/0x290 [ 456.660330] __mm_populate+0x1e8/0x350 [ 456.663998] audit: type=1800 audit(1583245272.414:209): pid=12528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16598 res=0 [ 456.664404] ? populate_vma_page_range+0x290/0x290 [ 456.690925] ? do_mlock+0x6b0/0x6b0 [ 456.694571] __x64_sys_mlockall+0x340/0x500 [ 456.698907] do_syscall_64+0xf9/0x620 [ 456.702780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 456.707974] RIP: 0033:0x45c479 [ 456.711182] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 456.730131] RSP: 002b:00007fad00d11c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 456.737882] RAX: ffffffffffffffda RBX: 00007fad00d126d4 RCX: 000000000045c479 [ 456.745297] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 456.752714] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 456.759998] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 456.767284] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 456.775323] Task in /syz3 killed as a result of limit of /syz3 [ 456.781382] memory: usage 307192kB, limit 307200kB, failcnt 5658 [ 456.787925] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 456.794744] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 456.800957] Memory cgroup stats for /syz3: cache:20KB rss:296264KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:93684KB active_anon:9060KB inactive_file:0KB active_file:0KB unevictable:193584KB [ 456.823117] Memory cgroup out of memory: Kill process 12497 (syz-executor.3) score 1163 or sacrifice child [ 456.833024] Killed process 12497 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 456.876657] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 456.923932] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 456.936602] CPU: 1 PID: 12530 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 456.944551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.953917] Call Trace: [ 456.956529] dump_stack+0x188/0x20d [ 456.960171] dump_header+0x159/0xa5e [ 456.963896] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 456.969006] ? ___ratelimit+0x59/0x573 [ 456.972915] oom_kill_process.cold+0x10/0x6dc [ 456.977418] ? task_will_free_mem+0x134/0x6d0 [ 456.981923] out_of_memory+0x349/0x1250 [ 456.985920] ? oom_killer_disable+0x270/0x270 [ 456.990436] mem_cgroup_out_of_memory+0x1c7/0x240 [ 456.995286] ? memcg_event_wake+0x210/0x210 [ 456.999646] ? do_raw_spin_unlock+0x171/0x260 [ 457.004172] try_charge+0xbdf/0x1300 [ 457.007913] ? find_held_lock+0x2d/0x110 [ 457.011981] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 457.016844] ? lock_downgrade+0x740/0x740 [ 457.021293] ? check_preemption_disabled+0x41/0x280 [ 457.026338] memcg_kmem_charge_memcg+0x7b/0x150 [ 457.031017] ? memcg_kmem_put_cache+0xb0/0xb0 [ 457.035535] ? should_fail+0x142/0x7bc [ 457.039434] ? __isolate_free_page+0x4c0/0x4c0 [ 457.044220] memcg_kmem_charge+0x132/0x360 [ 457.049079] __alloc_pages_nodemask+0x396/0x6a0 [ 457.053764] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 457.058807] ? _raw_spin_unlock_irq+0x24/0x80 [ 457.063314] copy_process.part.0+0x3d6/0x7a60 [ 457.067819] ? mark_held_locks+0xf0/0xf0 [ 457.071892] ? mark_held_locks+0xf0/0xf0 [ 457.075970] ? trace_hardirqs_off+0x50/0x200 [ 457.080669] ? __cleanup_sighand+0x60/0x60 [ 457.084997] ? lock_downgrade+0x740/0x740 [ 457.089189] ? __might_fault+0x192/0x1d0 [ 457.093261] _do_fork+0x22f/0xf40 [ 457.096736] ? fork_idle+0x1e0/0x1e0 [ 457.100458] ? __x64_sys_clock_gettime+0x165/0x240 [ 457.105390] ? __ia32_sys_clock_settime+0x260/0x260 [ 457.110762] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 457.115540] ? trace_hardirqs_off_caller+0x55/0x210 [ 457.120675] ? do_syscall_64+0x21/0x620 [ 457.124697] do_syscall_64+0xf9/0x620 [ 457.128511] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 457.133747] RIP: 0033:0x45c479 [ 457.136948] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 457.155943] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 457.163674] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 457.171041] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 457.178489] RBP: 000000000076bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 457.185945] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 457.193218] R13: 0000000000000074 R14: 00000000004c2d06 R15: 000000000076bf2c 14:21:13 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:13 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:13 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xe000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r3, 0x0) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) r5 = dup3(r3, r4, 0x0) write$RDMA_USER_CM_CMD_NOTIFY(r5, &(0x7f0000000000)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0xa}}, 0x10) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x10201, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b2000010000049d67b932043c2e20d691484ba3d34473b8b7d7f2ee4ec12c53dbf"], 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r11, @ANYBLOB="000000002fdcbbed1e80d5000900010068663363010000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r11, {}, {}, {0xf}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x7}}}]}}]}]}]}}]}, 0x5c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', r11}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 14:21:13 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 457.533907] Task in /syz3 killed as a result of limit of /syz3 [ 457.559305] memory: usage 293824kB, limit 307200kB, failcnt 5660 [ 457.578339] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 457.596372] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 457.617696] Memory cgroup stats for /syz3: cache:20KB rss:283044KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:75304KB active_anon:9036KB inactive_file:0KB active_file:4KB unevictable:198736KB [ 457.671494] Memory cgroup out of memory: Kill process 12525 (syz-executor.3) score 1177 or sacrifice child 14:21:13 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xf000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 457.811138] Killed process 12530 (syz-executor.3) total-vm:74964kB, anon-rss:18512kB, file-rss:56432kB, shmem-rss:0kB [ 457.823495] oom_reaper: reaped process 12530 (syz-executor.3), now anon-rss:18512kB, file-rss:56424kB, shmem-rss:0kB [ 457.855557] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 457.958216] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 457.963656] CPU: 0 PID: 12553 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 457.971549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.980931] Call Trace: [ 457.983542] dump_stack+0x188/0x20d [ 457.987534] dump_header+0x159/0xa5e [ 457.991275] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 457.996389] ? ___ratelimit+0x59/0x573 [ 458.000290] oom_kill_process.cold+0x10/0x6dc [ 458.004814] ? task_will_free_mem+0x134/0x6d0 [ 458.009360] out_of_memory+0x349/0x1250 [ 458.013341] ? oom_killer_disable+0x270/0x270 [ 458.018011] mem_cgroup_out_of_memory+0x1c7/0x240 [ 458.022982] ? memcg_event_wake+0x210/0x210 [ 458.027325] ? do_raw_spin_unlock+0x171/0x260 [ 458.031871] try_charge+0xe22/0x1300 [ 458.035730] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 458.040592] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 458.045461] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 458.051522] ? mark_held_locks+0xf0/0xf0 [ 458.055601] mem_cgroup_try_charge+0x249/0x5c0 [ 458.060196] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 458.065141] __handle_mm_fault+0x1cfb/0x3b60 [ 458.069683] ? copy_page_range+0x1e70/0x1e70 [ 458.074096] ? count_memcg_event_mm+0x279/0x4c0 [ 458.078782] handle_mm_fault+0x1a5/0x670 [ 458.082853] __get_user_pages+0x599/0x1650 [ 458.087108] ? follow_page_mask+0x1a60/0x1a60 [ 458.091612] ? lock_acquire+0x170/0x400 [ 458.095619] populate_vma_page_range+0x1fd/0x290 [ 458.100393] __mm_populate+0x1e8/0x350 [ 458.104301] ? populate_vma_page_range+0x290/0x290 [ 458.109239] ? do_mlock+0x6b0/0x6b0 [ 458.112995] __x64_sys_mlockall+0x340/0x500 [ 458.117336] do_syscall_64+0xf9/0x620 [ 458.121158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 458.126478] RIP: 0033:0x45c479 [ 458.129679] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 458.148717] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 458.156442] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 458.163728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 458.171006] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 458.178383] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 458.185680] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 458.220580] Task in /syz2 killed as a result of limit of /syz2 [ 458.227698] memory: usage 307200kB, limit 307200kB, failcnt 17108 [ 458.240518] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 458.247618] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 458.257372] Memory cgroup stats for /syz2: cache:72KB rss:296116KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:8KB active_file:0KB unevictable:148100KB [ 458.287009] Memory cgroup out of memory: Kill process 12479 (syz-executor.2) score 1163 or sacrifice child [ 458.297601] Killed process 12479 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:21:14 executing program 3: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:14 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x10000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:14 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 459.905695] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 459.917188] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 459.922863] CPU: 1 PID: 12565 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 459.930851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.940221] Call Trace: [ 459.942843] dump_stack+0x188/0x20d [ 459.946505] dump_header+0x159/0xa5e [ 459.950259] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 459.955435] ? ___ratelimit+0x59/0x573 [ 459.959353] oom_kill_process.cold+0x10/0x6dc [ 459.963883] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.968810] ? task_will_free_mem+0x134/0x6d0 [ 459.973345] out_of_memory+0x349/0x1250 [ 459.977503] ? oom_killer_disable+0x270/0x270 [ 459.982031] mem_cgroup_out_of_memory+0x1c7/0x240 [ 459.986900] ? memcg_event_wake+0x210/0x210 [ 459.991243] ? do_raw_spin_unlock+0x171/0x260 [ 459.995866] try_charge+0xe22/0x1300 [ 459.999603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 460.004467] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 460.009355] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 460.015547] ? __lock_acquire+0x6ee/0x49c0 [ 460.019834] mem_cgroup_try_charge+0x249/0x5c0 [ 460.024433] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 460.029586] wp_page_copy+0x3fe/0x1530 [ 460.033514] ? mark_held_locks+0xa6/0xf0 [ 460.037621] ? follow_pfn+0x260/0x260 [ 460.041624] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.046400] do_wp_page+0x518/0xfa0 [ 460.050063] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 460.054756] ? __handle_mm_fault+0x219a/0x3b60 [ 460.059366] __handle_mm_fault+0x21a4/0x3b60 [ 460.063792] ? copy_page_range+0x1e70/0x1e70 [ 460.068244] ? count_memcg_event_mm+0x279/0x4c0 [ 460.073055] handle_mm_fault+0x1a5/0x670 [ 460.077148] __get_user_pages+0x599/0x1650 [ 460.081413] ? follow_page_mask+0x1a60/0x1a60 [ 460.085998] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.090800] ? retint_kernel+0x2d/0x2d [ 460.094724] populate_vma_page_range+0x1fd/0x290 [ 460.099503] __mm_populate+0x1e8/0x350 [ 460.103717] ? populate_vma_page_range+0x290/0x290 [ 460.108666] ? do_mlock+0x6b0/0x6b0 [ 460.112336] __x64_sys_mlockall+0x340/0x500 [ 460.116845] do_syscall_64+0xf9/0x620 [ 460.120668] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 460.125863] RIP: 0033:0x45c479 [ 460.129210] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 460.148226] RSP: 002b:00007fad00d11c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 460.155954] RAX: ffffffffffffffda RBX: 00007fad00d126d4 RCX: 000000000045c479 [ 460.163242] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 460.170531] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 460.178010] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 460.185292] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 460.193458] Task in /syz3 killed as a result of limit of /syz3 [ 460.201172] memory: usage 307200kB, limit 307200kB, failcnt 5689 [ 460.207573] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 460.214476] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 460.220828] Memory cgroup stats for /syz3: cache:20KB rss:296112KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:88640KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:198604KB [ 460.243836] Memory cgroup out of memory: Kill process 12560 (syz-executor.3) score 1233 or sacrifice child [ 460.254136] Killed process 12566 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 460.677499] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 460.688817] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 460.694330] CPU: 0 PID: 12573 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 460.702237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.711607] Call Trace: [ 460.714225] dump_stack+0x188/0x20d [ 460.717902] dump_header+0x159/0xa5e [ 460.721827] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 460.726948] ? ___ratelimit+0x59/0x573 [ 460.730864] oom_kill_process.cold+0x10/0x6dc [ 460.735388] ? task_will_free_mem+0x134/0x6d0 [ 460.739910] out_of_memory+0x349/0x1250 [ 460.743912] ? oom_killer_disable+0x270/0x270 [ 460.748460] mem_cgroup_out_of_memory+0x1c7/0x240 [ 460.753338] ? memcg_event_wake+0x210/0x210 [ 460.757876] ? do_raw_spin_unlock+0x171/0x260 [ 460.762406] try_charge+0xe22/0x1300 [ 460.766291] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 460.771157] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 460.776013] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 460.782218] ? mark_held_locks+0xf0/0xf0 [ 460.786301] mem_cgroup_try_charge+0x249/0x5c0 [ 460.790925] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 460.795982] __handle_mm_fault+0x1cfb/0x3b60 [ 460.800419] ? copy_page_range+0x1e70/0x1e70 [ 460.804849] ? count_memcg_event_mm+0x279/0x4c0 [ 460.809558] handle_mm_fault+0x1a5/0x670 [ 460.813654] __get_user_pages+0x599/0x1650 [ 460.818176] ? follow_page_mask+0x1a60/0x1a60 [ 460.822734] ? lock_acquire+0x170/0x400 [ 460.826871] populate_vma_page_range+0x1fd/0x290 [ 460.831737] __mm_populate+0x1e8/0x350 [ 460.835804] ? populate_vma_page_range+0x290/0x290 [ 460.840923] ? do_mlock+0x6b0/0x6b0 [ 460.844574] __x64_sys_mlockall+0x340/0x500 [ 460.848930] do_syscall_64+0xf9/0x620 [ 460.852753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 460.857958] RIP: 0033:0x45c479 [ 460.861175] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 460.880090] RSP: 002b:00007f50fc7ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 460.887806] RAX: ffffffffffffffda RBX: 00007f50fc7ed6d4 RCX: 000000000045c479 [ 460.895082] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 460.902357] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 460.909825] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 460.917100] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 460.925097] Task in /syz5 killed as a result of limit of /syz5 [ 460.931317] memory: usage 307200kB, limit 307200kB, failcnt 10091 [ 460.937553] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 460.944381] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 460.950578] Memory cgroup stats for /syz5: cache:0KB rss:297292KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273856KB active_anon:288KB inactive_file:0KB active_file:4KB unevictable:23188KB [ 460.971832] Memory cgroup out of memory: Kill process 11911 (syz-executor.5) score 1163 or sacrifice child [ 460.981735] Killed process 11911 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 14:21:17 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:17 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x11000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:17 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x12000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:17 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = dup(r2) ioctl$TUNSETVNETBE(r3, 0x400454de, &(0x7f0000000000)) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x38]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:21:17 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 461.543862] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 461.555468] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 461.561318] CPU: 1 PID: 12575 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 461.569223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 461.578590] Call Trace: [ 461.581234] dump_stack+0x188/0x20d [ 461.584926] dump_header+0x159/0xa5e [ 461.588755] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 461.593880] ? ___ratelimit+0x59/0x573 [ 461.597787] oom_kill_process.cold+0x10/0x6dc [ 461.602306] ? task_will_free_mem+0x134/0x6d0 [ 461.607181] out_of_memory+0x349/0x1250 [ 461.611183] ? oom_killer_disable+0x270/0x270 [ 461.615711] mem_cgroup_out_of_memory+0x1c7/0x240 [ 461.620661] ? memcg_event_wake+0x210/0x210 [ 461.625017] ? do_raw_spin_unlock+0x171/0x260 [ 461.629535] try_charge+0xe22/0x1300 [ 461.633279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 461.638151] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 461.643025] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 461.649143] mem_cgroup_try_charge+0x249/0x5c0 [ 461.654095] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 461.659043] wp_page_copy+0x3fe/0x1530 [ 461.662959] ? follow_pfn+0x260/0x260 [ 461.666776] ? __lock_acquire+0x6ee/0x49c0 [ 461.671036] do_wp_page+0x518/0xfa0 [ 461.674672] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 461.679463] __handle_mm_fault+0x21a4/0x3b60 [ 461.683898] ? copy_page_range+0x1e70/0x1e70 [ 461.688320] ? count_memcg_event_mm+0x279/0x4c0 [ 461.693137] handle_mm_fault+0x1a5/0x670 [ 461.697215] __get_user_pages+0x599/0x1650 [ 461.701478] ? follow_page_mask+0x1a60/0x1a60 [ 461.705996] ? populate_vma_page_range+0x1a6/0x290 [ 461.710952] populate_vma_page_range+0x1fd/0x290 [ 461.715743] __mm_populate+0x1e8/0x350 [ 461.719735] ? populate_vma_page_range+0x290/0x290 [ 461.724673] ? do_mlock+0x6b0/0x6b0 [ 461.728329] __x64_sys_mlockall+0x340/0x500 [ 461.732693] do_syscall_64+0xf9/0x620 [ 461.736527] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 461.741980] RIP: 0033:0x45c479 [ 461.745197] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 461.764199] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 461.771924] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 461.779292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 461.787190] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 461.794478] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 461.801793] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 461.812444] Task in /syz4 killed as a result of limit of /syz4 [ 461.819348] memory: usage 307200kB, limit 307200kB, failcnt 2481 [ 461.826331] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 461.833771] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 461.840225] Memory cgroup stats for /syz4: cache:56KB rss:296600KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271924KB active_anon:2384KB inactive_file:4KB active_file:4KB unevictable:22480KB [ 461.862438] Memory cgroup out of memory: Kill process 12574 (syz-executor.4) score 1233 or sacrifice child [ 461.872696] Killed process 12581 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 462.753527] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 462.765134] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 462.770939] CPU: 0 PID: 12586 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 462.778829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.788179] Call Trace: [ 462.790861] dump_stack+0x188/0x20d [ 462.794497] dump_header+0x159/0xa5e [ 462.798228] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 462.803332] ? ___ratelimit+0x59/0x573 [ 462.807229] oom_kill_process.cold+0x10/0x6dc [ 462.811730] ? task_will_free_mem+0x134/0x6d0 [ 462.816228] out_of_memory+0x349/0x1250 [ 462.820208] ? oom_killer_disable+0x270/0x270 [ 462.824713] mem_cgroup_out_of_memory+0x1c7/0x240 [ 462.829560] ? memcg_event_wake+0x210/0x210 [ 462.833891] ? do_raw_spin_unlock+0x171/0x260 [ 462.838387] try_charge+0xe22/0x1300 [ 462.842106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 462.847387] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 462.852416] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 462.858469] ? retint_kernel+0x2d/0x2d [ 462.862968] ? __lock_acquire+0x6ee/0x49c0 [ 462.867205] mem_cgroup_try_charge+0x249/0x5c0 [ 462.871791] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 462.876748] wp_page_copy+0x3fe/0x1530 [ 462.881197] ? follow_pfn+0x260/0x260 [ 462.885055] ? __lock_acquire+0x6ee/0x49c0 [ 462.889317] do_wp_page+0x518/0xfa0 [ 462.892977] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 462.897728] __handle_mm_fault+0x21a4/0x3b60 [ 462.902175] ? copy_page_range+0x1e70/0x1e70 [ 462.906731] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 462.911338] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.916123] handle_mm_fault+0x1a5/0x670 [ 462.920209] __get_user_pages+0x599/0x1650 [ 462.924487] ? follow_page_mask+0x1a60/0x1a60 [ 462.928989] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.933943] ? retint_kernel+0x2d/0x2d [ 462.937864] populate_vma_page_range+0x1fd/0x290 [ 462.942654] __mm_populate+0x1e8/0x350 [ 462.946568] ? populate_vma_page_range+0x290/0x290 [ 462.951592] ? do_mlock+0x6b0/0x6b0 [ 462.955245] __x64_sys_mlockall+0x340/0x500 [ 462.959589] do_syscall_64+0xf9/0x620 [ 462.963417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 462.968623] RIP: 0033:0x45c479 [ 462.971827] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 462.992007] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 462.999816] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 463.007089] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 463.014372] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 463.021747] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 463.029368] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 463.046248] Task in /syz3 killed as a result of limit of /syz3 [ 463.052494] memory: usage 307188kB, limit 307200kB, failcnt 5716 [ 463.058996] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 463.067764] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 463.074187] Memory cgroup stats for /syz3: cache:20KB rss:296208KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:88744KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:198476KB [ 463.096586] Memory cgroup out of memory: Kill process 12584 (syz-executor.3) score 1233 or sacrifice child [ 463.106794] Killed process 12588 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB 14:21:19 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1d000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r3, 0x0) ioctl$VFIO_SET_IOMMU(r3, 0x3b66, 0x4) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x7, &(0x7f00000000c0)=""/104, &(0x7f0000000140)=0x68) r5 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r5, 0x2008002) ioctl$FIGETBSZ(r5, 0x2, &(0x7f0000000080)) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r6, 0x0) write$vhci(r6, &(0x7f0000000440)=@HCI_SCODATA_PKT={0x3, "5a5ff432bde701435b954de538ec18ad634cf6d2d8cb57caf90205b428210f73a027f45413ba5c3614e43de737226aa8d38b0b7ff27289436c42968b8f8c7b454ca52bed767d2c4524e99814cb7eb077b9ee19bd29cc587520eb5fcd791413c63b3b2c99e3cff28066f69cec40b72e7d0dfa84345cb9400d4e5bf5f6bd2fcaa174cd34c30f0cb0c3d18eee9fe6082b969297f93090114d3e66362d559e8695c9f75630ef4cf830a6d85b37c04570a3985052182746fee9e091c6862d0d74b35c4665dfe9"}, 0xc5) ioctl$KVM_RUN(r4, 0xae80, 0x0) r7 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r7, 0x0) getsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, &(0x7f0000000180), 0x2) 14:21:19 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:19 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1f000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 463.513349] audit: type=1804 audit(1583245279.614:210): pid=12603 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/256/bus" dev="sda1" ino=16663 res=1 [ 463.626682] audit: type=1804 audit(1583245279.694:211): pid=12609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/256/bus" dev="sda1" ino=16663 res=1 14:21:19 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:20 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:20 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x20000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 464.247147] audit: type=1804 audit(1583245280.344:212): pid=12620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/256/bus" dev="sda1" ino=16663 res=1 [ 465.133180] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 465.145005] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 465.151017] CPU: 0 PID: 12619 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 465.159043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.168516] Call Trace: [ 465.171124] dump_stack+0x188/0x20d [ 465.174774] dump_header+0x159/0xa5e [ 465.178766] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 465.183878] ? ___ratelimit+0x59/0x573 [ 465.187779] oom_kill_process.cold+0x10/0x6dc [ 465.192320] ? task_will_free_mem+0x134/0x6d0 [ 465.197264] out_of_memory+0x349/0x1250 [ 465.201249] ? oom_killer_disable+0x270/0x270 [ 465.205769] mem_cgroup_out_of_memory+0x1c7/0x240 [ 465.210621] ? memcg_event_wake+0x210/0x210 [ 465.215041] ? do_raw_spin_unlock+0x171/0x260 [ 465.219561] try_charge+0xe22/0x1300 [ 465.223309] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 465.228266] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 465.233143] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 465.239753] mem_cgroup_try_charge+0x249/0x5c0 [ 465.244354] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 465.249303] wp_page_copy+0x3fe/0x1530 [ 465.253205] ? follow_pfn+0x260/0x260 [ 465.257015] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 465.261629] do_wp_page+0x518/0xfa0 [ 465.265263] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 465.269981] __handle_mm_fault+0x21a4/0x3b60 [ 465.274408] ? copy_page_range+0x1e70/0x1e70 [ 465.278912] ? count_memcg_event_mm+0x279/0x4c0 [ 465.283623] handle_mm_fault+0x1a5/0x670 [ 465.287713] __get_user_pages+0x599/0x1650 [ 465.291993] ? follow_page_mask+0x1a60/0x1a60 [ 465.296558] populate_vma_page_range+0x1fd/0x290 [ 465.301335] __mm_populate+0x1e8/0x350 [ 465.305276] ? populate_vma_page_range+0x290/0x290 [ 465.310230] __x64_sys_mlockall+0x340/0x500 [ 465.316066] do_syscall_64+0xf9/0x620 [ 465.319887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 465.325109] RIP: 0033:0x45c479 [ 465.328324] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 465.347244] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 465.354961] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 465.362237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 465.369597] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 465.376882] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 465.384171] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 465.394523] Task in /syz3 killed as a result of limit of /syz3 [ 465.400859] memory: usage 307200kB, limit 307200kB, failcnt 5725 [ 465.407249] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 465.414358] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 465.421413] Memory cgroup stats for /syz3: cache:20KB rss:296244KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:88756KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:198476KB [ 465.443821] Memory cgroup out of memory: Kill process 12617 (syz-executor.3) score 1233 or sacrifice child [ 465.454264] Killed process 12621 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 466.147121] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 466.158886] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 466.164485] CPU: 0 PID: 12611 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 466.172540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.181943] Call Trace: [ 466.184563] dump_stack+0x188/0x20d [ 466.189090] dump_header+0x159/0xa5e [ 466.192845] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 466.198065] ? ___ratelimit+0x59/0x573 [ 466.203722] oom_kill_process.cold+0x10/0x6dc [ 466.208416] ? task_will_free_mem+0x134/0x6d0 [ 466.212941] out_of_memory+0x349/0x1250 [ 466.217044] ? oom_killer_disable+0x270/0x270 [ 466.221808] mem_cgroup_out_of_memory+0x1c7/0x240 [ 466.226696] ? memcg_event_wake+0x210/0x210 [ 466.231053] ? do_raw_spin_unlock+0x171/0x260 [ 466.235575] try_charge+0xe22/0x1300 [ 466.239328] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 466.245014] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 466.249949] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 466.256048] mem_cgroup_try_charge+0x249/0x5c0 [ 466.260747] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 466.265969] wp_page_copy+0x3fe/0x1530 [ 466.269902] ? follow_pfn+0x260/0x260 [ 466.273732] ? __lock_acquire+0x6ee/0x49c0 [ 466.278004] do_wp_page+0x518/0xfa0 [ 466.281660] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 466.286360] __handle_mm_fault+0x21a4/0x3b60 [ 466.291239] ? copy_page_range+0x1e70/0x1e70 [ 466.295681] ? count_memcg_event_mm+0x279/0x4c0 [ 466.300394] handle_mm_fault+0x1a5/0x670 [ 466.304579] __get_user_pages+0x599/0x1650 [ 466.309363] ? follow_page_mask+0x1a60/0x1a60 [ 466.313962] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 466.318739] ? retint_kernel+0x2d/0x2d [ 466.322669] populate_vma_page_range+0x1fd/0x290 [ 466.327557] __mm_populate+0x1e8/0x350 [ 466.331476] ? populate_vma_page_range+0x290/0x290 [ 466.336408] ? do_mlock+0x6b0/0x6b0 [ 466.340043] __x64_sys_mlockall+0x340/0x500 [ 466.344473] do_syscall_64+0xf9/0x620 [ 466.348872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 466.354153] RIP: 0033:0x45c479 [ 466.357440] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 466.376479] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 466.384201] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 466.391485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 466.398866] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 466.407080] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 466.414540] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 466.423952] Task in /syz5 killed as a result of limit of /syz5 [ 466.430340] memory: usage 307116kB, limit 307200kB, failcnt 10121 [ 466.437101] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 466.444570] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 466.450884] Memory cgroup stats for /syz5: cache:0KB rss:297144KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260348KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:36684KB [ 466.478234] Memory cgroup out of memory: Kill process 12608 (syz-executor.5) score 1233 or sacrifice child [ 466.488648] Killed process 12622 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 466.568514] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 466.579848] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 466.585399] CPU: 0 PID: 12611 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 466.593296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.603144] Call Trace: [ 466.605842] dump_stack+0x188/0x20d [ 466.609484] dump_header+0x159/0xa5e [ 466.614264] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 466.619430] ? ___ratelimit+0x59/0x573 [ 466.623336] oom_kill_process.cold+0x10/0x6dc [ 466.628283] ? task_will_free_mem+0x134/0x6d0 [ 466.632804] out_of_memory+0x349/0x1250 [ 466.636807] ? mark_held_locks+0xa6/0xf0 [ 466.640884] ? oom_killer_disable+0x270/0x270 [ 466.645419] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 466.650026] mem_cgroup_out_of_memory+0x1c7/0x240 [ 466.654891] ? memcg_event_wake+0x210/0x210 [ 466.659239] try_charge+0xe22/0x1300 [ 466.663071] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 466.667933] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 466.672792] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 466.678861] mem_cgroup_try_charge+0x249/0x5c0 [ 466.683468] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 466.689041] wp_page_copy+0x3fe/0x1530 [ 466.692949] ? retint_kernel+0x2d/0x2d [ 466.696850] ? follow_pfn+0x260/0x260 [ 466.700656] do_wp_page+0x518/0xfa0 [ 466.704307] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 466.708982] __handle_mm_fault+0x21a4/0x3b60 [ 466.713405] ? copy_page_range+0x1e70/0x1e70 [ 466.717846] ? count_memcg_event_mm+0x279/0x4c0 [ 466.722566] handle_mm_fault+0x1a5/0x670 [ 466.726665] __get_user_pages+0x599/0x1650 [ 466.730957] ? follow_page_mask+0x1a60/0x1a60 [ 466.735468] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 466.740232] ? retint_kernel+0x2d/0x2d [ 466.744137] populate_vma_page_range+0x1fd/0x290 [ 466.748953] __mm_populate+0x1e8/0x350 [ 466.752840] ? populate_vma_page_range+0x290/0x290 [ 466.757806] ? do_mlock+0x6b0/0x6b0 [ 466.761572] __x64_sys_mlockall+0x340/0x500 [ 466.765920] do_syscall_64+0xf9/0x620 [ 466.769726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 466.774954] RIP: 0033:0x45c479 [ 466.778183] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 466.797271] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 466.805182] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 466.812461] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 466.819820] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 466.827112] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 466.834409] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 466.841902] Task in /syz5 killed as a result of limit of /syz5 [ 466.848013] memory: usage 302240kB, limit 307200kB, failcnt 10181 [ 466.854267] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 466.861125] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 466.867278] Memory cgroup stats for /syz5: cache:0KB rss:292376KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:255476KB active_anon:276KB inactive_file:0KB active_file:4KB unevictable:36684KB [ 466.888554] Memory cgroup out of memory: Kill process 12608 (syz-executor.5) score 1233 or sacrifice child [ 466.898604] Killed process 12611 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB [ 466.999286] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 467.010696] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 467.016273] CPU: 1 PID: 12626 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 467.024399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.033898] Call Trace: [ 467.036512] dump_stack+0x188/0x20d [ 467.040170] dump_header+0x159/0xa5e [ 467.043917] oom_kill_process.cold+0x10/0x6dc [ 467.048632] ? task_will_free_mem+0x134/0x6d0 [ 467.053186] out_of_memory+0x349/0x1250 [ 467.057194] ? oom_killer_disable+0x270/0x270 [ 467.061727] mem_cgroup_out_of_memory+0x1c7/0x240 [ 467.066594] ? memcg_event_wake+0x210/0x210 [ 467.070938] ? do_raw_spin_unlock+0x171/0x260 [ 467.075539] try_charge+0xe22/0x1300 [ 467.079276] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 467.084136] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 467.088998] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 467.095077] mem_cgroup_try_charge+0x249/0x5c0 14:21:23 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 467.099684] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 467.104741] wp_page_copy+0x3fe/0x1530 [ 467.108651] ? follow_pfn+0x260/0x260 [ 467.112466] ? __lock_acquire+0x6ee/0x49c0 [ 467.116724] do_wp_page+0x518/0xfa0 [ 467.120369] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 467.125054] __handle_mm_fault+0x21a4/0x3b60 [ 467.129738] ? copy_page_range+0x1e70/0x1e70 [ 467.134189] ? count_memcg_event_mm+0x279/0x4c0 [ 467.138895] handle_mm_fault+0x1a5/0x670 [ 467.143242] __get_user_pages+0x599/0x1650 [ 467.147504] ? follow_page_mask+0x1a60/0x1a60 [ 467.152018] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 467.156637] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 467.161415] ? lock_acquire+0x170/0x400 [ 467.165406] populate_vma_page_range+0x1fd/0x290 [ 467.170271] __mm_populate+0x1e8/0x350 [ 467.174186] ? populate_vma_page_range+0x290/0x290 [ 467.179131] ? do_mlock+0x6b0/0x6b0 [ 467.182793] __x64_sys_mlockall+0x340/0x500 [ 467.188265] do_syscall_64+0xf9/0x620 [ 467.192090] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 467.197288] RIP: 0033:0x45c479 [ 467.200501] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 467.219426] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 467.227144] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 467.234507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 14:21:23 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 467.246913] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 467.254198] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 467.261472] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 467.268913] Task in /syz4 killed as a result of limit of /syz4 [ 467.275094] memory: usage 307200kB, limit 307200kB, failcnt 3091 [ 467.281543] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 467.288454] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:21:23 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 467.294832] Memory cgroup stats for /syz4: cache:56KB rss:296728KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272136KB active_anon:2384KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 467.316866] Memory cgroup out of memory: Kill process 12613 (syz-executor.4) score 1233 or sacrifice child [ 467.326999] Killed process 12627 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:21:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r4, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000080)={0x4, 0x9, 0x4, 0x10, 0x9, {0x77359400}, {0x2, 0x1, 0x2, 0x22, 0x9, 0x80, "b4aa7aaa"}, 0x0, 0x1, @offset=0x7, 0x7fffffff, 0x0, r2}) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:23 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x40000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 467.951556] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 467.963062] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 467.968932] CPU: 1 PID: 12633 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 467.976819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.986178] Call Trace: [ 467.988780] dump_stack+0x188/0x20d [ 467.992417] dump_header+0x159/0xa5e [ 467.996146] oom_kill_process.cold+0x10/0x6dc [ 468.000680] ? task_will_free_mem+0x134/0x6d0 [ 468.005185] out_of_memory+0x349/0x1250 [ 468.009257] ? oom_killer_disable+0x270/0x270 [ 468.013768] mem_cgroup_out_of_memory+0x1c7/0x240 [ 468.018641] ? memcg_event_wake+0x210/0x210 [ 468.023412] ? do_raw_spin_unlock+0x171/0x260 [ 468.027916] try_charge+0xe22/0x1300 [ 468.031642] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 468.036491] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 468.041430] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 468.047506] mem_cgroup_try_charge+0x249/0x5c0 [ 468.052153] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 468.057114] wp_page_copy+0x3fe/0x1530 [ 468.061017] ? follow_pfn+0x260/0x260 [ 468.064822] ? unlock_page+0x105/0x280 [ 468.068716] do_wp_page+0x518/0xfa0 [ 468.072349] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 468.077028] __handle_mm_fault+0x21a4/0x3b60 [ 468.081446] ? copy_page_range+0x1e70/0x1e70 [ 468.085858] ? count_memcg_event_mm+0x279/0x4c0 [ 468.090552] handle_mm_fault+0x1a5/0x670 [ 468.094630] __get_user_pages+0x599/0x1650 [ 468.098881] ? follow_page_mask+0x1a60/0x1a60 [ 468.103380] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.108148] ? retint_kernel+0x2d/0x2d [ 468.112049] populate_vma_page_range+0x1fd/0x290 [ 468.116834] __mm_populate+0x1e8/0x350 [ 468.121007] ? populate_vma_page_range+0x290/0x290 [ 468.126054] ? do_mlock+0x6b0/0x6b0 [ 468.129699] __x64_sys_mlockall+0x340/0x500 [ 468.134651] do_syscall_64+0xf9/0x620 [ 468.138486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 468.143768] RIP: 0033:0x45c479 [ 468.147011] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 468.166058] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 468.173793] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 468.181084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 468.188370] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 468.195759] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 468.203049] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 468.211862] Task in /syz5 killed as a result of limit of /syz5 [ 468.218609] memory: usage 307200kB, limit 307200kB, failcnt 10198 [ 468.225097] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 468.232426] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 468.238810] Memory cgroup stats for /syz5: cache:0KB rss:297296KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260428KB active_anon:276KB inactive_file:4KB active_file:0KB unevictable:36684KB [ 468.260950] Memory cgroup out of memory: Kill process 12630 (syz-executor.5) score 1233 or sacrifice child [ 468.271530] Killed process 12639 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 468.570891] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 468.582526] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 468.588495] CPU: 0 PID: 12634 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 468.596465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.605992] Call Trace: [ 468.608594] dump_stack+0x188/0x20d [ 468.612230] dump_header+0x159/0xa5e [ 468.615946] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 468.628431] ? ___ratelimit+0x59/0x573 [ 468.633024] oom_kill_process.cold+0x10/0x6dc [ 468.637568] ? out_of_memory+0x13d/0x1250 [ 468.641725] out_of_memory+0x349/0x1250 [ 468.645881] ? mark_held_locks+0xa6/0xf0 [ 468.649948] ? oom_killer_disable+0x270/0x270 [ 468.654975] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 468.659757] mem_cgroup_out_of_memory+0x1c7/0x240 [ 468.664712] ? memcg_event_wake+0x210/0x210 [ 468.669054] try_charge+0xe22/0x1300 [ 468.672790] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 468.677648] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 468.682501] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 468.688595] mem_cgroup_try_charge+0x249/0x5c0 [ 468.693187] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 468.698150] wp_page_copy+0x3fe/0x1530 [ 468.702855] ? follow_pfn+0x260/0x260 [ 468.706664] ? __lock_acquire+0x6ee/0x49c0 [ 468.710896] do_wp_page+0x518/0xfa0 [ 468.714518] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 468.719194] __handle_mm_fault+0x21a4/0x3b60 [ 468.724034] ? copy_page_range+0x1e70/0x1e70 [ 468.728450] ? count_memcg_event_mm+0x279/0x4c0 [ 468.733122] handle_mm_fault+0x1a5/0x670 [ 468.737200] __get_user_pages+0x599/0x1650 [ 468.741448] ? follow_page_mask+0x1a60/0x1a60 [ 468.745956] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.750707] ? retint_kernel+0x2d/0x2d [ 468.754590] populate_vma_page_range+0x1fd/0x290 [ 468.759343] __mm_populate+0x1e8/0x350 [ 468.763833] ? populate_vma_page_range+0x290/0x290 [ 468.768765] ? do_mlock+0x6b0/0x6b0 [ 468.772400] __x64_sys_mlockall+0x340/0x500 [ 468.776812] do_syscall_64+0xf9/0x620 [ 468.780718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 468.785900] RIP: 0033:0x45c479 [ 468.789086] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 468.808150] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 468.815952] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 468.823245] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 468.830511] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 468.837789] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 468.845073] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 468.854234] Task in /syz3 killed as a result of limit of /syz3 [ 468.860558] memory: usage 307200kB, limit 307200kB, failcnt 5757 [ 468.866832] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 468.874104] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 468.881024] Memory cgroup stats for /syz3: cache:20KB rss:296256KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:88788KB active_anon:9036KB inactive_file:0KB active_file:4KB unevictable:198476KB [ 468.903209] Memory cgroup out of memory: Kill process 12631 (syz-executor.3) score 1233 or sacrifice child 14:21:24 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x401f0000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 468.918662] Killed process 12640 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB 14:21:25 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0xfffffffd, 0x3}, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x9, 0x480000) ioctl$VIDIOC_DBG_G_CHIP_INFO(r1, 0xc0c85666, &(0x7f0000000080)={{0x78a8c668d9cc260b, @name="6c28c616bf1dfa0107bee6ba9978d6ad23f2fbd2c86d2d31bfa0f0b088736320"}, "b49c4b28cf71878c5e8262cb32d70a397e09190644fcc68c68a1ddcc66afcb8c", 0x1}) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = getpid() fcntl$setown(0xffffffffffffffff, 0x8, r4) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000fe1000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x30, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x7) ioctl$KVM_RUN(r6, 0xae80, 0x0) move_pages(0x0, 0x9, &(0x7f0000000180)=[&(0x7f0000ff0000/0x4000)=nil, &(0x7f0000fe8000/0x9000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fe1000/0x2000)=nil, &(0x7f0000fed000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000fe6000/0x10000)=nil, &(0x7f0000fff000/0x1000)=nil], &(0x7f00000002c0)=[0x100, 0x8000, 0x6, 0x20, 0xffffffff], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4) ioctl$KVM_RUN(r6, 0xae80, 0x0) 14:21:25 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:25 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4d010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x141080, 0x0) ioctl$sock_rose_SIOCDELRT(r4, 0x890c, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x2, @null, @rose={'rose', 0x0}, 0x6, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 469.659604] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 469.670922] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 469.676429] CPU: 0 PID: 12655 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 469.684352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.693737] Call Trace: [ 469.696352] dump_stack+0x188/0x20d [ 469.699994] dump_header+0x159/0xa5e [ 469.703720] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 469.708832] ? ___ratelimit+0x59/0x573 [ 469.712734] oom_kill_process.cold+0x10/0x6dc [ 469.717243] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.722172] ? task_will_free_mem+0x134/0x6d0 [ 469.726700] out_of_memory+0x349/0x1250 [ 469.730738] ? oom_killer_disable+0x270/0x270 [ 469.735340] mem_cgroup_out_of_memory+0x1c7/0x240 [ 469.740216] ? memcg_event_wake+0x210/0x210 [ 469.744559] ? do_raw_spin_unlock+0x171/0x260 [ 469.749174] try_charge+0xe22/0x1300 [ 469.752922] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 469.757809] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 469.762675] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 469.768766] mem_cgroup_try_charge+0x249/0x5c0 [ 469.773363] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 469.778312] wp_page_copy+0x3fe/0x1530 [ 469.782220] ? follow_pfn+0x260/0x260 [ 469.786027] ? __lock_acquire+0x6ee/0x49c0 [ 469.790277] do_wp_page+0x518/0xfa0 [ 469.793935] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 469.798617] __handle_mm_fault+0x21a4/0x3b60 [ 469.803036] ? copy_page_range+0x1e70/0x1e70 [ 469.807455] ? count_memcg_event_mm+0x279/0x4c0 [ 469.812150] handle_mm_fault+0x1a5/0x670 [ 469.816230] __get_user_pages+0x599/0x1650 [ 469.820478] ? follow_page_mask+0x1a60/0x1a60 [ 469.825148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.829931] ? retint_kernel+0x2d/0x2d [ 469.833830] populate_vma_page_range+0x1fd/0x290 [ 469.838592] __mm_populate+0x1e8/0x350 [ 469.842484] ? populate_vma_page_range+0x290/0x290 [ 469.847435] ? do_mlock+0x6b0/0x6b0 [ 469.851069] __x64_sys_mlockall+0x340/0x500 [ 469.855413] do_syscall_64+0xf9/0x620 [ 469.859233] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 469.864422] RIP: 0033:0x45c479 [ 469.867624] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 469.886813] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 469.894518] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 469.901786] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 469.909053] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 469.916360] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 469.923636] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 469.932202] Task in /syz4 killed as a result of limit of /syz4 [ 469.938381] memory: usage 307200kB, limit 307200kB, failcnt 3118 [ 469.944631] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 469.952201] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 469.958486] Memory cgroup stats for /syz4: cache:56KB rss:296728KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272132KB active_anon:2384KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 469.980175] Memory cgroup out of memory: Kill process 12654 (syz-executor.4) score 1233 or sacrifice child [ 469.990275] Killed process 12663 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 470.003046] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 470.014427] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 470.020947] CPU: 0 PID: 12658 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 470.028862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.038242] Call Trace: [ 470.040833] dump_stack+0x188/0x20d [ 470.044472] dump_header+0x159/0xa5e [ 470.048182] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 470.053277] ? ___ratelimit+0x59/0x573 [ 470.057169] oom_kill_process.cold+0x10/0x6dc [ 470.061829] ? task_will_free_mem+0x134/0x6d0 [ 470.066320] out_of_memory+0x349/0x1250 [ 470.070291] ? oom_killer_disable+0x270/0x270 [ 470.074800] mem_cgroup_out_of_memory+0x1c7/0x240 [ 470.079649] ? memcg_event_wake+0x210/0x210 [ 470.083967] ? do_raw_spin_unlock+0x171/0x260 [ 470.088454] try_charge+0xe22/0x1300 [ 470.092179] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 470.097027] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 470.101873] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 470.108118] mem_cgroup_try_charge+0x249/0x5c0 [ 470.112694] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 470.117639] wp_page_copy+0x3fe/0x1530 [ 470.121551] ? follow_pfn+0x260/0x260 [ 470.125379] ? __lock_acquire+0x6ee/0x49c0 [ 470.129639] do_wp_page+0x518/0xfa0 [ 470.133279] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 470.137953] __handle_mm_fault+0x21a4/0x3b60 [ 470.142367] ? copy_page_range+0x1e70/0x1e70 [ 470.146773] ? count_memcg_event_mm+0x279/0x4c0 [ 470.151471] handle_mm_fault+0x1a5/0x670 [ 470.155544] __get_user_pages+0x599/0x1650 [ 470.159782] ? follow_page_mask+0x1a60/0x1a60 [ 470.164268] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.169031] ? retint_kernel+0x2d/0x2d [ 470.172919] populate_vma_page_range+0x1fd/0x290 [ 470.177753] __mm_populate+0x1e8/0x350 [ 470.181652] ? populate_vma_page_range+0x290/0x290 [ 470.186657] ? do_mlock+0x6b0/0x6b0 [ 470.190279] __x64_sys_mlockall+0x340/0x500 [ 470.194596] do_syscall_64+0xf9/0x620 [ 470.198392] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 470.203584] RIP: 0033:0x45c479 [ 470.206956] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 470.225845] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 470.233556] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 470.240814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 470.248080] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 470.255357] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 470.262819] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 470.270153] Task in /syz5 killed as a result of limit of /syz5 [ 470.276599] memory: usage 307200kB, limit 307200kB, failcnt 10233 [ 470.282997] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 470.291192] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 470.299091] Memory cgroup stats for /syz5: cache:0KB rss:297296KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260268KB active_anon:276KB inactive_file:0KB active_file:4KB unevictable:36816KB [ 470.320713] Memory cgroup out of memory: Kill process 12657 (syz-executor.5) score 1233 or sacrifice child [ 470.331395] Killed process 12667 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 470.344416] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 470.356167] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 470.361903] CPU: 1 PID: 12655 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 470.369793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.379162] Call Trace: [ 470.381787] dump_stack+0x188/0x20d [ 470.385443] dump_header+0x159/0xa5e [ 470.389190] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 470.394391] ? ___ratelimit+0x59/0x573 [ 470.398406] oom_kill_process.cold+0x10/0x6dc [ 470.403019] ? task_will_free_mem+0x134/0x6d0 [ 470.407549] out_of_memory+0x349/0x1250 [ 470.411562] ? oom_killer_disable+0x270/0x270 [ 470.416086] mem_cgroup_out_of_memory+0x1c7/0x240 [ 470.421050] ? memcg_event_wake+0x210/0x210 [ 470.425535] ? do_raw_spin_unlock+0x171/0x260 [ 470.430044] try_charge+0xe22/0x1300 [ 470.433787] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 470.438660] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 470.443627] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 470.449717] mem_cgroup_try_charge+0x249/0x5c0 [ 470.454326] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 470.459277] wp_page_copy+0x3fe/0x1530 [ 470.463201] ? follow_pfn+0x260/0x260 [ 470.467015] ? __lock_acquire+0x6ee/0x49c0 [ 470.471507] do_wp_page+0x518/0xfa0 [ 470.475182] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 470.489669] __handle_mm_fault+0x21a4/0x3b60 [ 470.494093] ? copy_page_range+0x1e70/0x1e70 [ 470.498608] ? count_memcg_event_mm+0x279/0x4c0 [ 470.503308] handle_mm_fault+0x1a5/0x670 [ 470.507407] __get_user_pages+0x599/0x1650 [ 470.511668] ? follow_page_mask+0x1a60/0x1a60 [ 470.516170] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.520953] ? retint_kernel+0x2d/0x2d [ 470.524851] populate_vma_page_range+0x1fd/0x290 [ 470.529623] __mm_populate+0x1e8/0x350 [ 470.533604] ? populate_vma_page_range+0x290/0x290 [ 470.538565] ? do_mlock+0x6b0/0x6b0 [ 470.542203] __x64_sys_mlockall+0x340/0x500 [ 470.546528] do_syscall_64+0xf9/0x620 [ 470.550337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 470.555535] RIP: 0033:0x45c479 [ 470.558732] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 470.577642] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 470.585386] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 470.592656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 470.599924] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 470.607205] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 470.614820] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 470.623436] Task in /syz4 killed as a result of limit of /syz4 [ 470.629674] memory: usage 305196kB, limit 307200kB, failcnt 3124 [ 470.635905] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 470.642844] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 470.649121] Memory cgroup stats for /syz4: cache:56KB rss:295000KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2384KB inactive_file:8KB active_file:0KB unevictable:22348KB [ 470.670897] Memory cgroup out of memory: Kill process 12654 (syz-executor.4) score 1233 or sacrifice child [ 470.680825] Killed process 12654 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB [ 470.693644] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:21:26 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:26 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x64000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 470.693811] oom_reaper: reaped process 12654 (syz-executor.4), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB [ 470.705421] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 470.722208] CPU: 0 PID: 12658 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 470.730281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.739672] Call Trace: [ 470.742304] dump_stack+0x188/0x20d [ 470.745957] dump_header+0x159/0xa5e [ 470.749687] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 470.754838] ? ___ratelimit+0x59/0x573 [ 470.758864] oom_kill_process.cold+0x10/0x6dc [ 470.763463] ? out_of_memory+0x19f/0x1250 [ 470.767624] ? mem_cgroup_get_max+0x32/0x240 [ 470.772077] out_of_memory+0x349/0x1250 [ 470.776068] ? oom_killer_disable+0x270/0x270 [ 470.780590] mem_cgroup_out_of_memory+0x1c7/0x240 [ 470.785460] ? memcg_event_wake+0x210/0x210 [ 470.789815] ? do_raw_spin_unlock+0x171/0x260 [ 470.794331] try_charge+0xe22/0x1300 [ 470.798065] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 470.802921] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 470.803813] oom_reaper: reaped process 12667 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 470.807775] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 470.807804] mem_cgroup_try_charge+0x249/0x5c0 [ 470.828802] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 470.833770] wp_page_copy+0x3fe/0x1530 [ 470.837689] ? follow_pfn+0x260/0x260 [ 470.841512] ? __lock_acquire+0x6ee/0x49c0 [ 470.845774] do_wp_page+0x518/0xfa0 [ 470.849439] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 470.854131] __handle_mm_fault+0x21a4/0x3b60 [ 470.858562] ? copy_page_range+0x1e70/0x1e70 [ 470.863104] ? count_memcg_event_mm+0x279/0x4c0 [ 470.867815] handle_mm_fault+0x1a5/0x670 [ 470.872546] __get_user_pages+0x599/0x1650 [ 470.876805] ? follow_page_mask+0x1a60/0x1a60 [ 470.881321] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.886105] ? retint_kernel+0x2d/0x2d [ 470.890022] populate_vma_page_range+0x1fd/0x290 [ 470.894797] __mm_populate+0x1e8/0x350 [ 470.898718] ? populate_vma_page_range+0x290/0x290 [ 470.903654] ? do_mlock+0x6b0/0x6b0 [ 470.907315] __x64_sys_mlockall+0x340/0x500 [ 470.911659] do_syscall_64+0xf9/0x620 [ 470.915473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 470.920676] RIP: 0033:0x45c479 [ 470.923882] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 470.942982] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 470.950817] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 470.958132] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 470.965413] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 470.972823] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 470.980107] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 470.987711] Task in /syz5 killed as a result of limit of /syz5 [ 470.993910] memory: usage 303428kB, limit 307200kB, failcnt 10256 [ 471.000360] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 471.007303] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 471.013685] Memory cgroup stats for /syz5: cache:0KB rss:293668KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:256576KB active_anon:276KB inactive_file:0KB active_file:4KB unevictable:36816KB [ 471.035098] Memory cgroup out of memory: Kill process 12657 (syz-executor.5) score 1233 or sacrifice child [ 471.044993] Killed process 12658 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:56432kB, shmem-rss:0kB 14:21:27 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x77010000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:27 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x6}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:27 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7c150000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:27 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:28 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:28 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x9a020000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:28 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) bind$can_raw(r4, &(0x7f0000000000), 0x10) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 472.237936] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 472.249678] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 472.255223] CPU: 1 PID: 12689 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 472.263116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.272781] Call Trace: [ 472.275386] dump_stack+0x188/0x20d [ 472.279183] dump_header+0x159/0xa5e [ 472.282918] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 472.288040] ? ___ratelimit+0x59/0x573 [ 472.291940] oom_kill_process.cold+0x10/0x6dc [ 472.296462] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.301266] ? task_will_free_mem+0x134/0x6d0 [ 472.305782] out_of_memory+0x349/0x1250 [ 472.309799] ? oom_killer_disable+0x270/0x270 [ 472.314345] mem_cgroup_out_of_memory+0x1c7/0x240 [ 472.319203] ? memcg_event_wake+0x210/0x210 [ 472.323977] ? do_raw_spin_unlock+0x171/0x260 [ 472.328508] try_charge+0xe22/0x1300 [ 472.332240] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 472.337083] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 472.341924] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 472.347977] ? retint_kernel+0x2d/0x2d [ 472.351864] mem_cgroup_try_charge+0x249/0x5c0 [ 472.356444] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 472.361369] wp_page_copy+0x3fe/0x1530 [ 472.365260] ? mark_held_locks+0xa6/0xf0 [ 472.369313] ? follow_pfn+0x260/0x260 [ 472.373221] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.378493] do_wp_page+0x518/0xfa0 [ 472.382122] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 472.386784] __handle_mm_fault+0x21a4/0x3b60 [ 472.391185] ? copy_page_range+0x1e70/0x1e70 [ 472.395591] ? count_memcg_event_mm+0x279/0x4c0 [ 472.400716] handle_mm_fault+0x1a5/0x670 [ 472.404777] __get_user_pages+0x599/0x1650 [ 472.409009] ? follow_page_mask+0x1a60/0x1a60 [ 472.413665] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.418501] ? retint_kernel+0x2d/0x2d [ 472.422384] populate_vma_page_range+0x1fd/0x290 [ 472.427657] __mm_populate+0x1e8/0x350 [ 472.431540] ? populate_vma_page_range+0x290/0x290 [ 472.436458] ? do_mlock+0x6b0/0x6b0 [ 472.440088] __x64_sys_mlockall+0x340/0x500 [ 472.444796] do_syscall_64+0xf9/0x620 [ 472.448592] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 472.453773] RIP: 0033:0x45c479 [ 472.456958] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 472.475855] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 472.483553] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 472.490915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 472.498184] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 472.505659] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 472.512930] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 472.520365] Task in /syz5 killed as a result of limit of /syz5 [ 472.526422] memory: usage 307200kB, limit 307200kB, failcnt 10285 [ 472.533187] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 472.540017] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 472.546175] Memory cgroup stats for /syz5: cache:0KB rss:297284KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260504KB active_anon:276KB inactive_file:0KB active_file:4KB unevictable:36684KB [ 472.567516] Memory cgroup out of memory: Kill process 12688 (syz-executor.5) score 1233 or sacrifice child [ 472.577435] Killed process 12692 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 472.676186] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 472.688152] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 472.693782] CPU: 0 PID: 12695 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 472.701678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.711050] Call Trace: [ 472.713656] dump_stack+0x188/0x20d [ 472.717304] dump_header+0x159/0xa5e [ 472.721041] oom_kill_process.cold+0x10/0x6dc [ 472.725557] ? task_will_free_mem+0x134/0x6d0 [ 472.730198] out_of_memory+0x349/0x1250 [ 472.734210] ? oom_killer_disable+0x270/0x270 [ 472.738720] mem_cgroup_out_of_memory+0x1c7/0x240 [ 472.743677] ? memcg_event_wake+0x210/0x210 [ 472.748018] ? do_raw_spin_unlock+0x171/0x260 [ 472.752528] try_charge+0xe22/0x1300 [ 472.756260] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 472.761124] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 472.765979] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 472.772047] ? retint_kernel+0x2d/0x2d [ 472.775955] ? __lock_acquire+0x6ee/0x49c0 [ 472.780215] mem_cgroup_try_charge+0x249/0x5c0 [ 472.784797] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 472.789734] wp_page_copy+0x3fe/0x1530 [ 472.793622] ? follow_pfn+0x260/0x260 [ 472.798212] ? retint_kernel+0x2d/0x2d [ 472.802105] do_wp_page+0x518/0xfa0 [ 472.805940] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 472.810624] __handle_mm_fault+0x21a4/0x3b60 [ 472.816615] ? copy_page_range+0x1e70/0x1e70 [ 472.821046] ? count_memcg_event_mm+0x279/0x4c0 [ 472.825813] handle_mm_fault+0x1a5/0x670 [ 472.829887] __get_user_pages+0x599/0x1650 [ 472.834138] ? follow_page_mask+0x1a60/0x1a60 [ 472.838647] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 472.843417] ? retint_kernel+0x2d/0x2d [ 472.847322] populate_vma_page_range+0x1fd/0x290 [ 472.852094] __mm_populate+0x1e8/0x350 [ 472.855994] ? populate_vma_page_range+0x290/0x290 [ 472.860928] ? do_mlock+0x6b0/0x6b0 [ 472.864730] __x64_sys_mlockall+0x340/0x500 [ 472.869054] do_syscall_64+0xf9/0x620 [ 472.872855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 472.878159] RIP: 0033:0x45c479 [ 472.881372] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 472.900607] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 472.908325] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 472.915604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 472.922972] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 472.930243] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 472.937503] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 472.944875] Task in /syz4 killed as a result of limit of /syz4 [ 472.951230] memory: usage 307200kB, limit 307200kB, failcnt 3145 [ 472.957939] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 472.964918] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 14:21:29 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r0, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:29 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 472.971222] Memory cgroup stats for /syz4: cache:56KB rss:296740KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272108KB active_anon:2392KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 472.993141] Memory cgroup out of memory: Kill process 12694 (syz-executor.4) score 1233 or sacrifice child [ 473.003300] Killed process 12697 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB [ 473.308996] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 473.320377] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 473.325864] CPU: 0 PID: 12707 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 473.333750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.344026] Call Trace: [ 473.346642] dump_stack+0x188/0x20d [ 473.350388] dump_header+0x159/0xa5e [ 473.354220] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 473.360306] ? ___ratelimit+0x59/0x573 [ 473.364397] oom_kill_process.cold+0x10/0x6dc [ 473.369301] ? task_will_free_mem+0x134/0x6d0 [ 473.374429] out_of_memory+0x349/0x1250 [ 473.378539] ? oom_killer_disable+0x270/0x270 [ 473.383092] mem_cgroup_out_of_memory+0x1c7/0x240 [ 473.387961] ? memcg_event_wake+0x210/0x210 [ 473.392319] ? do_raw_spin_unlock+0x171/0x260 [ 473.396827] try_charge+0xe22/0x1300 [ 473.400561] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 473.405420] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 473.410284] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 473.416354] ? mark_held_locks+0xf0/0xf0 [ 473.420879] mem_cgroup_try_charge+0x249/0x5c0 [ 473.425671] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 473.430621] __handle_mm_fault+0x1cfb/0x3b60 [ 473.435068] ? copy_page_range+0x1e70/0x1e70 [ 473.439525] ? count_memcg_event_mm+0x279/0x4c0 [ 473.444242] handle_mm_fault+0x1a5/0x670 [ 473.448321] __get_user_pages+0x599/0x1650 [ 473.452850] ? follow_page_mask+0x1a60/0x1a60 [ 473.457488] ? lock_acquire+0x170/0x400 [ 473.461496] populate_vma_page_range+0x1fd/0x290 [ 473.466277] __mm_populate+0x1e8/0x350 [ 473.470177] ? populate_vma_page_range+0x290/0x290 [ 473.475270] ? do_mlock+0x6b0/0x6b0 [ 473.478925] __x64_sys_mlockall+0x340/0x500 [ 473.483276] do_syscall_64+0xf9/0x620 [ 473.487626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 473.493036] RIP: 0033:0x45c479 [ 473.496240] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 473.515339] RSP: 002b:00007fad00d11c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 473.524013] RAX: ffffffffffffffda RBX: 00007fad00d126d4 RCX: 000000000045c479 [ 473.531302] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 473.538576] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 473.546282] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 473.553557] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 473.561515] Task in /syz3 killed as a result of limit of /syz3 [ 473.568186] memory: usage 307200kB, limit 307200kB, failcnt 5782 [ 473.574365] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 473.581246] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 473.587606] Memory cgroup stats for /syz3: cache:20KB rss:296188KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:93556KB active_anon:9060KB inactive_file:4KB active_file:4KB unevictable:193704KB [ 473.609545] Memory cgroup out of memory: Kill process 10744 (syz-executor.3) score 1162 or sacrifice child [ 473.619444] Killed process 10744 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 473.631764] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 473.644182] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 473.649900] CPU: 1 PID: 12705 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 473.657797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.667163] Call Trace: [ 473.669788] dump_stack+0x188/0x20d [ 473.673433] dump_header+0x159/0xa5e [ 473.677325] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 473.682557] ? ___ratelimit+0x59/0x573 [ 473.686466] oom_kill_process.cold+0x10/0x6dc [ 473.691314] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 473.696084] ? task_will_free_mem+0x134/0x6d0 [ 473.700706] out_of_memory+0x349/0x1250 [ 473.704703] ? oom_killer_disable+0x270/0x270 [ 473.709323] ? mem_cgroup_out_of_memory+0x97/0x240 [ 473.714281] mem_cgroup_out_of_memory+0x1c7/0x240 [ 473.719637] ? memcg_event_wake+0x210/0x210 [ 473.723963] ? do_raw_spin_unlock+0x171/0x260 [ 473.728471] try_charge+0xe22/0x1300 [ 473.732196] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 473.737050] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 473.741896] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 473.747974] mem_cgroup_try_charge+0x249/0x5c0 [ 473.752583] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 473.757529] wp_page_copy+0x3fe/0x1530 [ 473.761425] ? follow_pfn+0x260/0x260 [ 473.765224] ? __lock_acquire+0x6ee/0x49c0 [ 473.769470] do_wp_page+0x518/0xfa0 [ 473.773203] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 473.777889] __handle_mm_fault+0x21a4/0x3b60 [ 473.782316] ? copy_page_range+0x1e70/0x1e70 [ 473.786724] ? count_memcg_event_mm+0x279/0x4c0 [ 473.791639] handle_mm_fault+0x1a5/0x670 [ 473.795749] __get_user_pages+0x599/0x1650 [ 473.800011] ? follow_page_mask+0x1a60/0x1a60 [ 473.804521] populate_vma_page_range+0x1fd/0x290 [ 473.809292] __mm_populate+0x1e8/0x350 [ 473.813196] ? populate_vma_page_range+0x290/0x290 [ 473.818410] ? do_mlock+0x6b0/0x6b0 [ 473.822042] __x64_sys_mlockall+0x340/0x500 [ 473.826387] do_syscall_64+0xf9/0x620 [ 473.830218] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 473.835414] RIP: 0033:0x45c479 [ 473.838712] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 473.857630] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 473.865359] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 473.872645] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 473.880015] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 473.887315] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 473.894637] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 473.904818] Task in /syz5 killed as a result of limit of /syz5 [ 473.911094] memory: usage 307200kB, limit 307200kB, failcnt 10321 [ 473.917577] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 473.924844] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 473.931420] Memory cgroup stats for /syz5: cache:0KB rss:297360KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:260516KB active_anon:276KB inactive_file:4KB active_file:0KB unevictable:36684KB [ 473.953732] Memory cgroup out of memory: Kill process 12701 (syz-executor.5) score 1230 or sacrifice child [ 473.965363] Killed process 12709 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 473.995284] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 474.006739] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 474.012182] CPU: 1 PID: 12707 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 474.020076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.029451] Call Trace: [ 474.032091] dump_stack+0x188/0x20d [ 474.035738] dump_header+0x159/0xa5e [ 474.039591] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 474.044743] ? ___ratelimit+0x59/0x573 [ 474.048673] oom_kill_process.cold+0x10/0x6dc [ 474.053197] ? task_will_free_mem+0x134/0x6d0 [ 474.057738] out_of_memory+0x349/0x1250 [ 474.061849] ? oom_killer_disable+0x270/0x270 [ 474.066380] mem_cgroup_out_of_memory+0x1c7/0x240 [ 474.071247] ? memcg_event_wake+0x210/0x210 [ 474.075621] ? do_raw_spin_unlock+0x171/0x260 [ 474.080179] try_charge+0xe22/0x1300 [ 474.083914] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 474.088782] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 474.093653] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 474.099719] ? mark_held_locks+0xf0/0xf0 [ 474.103809] mem_cgroup_try_charge+0x249/0x5c0 [ 474.108434] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 474.113371] __handle_mm_fault+0x1cfb/0x3b60 [ 474.117896] ? copy_page_range+0x1e70/0x1e70 [ 474.122315] ? count_memcg_event_mm+0x279/0x4c0 [ 474.127032] handle_mm_fault+0x1a5/0x670 [ 474.131117] __get_user_pages+0x599/0x1650 [ 474.135375] ? follow_page_mask+0x1a60/0x1a60 [ 474.139897] ? lock_acquire+0x170/0x400 [ 474.143886] populate_vma_page_range+0x1fd/0x290 [ 474.148659] __mm_populate+0x1e8/0x350 [ 474.152579] ? populate_vma_page_range+0x290/0x290 [ 474.157534] ? do_mlock+0x6b0/0x6b0 [ 474.161194] __x64_sys_mlockall+0x340/0x500 [ 474.165530] do_syscall_64+0xf9/0x620 [ 474.169342] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.174537] RIP: 0033:0x45c479 [ 474.177738] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 474.196843] RSP: 002b:00007fad00d11c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 474.204644] RAX: ffffffffffffffda RBX: 00007fad00d126d4 RCX: 000000000045c479 [ 474.211916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 474.219359] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 474.226651] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 474.233921] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 474.241493] Task in /syz3 killed as a result of limit of /syz3 [ 474.247490] memory: usage 288760kB, limit 307200kB, failcnt 5788 [ 474.253706] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 14:21:30 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 474.260689] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 474.266851] Memory cgroup stats for /syz3: cache:20KB rss:278040KB rss_huge:169984KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:91688KB active_anon:9060KB inactive_file:4KB active_file:4KB unevictable:177320KB [ 474.288324] Memory cgroup out of memory: Kill process 10823 (syz-executor.3) score 1162 or sacrifice child [ 474.298238] Killed process 10823 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:21:30 executing program 5: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:30 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xfeffffff}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 474.922874] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 474.934496] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 474.940161] CPU: 1 PID: 12713 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 474.948061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.957413] Call Trace: [ 474.960015] dump_stack+0x188/0x20d [ 474.963649] dump_header+0x159/0xa5e [ 474.967372] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 474.972481] ? ___ratelimit+0x59/0x573 [ 474.976381] oom_kill_process.cold+0x10/0x6dc [ 474.980887] ? oom_badness+0x670/0x670 [ 474.984784] out_of_memory+0x349/0x1250 [ 474.988769] ? oom_killer_disable+0x270/0x270 [ 474.993279] mem_cgroup_out_of_memory+0x1c7/0x240 [ 474.998240] ? memcg_event_wake+0x210/0x210 [ 475.003355] ? do_raw_spin_unlock+0x171/0x260 [ 475.007855] try_charge+0xe22/0x1300 [ 475.012292] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 475.017163] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 475.022031] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 475.028105] mem_cgroup_try_charge+0x249/0x5c0 [ 475.032728] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 475.037666] wp_page_copy+0x3fe/0x1530 [ 475.041585] ? follow_pfn+0x260/0x260 [ 475.045391] ? get_page+0x4d/0x100 [ 475.048937] do_wp_page+0x518/0xfa0 [ 475.052594] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 475.057275] __handle_mm_fault+0x21a4/0x3b60 [ 475.061708] ? copy_page_range+0x1e70/0x1e70 [ 475.066277] ? count_memcg_event_mm+0x279/0x4c0 [ 475.070981] handle_mm_fault+0x1a5/0x670 [ 475.075092] __get_user_pages+0x599/0x1650 [ 475.079439] ? follow_page_mask+0x1a60/0x1a60 [ 475.083989] ? retint_kernel+0x2d/0x2d [ 475.087912] populate_vma_page_range+0x1fd/0x290 [ 475.092715] __mm_populate+0x1e8/0x350 [ 475.096624] ? populate_vma_page_range+0x290/0x290 [ 475.101572] ? do_mlock+0x6b0/0x6b0 [ 475.105231] __x64_sys_mlockall+0x340/0x500 [ 475.109920] do_syscall_64+0xf9/0x620 [ 475.113795] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 475.119006] RIP: 0033:0x45c479 [ 475.122228] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.141331] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 475.149204] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 475.156579] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 475.163867] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 475.171268] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 475.178558] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 475.187864] Task in /syz4 killed as a result of limit of /syz4 [ 475.194199] memory: usage 307200kB, limit 307200kB, failcnt 3170 [ 475.200646] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 475.207593] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 475.213959] Memory cgroup stats for /syz4: cache:56KB rss:296792KB rss_huge:24576KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273984KB active_anon:2392KB inactive_file:8KB active_file:4KB unevictable:20472KB [ 475.236430] Memory cgroup out of memory: Kill process 12712 (syz-executor.4) score 1233 or sacrifice child [ 475.246739] Killed process 12714 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 475.561229] audit: type=1800 audit(1583245291.654:213): pid=12700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16642 res=0 [ 476.073991] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 476.086087] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 476.092074] CPU: 0 PID: 12724 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 476.100009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.109375] Call Trace: [ 476.111993] dump_stack+0x188/0x20d [ 476.115754] dump_header+0x159/0xa5e [ 476.119497] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 476.124636] ? ___ratelimit+0x59/0x573 [ 476.128590] oom_kill_process.cold+0x10/0x6dc [ 476.133874] ? task_will_free_mem+0x134/0x6d0 [ 476.138399] out_of_memory+0x349/0x1250 [ 476.142500] ? oom_killer_disable+0x270/0x270 [ 476.147034] mem_cgroup_out_of_memory+0x1c7/0x240 [ 476.151913] ? memcg_event_wake+0x210/0x210 [ 476.156274] ? do_raw_spin_unlock+0x171/0x260 [ 476.160795] try_charge+0xe22/0x1300 [ 476.164574] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 14:21:32 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/checkreqprot\x00', 0x140, 0x0) sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)={0x14, 0x3, 0x2, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x44845}, 0x40004) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = dup2(r3, 0xffffffffffffffff) sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="20000000020301040000000001000200"/32], 0x20}}, 0x81) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:21:32 executing program 4: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:32 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xff000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:32 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 476.170654] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 476.176401] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 476.182519] mem_cgroup_try_charge+0x249/0x5c0 [ 476.187137] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 476.192106] wp_page_copy+0x3fe/0x1530 [ 476.196040] ? follow_pfn+0x260/0x260 [ 476.200135] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 476.205020] do_wp_page+0x518/0xfa0 [ 476.208680] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 476.213381] __handle_mm_fault+0x21a4/0x3b60 [ 476.218065] ? copy_page_range+0x1e70/0x1e70 [ 476.222598] ? count_memcg_event_mm+0x279/0x4c0 [ 476.227316] handle_mm_fault+0x1a5/0x670 [ 476.231437] __get_user_pages+0x599/0x1650 [ 476.235697] ? follow_page_mask+0x1a60/0x1a60 [ 476.240212] ? populate_vma_page_range+0x10e/0x290 [ 476.245161] populate_vma_page_range+0x1fd/0x290 [ 476.249941] __mm_populate+0x1e8/0x350 [ 476.253863] ? populate_vma_page_range+0x290/0x290 [ 476.258821] ? do_mlock+0x6b0/0x6b0 [ 476.262485] __x64_sys_mlockall+0x340/0x500 [ 476.266841] do_syscall_64+0xf9/0x620 [ 476.270642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 476.275826] RIP: 0033:0x45c479 [ 476.279029] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 476.298119] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 476.306012] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 476.313428] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 476.320796] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 476.328070] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 476.335486] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 476.346577] Task in /syz5 killed as a result of limit of /syz5 [ 476.352941] memory: usage 307200kB, limit 307200kB, failcnt 10343 [ 476.359380] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 476.366331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 476.372673] Memory cgroup stats for /syz5: cache:0KB rss:297424KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:259144KB active_anon:276KB inactive_file:0KB active_file:4KB unevictable:38076KB [ 476.394824] Memory cgroup out of memory: Kill process 12723 (syz-executor.5) score 1233 or sacrifice child [ 476.405285] Killed process 12726 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 476.574305] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 14:21:32 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xffffff7f}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 476.645527] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 476.651044] CPU: 0 PID: 12728 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 476.658936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.668303] Call Trace: [ 476.670916] dump_stack+0x188/0x20d [ 476.674653] dump_header+0x159/0xa5e [ 476.678385] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 476.683502] ? ___ratelimit+0x59/0x573 [ 476.687432] oom_kill_process.cold+0x10/0x6dc 14:21:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080)='nl80211\x00') r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b2000010000049d67b932043c2e20d691484ba3d34473b8b7d7f2ee4ec12c53dbf"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="779d5f70115a0883084007a20500004a9df600000000007b4ce9a28535a589d07781340ffdfd79d9a2b12d7d1940a3e46a6692f8f12fe6946a3d993ea221ec7efebf8c6c6bba6dc1015c885f79a88d7dce0998dbd6dfc45ead80d5ea8426366caf61f69d63bbbbb61ef20d977bccce699281c3ff11b53cca0006858d1297426019b125315bf9e00fab6a15281084cc96bf432c44de4f229d2e2e2f127fae9b87b2be928c44adfb87cf6a0468e15b8e89aa6f29c67bc3dcfe56ce9caab56d9512efb47ec6b405dc9a4a48ff012670d8d01640c4", @ANYRES32=r6, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {}, {0xf}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x7}}}]}}]}]}]}}]}, 0x5c}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="080026bd7000fbdbdf254c000000080003cbd5f31cd64fe6bb00f3e7ec88e54a789591cfc918b59256572834316ed111dd91ed8bbf5f73263e220d9fb20646b92373a5513b7f0d1947fce8c92ca5a469ed458f2e539bbd9f13313e9f04267d98e6763491264586b5cd0417f639fac41585c34483b413e141264f1f6fa5529e87d078953d2877413a748bffd890eb64099e73bf33d37763", @ANYRES32=r6, @ANYBLOB="54002d800a000000200a0618080c00000d0000001b0d1101021d1e19140000000800000005021e200a0000000b16120a0f0a0000050000001c000000060000000c0500000d000000180c1719131f0d1d0e0000000800dc0047ffffff"], 0x78}, 0x1, 0x0, 0x0, 0x41}, 0x20004004) r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r7, 0xab02, 0x7) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) [ 476.692041] ? task_will_free_mem+0x134/0x6d0 [ 476.696556] out_of_memory+0x349/0x1250 [ 476.700553] ? oom_killer_disable+0x270/0x270 [ 476.705434] mem_cgroup_out_of_memory+0x1c7/0x240 [ 476.710321] ? memcg_event_wake+0x210/0x210 [ 476.714701] ? do_raw_spin_unlock+0x171/0x260 [ 476.719219] try_charge+0xe22/0x1300 [ 476.722968] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 476.727832] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 476.732695] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 476.738882] ? lock_downgrade+0x740/0x740 [ 476.743188] mem_cgroup_try_charge+0x249/0x5c0 [ 476.747797] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 476.752754] do_huge_pmd_wp_page+0x921/0x32f0 [ 476.757289] ? __split_huge_pmd+0x29c0/0x29c0 [ 476.761813] ? pmd_val+0x7c/0xf0 [ 476.765205] ? add_mm_counter_fast.part.0+0x40/0x40 [ 476.770254] __handle_mm_fault+0x1561/0x3b60 [ 476.774686] ? copy_page_range+0x1e70/0x1e70 [ 476.779120] ? count_memcg_event_mm+0x279/0x4c0 [ 476.783837] handle_mm_fault+0x1a5/0x670 [ 476.787933] __do_page_fault+0x5ed/0xdd0 [ 476.792019] ? trace_hardirqs_off_caller+0x55/0x210 [ 476.797052] ? vmalloc_fault+0x730/0x730 [ 476.801136] ? page_fault+0x8/0x30 [ 476.804692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 476.809553] ? page_fault+0x8/0x30 [ 476.813135] page_fault+0x1e/0x30 [ 476.816602] RIP: 0033:0x4006c4 [ 476.819810] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 476.838730] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 476.844118] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 476.851398] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 476.858681] RBP: 00000000007706c8 R08: 0000000000000000 R09: 0000000000000000 [ 476.862694] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23057 sclass=netlink_route_socket pig=12748 comm=syz-executor.0 [ 476.865982] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 476.865991] R13: 00000000007706d0 R14: 0000000000074581 R15: 000000000076bf2c [ 476.894721] Task in /syz4 killed as a result of limit of /syz4 14:21:33 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xfffffffe}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 476.937890] memory: usage 307200kB, limit 307200kB, failcnt 3211 [ 476.944080] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 476.998276] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.018441] Memory cgroup stats for /syz4: cache:56KB rss:295080KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270380KB active_anon:2392KB inactive_file:0KB active_file:8KB unevictable:22348KB 14:21:33 executing program 5: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 477.052857] Memory cgroup out of memory: Kill process 12728 (syz-executor.4) score 1232 or sacrifice child [ 477.063180] Killed process 12738 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 477.080403] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 477.112651] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23057 sclass=netlink_route_socket pig=12748 comm=syz-executor.0 [ 477.162872] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 477.240643] CPU: 1 PID: 12728 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 477.248566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.258094] Call Trace: [ 477.260699] dump_stack+0x188/0x20d [ 477.264332] dump_header+0x159/0xa5e [ 477.268140] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 477.273273] ? ___ratelimit+0x59/0x573 [ 477.277170] oom_kill_process.cold+0x10/0x6dc [ 477.281674] ? task_will_free_mem+0x134/0x6d0 [ 477.286192] out_of_memory+0x349/0x1250 [ 477.290191] ? oom_killer_disable+0x270/0x270 [ 477.294711] mem_cgroup_out_of_memory+0x1c7/0x240 [ 477.299575] ? memcg_event_wake+0x210/0x210 [ 477.304272] ? do_raw_spin_unlock+0x171/0x260 [ 477.308787] try_charge+0xe22/0x1300 [ 477.312614] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 477.317480] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 477.322361] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 477.328443] ? lock_downgrade+0x740/0x740 [ 477.332606] mem_cgroup_try_charge+0x249/0x5c0 [ 477.337203] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 477.342143] do_huge_pmd_wp_page+0x921/0x32f0 [ 477.346659] ? __split_huge_pmd+0x29c0/0x29c0 [ 477.351161] ? pmd_val+0x7c/0xf0 [ 477.354552] ? add_mm_counter_fast.part.0+0x40/0x40 [ 477.359755] __handle_mm_fault+0x1561/0x3b60 [ 477.364267] ? copy_page_range+0x1e70/0x1e70 [ 477.368680] ? count_memcg_event_mm+0x279/0x4c0 [ 477.373388] handle_mm_fault+0x1a5/0x670 [ 477.377455] __do_page_fault+0x5ed/0xdd0 [ 477.381535] ? trace_hardirqs_off_caller+0x55/0x210 [ 477.386566] ? vmalloc_fault+0x730/0x730 [ 477.390630] ? page_fault+0x8/0x30 [ 477.394262] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 477.399138] ? page_fault+0x8/0x30 [ 477.402687] page_fault+0x1e/0x30 [ 477.406153] RIP: 0033:0x4006c4 [ 477.409346] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 477.428340] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 477.433907] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 14:21:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x2, 0x2c8000) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000180)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4, 0x4, 0x0, 0x10000}) 14:21:33 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x574ef25ab5}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 477.441184] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 477.448472] RBP: 00000000007706c8 R08: 0000000000000000 R09: 0000000000000000 [ 477.455743] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076bf20 [ 477.463025] R13: 00000000007706d0 R14: 0000000000074581 R15: 000000000076bf2c 14:21:33 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 477.488310] Task in /syz4 killed as a result of limit of /syz4 [ 477.498898] memory: usage 307028kB, limit 307200kB, failcnt 3238 [ 477.509385] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.516295] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.525507] Memory cgroup stats for /syz4: cache:56KB rss:295080KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2392KB inactive_file:0KB active_file:8KB unevictable:22348KB [ 477.547399] Memory cgroup out of memory: Kill process 12728 (syz-executor.4) score 1232 or sacrifice child [ 477.558255] Killed process 12728 (syz-executor.4) total-vm:74700kB, anon-rss:18080kB, file-rss:56424kB, shmem-rss:0kB [ 477.570140] oom_reaper: reaped process 12728 (syz-executor.4), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB [ 477.585208] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 477.691693] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 477.700725] CPU: 0 PID: 12741 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 477.708653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.718013] Call Trace: [ 477.720630] dump_stack+0x188/0x20d [ 477.724284] dump_header+0x159/0xa5e [ 477.728013] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 477.733123] ? ___ratelimit+0x59/0x573 [ 477.737024] oom_kill_process.cold+0x10/0x6dc [ 477.741566] ? task_will_free_mem+0x134/0x6d0 [ 477.746087] out_of_memory+0x349/0x1250 [ 477.750085] ? oom_killer_disable+0x270/0x270 [ 477.754613] mem_cgroup_out_of_memory+0x1c7/0x240 [ 477.761101] ? memcg_event_wake+0x210/0x210 [ 477.765687] ? do_raw_spin_unlock+0x171/0x260 [ 477.770171] try_charge+0xe22/0x1300 [ 477.773879] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 477.778722] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 477.783554] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 477.789603] ? mark_held_locks+0xf0/0xf0 [ 477.793657] mem_cgroup_try_charge+0x249/0x5c0 [ 477.798496] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 477.803415] __handle_mm_fault+0x1cfb/0x3b60 [ 477.807822] ? copy_page_range+0x1e70/0x1e70 [ 477.812232] ? count_memcg_event_mm+0x279/0x4c0 [ 477.816908] handle_mm_fault+0x1a5/0x670 [ 477.820965] __get_user_pages+0x599/0x1650 [ 477.825206] ? follow_page_mask+0x1a60/0x1a60 [ 477.829698] ? lock_acquire+0x170/0x400 [ 477.833675] populate_vma_page_range+0x1fd/0x290 [ 477.838945] __mm_populate+0x1e8/0x350 [ 477.842825] ? populate_vma_page_range+0x290/0x290 [ 477.847742] ? do_mlock+0x6b0/0x6b0 [ 477.851363] __x64_sys_mlockall+0x340/0x500 [ 477.855675] do_syscall_64+0xf9/0x620 [ 477.859471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 477.864749] RIP: 0033:0x45c479 [ 477.869166] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 477.888159] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 477.895855] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 477.903135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 477.910392] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 477.917908] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 477.925179] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 477.956038] Task in /syz2 killed as a result of limit of /syz2 [ 477.968813] memory: usage 307200kB, limit 307200kB, failcnt 17148 [ 477.975687] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.983590] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 477.990499] Memory cgroup stats for /syz2: cache:72KB rss:296556KB rss_huge:159744KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:0KB active_file:0KB unevictable:148424KB [ 478.014262] Memory cgroup out of memory: Kill process 12537 (syz-executor.2) score 1163 or sacrifice child [ 478.024849] Killed process 12537 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 478.049363] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 478.060788] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 478.066208] CPU: 0 PID: 12771 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 478.074105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.083474] Call Trace: [ 478.086092] dump_stack+0x188/0x20d [ 478.089789] dump_header+0x159/0xa5e [ 478.093629] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 478.098761] ? ___ratelimit+0x59/0x573 [ 478.102677] oom_kill_process.cold+0x10/0x6dc [ 478.107205] ? task_will_free_mem+0x134/0x6d0 [ 478.111735] out_of_memory+0x349/0x1250 [ 478.115833] ? oom_killer_disable+0x270/0x270 [ 478.120365] mem_cgroup_out_of_memory+0x1c7/0x240 [ 478.125242] ? memcg_event_wake+0x210/0x210 [ 478.129592] ? do_raw_spin_unlock+0x171/0x260 [ 478.134218] try_charge+0xe22/0x1300 [ 478.137970] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 478.142943] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 478.147812] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 478.153903] ? mark_held_locks+0xf0/0xf0 [ 478.157039] oom_reaper: reaped process 12537 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 478.158073] mem_cgroup_try_charge+0x249/0x5c0 [ 478.158094] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 478.158111] __handle_mm_fault+0x1cfb/0x3b60 [ 478.158126] ? copy_page_range+0x1e70/0x1e70 [ 478.158142] ? count_memcg_event_mm+0x279/0x4c0 [ 478.158173] handle_mm_fault+0x1a5/0x670 [ 478.158191] __get_user_pages+0x599/0x1650 [ 478.199814] ? follow_page_mask+0x1a60/0x1a60 [ 478.204375] ? lock_acquire+0x170/0x400 [ 478.208380] populate_vma_page_range+0x1fd/0x290 [ 478.213275] __mm_populate+0x1e8/0x350 [ 478.217163] ? populate_vma_page_range+0x290/0x290 [ 478.222090] ? do_mlock+0x6b0/0x6b0 [ 478.225717] __x64_sys_mlockall+0x340/0x500 [ 478.230055] do_syscall_64+0xf9/0x620 [ 478.233996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 478.239375] RIP: 0033:0x45c479 [ 478.242588] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 478.261496] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 478.269207] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 478.276485] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 478.285608] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 478.293085] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 478.300353] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 478.307857] Task in /syz3 killed as a result of limit of /syz3 [ 478.313863] memory: usage 307200kB, limit 307200kB, failcnt 5820 [ 478.320046] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 478.326804] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 478.332979] Memory cgroup stats for /syz3: cache:20KB rss:296348KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:124536KB active_anon:9052KB inactive_file:8KB active_file:0KB unevictable:162788KB [ 478.354873] Memory cgroup out of memory: Kill process 12744 (syz-executor.3) score 1163 or sacrifice child [ 478.364878] Killed process 12744 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 478.423658] oom_reaper: reaped process 12744 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:21:35 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:35 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x10000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:35 executing program 5: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(0xffffffffffffffff, 0xc0405519, &(0x7f00000000c0)={0x5, 0x2, 0x5, 0x3, 'syz0\x00', 0x7}) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r4, 0x0) r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r5, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0205647, &(0x7f0000000080)={0xa20000, 0x0, 0x3ff, r5, 0x0, &(0x7f0000000000)={0x990af9, 0x72678609, [], @value64=0x4}}) mmap$usbfs(&(0x7f0000012000/0x4000)=nil, 0x4000, 0x0, 0x110, r6, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:35 executing program 4: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:35 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 478.957488] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 478.969001] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 478.974459] CPU: 1 PID: 12780 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 478.982355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.991749] Call Trace: [ 478.994356] dump_stack+0x188/0x20d [ 478.997993] dump_header+0x159/0xa5e [ 479.001719] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 479.006825] ? ___ratelimit+0x59/0x573 [ 479.010711] oom_kill_process.cold+0x10/0x6dc [ 479.016702] ? task_will_free_mem+0x134/0x6d0 [ 479.021194] out_of_memory+0x349/0x1250 [ 479.025172] ? oom_killer_disable+0x270/0x270 [ 479.029774] mem_cgroup_out_of_memory+0x1c7/0x240 [ 479.034622] ? memcg_event_wake+0x210/0x210 [ 479.038945] ? do_raw_spin_unlock+0x171/0x260 [ 479.043430] try_charge+0xe22/0x1300 [ 479.047149] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 479.051985] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 479.056836] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 479.062884] ? mark_held_locks+0xf0/0xf0 [ 479.066955] mem_cgroup_try_charge+0x249/0x5c0 [ 479.071550] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 479.076479] __handle_mm_fault+0x1cfb/0x3b60 [ 479.080879] ? copy_page_range+0x1e70/0x1e70 [ 479.085289] ? count_memcg_event_mm+0x279/0x4c0 [ 479.090510] handle_mm_fault+0x1a5/0x670 [ 479.094567] __get_user_pages+0x599/0x1650 [ 479.098825] ? follow_page_mask+0x1a60/0x1a60 [ 479.103936] ? lock_acquire+0x170/0x400 [ 479.107913] populate_vma_page_range+0x1fd/0x290 [ 479.113185] __mm_populate+0x1e8/0x350 [ 479.117101] ? populate_vma_page_range+0x290/0x290 [ 479.122061] ? do_mlock+0x6b0/0x6b0 [ 479.125822] __x64_sys_mlockall+0x340/0x500 [ 479.130159] do_syscall_64+0xf9/0x620 [ 479.134429] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.139630] RIP: 0033:0x45c479 [ 479.142823] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.161732] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 479.169525] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 479.176802] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 479.184090] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 479.191364] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 479.198889] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 479.206734] Task in /syz5 killed as a result of limit of /syz5 [ 479.212740] memory: usage 307200kB, limit 307200kB, failcnt 10744 [ 479.218992] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.225832] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.232042] Memory cgroup stats for /syz5: cache:0KB rss:297476KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271680KB active_anon:288KB inactive_file:4KB active_file:4KB unevictable:25564KB [ 479.253346] Memory cgroup out of memory: Kill process 12555 (syz-executor.5) score 1163 or sacrifice child [ 479.263262] Killed process 12555 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 479.275313] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 479.286625] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 479.293249] CPU: 0 PID: 12787 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 479.301220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.312038] Call Trace: [ 479.314647] dump_stack+0x188/0x20d [ 479.318299] dump_header+0x159/0xa5e [ 479.322006] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 479.327099] ? ___ratelimit+0x59/0x573 [ 479.331078] oom_kill_process.cold+0x10/0x6dc [ 479.335566] ? task_will_free_mem+0x134/0x6d0 [ 479.340055] out_of_memory+0x349/0x1250 [ 479.344036] ? oom_killer_disable+0x270/0x270 [ 479.348539] mem_cgroup_out_of_memory+0x1c7/0x240 [ 479.353372] ? memcg_event_wake+0x210/0x210 [ 479.357689] ? do_raw_spin_unlock+0x171/0x260 [ 479.362174] try_charge+0xe22/0x1300 [ 479.366007] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 479.370857] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 479.375717] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 479.381791] ? mark_held_locks+0xf0/0xf0 [ 479.385871] mem_cgroup_try_charge+0x249/0x5c0 [ 479.390484] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 479.395936] __handle_mm_fault+0x1cfb/0x3b60 [ 479.400368] ? copy_page_range+0x1e70/0x1e70 [ 479.405077] ? count_memcg_event_mm+0x279/0x4c0 [ 479.409754] handle_mm_fault+0x1a5/0x670 [ 479.413832] __get_user_pages+0x599/0x1650 [ 479.418077] ? follow_page_mask+0x1a60/0x1a60 [ 479.422578] ? lock_acquire+0x170/0x400 [ 479.426560] populate_vma_page_range+0x1fd/0x290 [ 479.431332] __mm_populate+0x1e8/0x350 [ 479.435216] ? populate_vma_page_range+0x290/0x290 [ 479.440144] ? do_mlock+0x6b0/0x6b0 [ 479.443779] __x64_sys_mlockall+0x340/0x500 [ 479.448182] do_syscall_64+0xf9/0x620 [ 479.451980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.457159] RIP: 0033:0x45c479 [ 479.460342] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.479436] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 479.487233] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 479.494523] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 479.502343] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 479.509613] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 479.517050] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 479.524509] Task in /syz3 killed as a result of limit of /syz3 [ 479.530524] memory: usage 307200kB, limit 307200kB, failcnt 5833 [ 479.536656] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.544203] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.550452] Memory cgroup stats for /syz3: cache:20KB rss:296320KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:126584KB active_anon:9052KB inactive_file:8KB active_file:0KB unevictable:160716KB [ 479.572233] Memory cgroup out of memory: Kill process 12775 (syz-executor.3) score 1163 or sacrifice child [ 479.582248] Killed process 12775 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 479.593433] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 479.605333] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 479.610751] CPU: 0 PID: 12780 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 479.618620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.627958] Call Trace: [ 479.630552] dump_stack+0x188/0x20d [ 479.634179] dump_header+0x159/0xa5e [ 479.637945] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 479.643074] ? ___ratelimit+0x59/0x573 [ 479.646964] oom_kill_process.cold+0x10/0x6dc [ 479.651488] ? task_will_free_mem+0x134/0x6d0 [ 479.655979] out_of_memory+0x349/0x1250 [ 479.659986] ? oom_killer_disable+0x270/0x270 [ 479.664666] mem_cgroup_out_of_memory+0x1c7/0x240 [ 479.669504] ? memcg_event_wake+0x210/0x210 [ 479.673823] ? do_raw_spin_unlock+0x171/0x260 [ 479.678312] try_charge+0xe22/0x1300 [ 479.682023] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 479.687172] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 479.692536] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 479.698597] ? mark_held_locks+0xf0/0xf0 [ 479.702651] mem_cgroup_try_charge+0x249/0x5c0 [ 479.707230] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 479.712151] __handle_mm_fault+0x1cfb/0x3b60 [ 479.716558] ? copy_page_range+0x1e70/0x1e70 [ 479.720973] ? count_memcg_event_mm+0x279/0x4c0 [ 479.725665] handle_mm_fault+0x1a5/0x670 [ 479.729808] __get_user_pages+0x599/0x1650 [ 479.734040] ? follow_page_mask+0x1a60/0x1a60 [ 479.738639] ? lock_acquire+0x170/0x400 [ 479.742606] populate_vma_page_range+0x1fd/0x290 [ 479.747356] __mm_populate+0x1e8/0x350 [ 479.751237] ? populate_vma_page_range+0x290/0x290 [ 479.756152] ? do_mlock+0x6b0/0x6b0 [ 479.759775] __x64_sys_mlockall+0x340/0x500 [ 479.764796] do_syscall_64+0xf9/0x620 [ 479.769140] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.774337] RIP: 0033:0x45c479 [ 479.777713] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.796696] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 479.804395] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 479.811679] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 479.820512] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 479.827969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 479.835226] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 479.843117] Task in /syz5 killed as a result of limit of /syz5 [ 479.849561] memory: usage 288628kB, limit 307200kB, failcnt 10750 [ 479.855863] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.862662] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 479.869095] Memory cgroup stats for /syz5: cache:0KB rss:279196KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:253300KB active_anon:288KB inactive_file:4KB active_file:4KB unevictable:25564KB [ 479.890947] Memory cgroup out of memory: Kill process 11282 (syz-executor.5) score 1162 or sacrifice child [ 479.900784] Killed process 11282 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:21:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ocfs2_control\x00', 0x109202, 0x0) write$selinux_create(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="73797374656d5f753a05626a7563745f72fb6c6f67726f746174655f7661725f6c69625f743a733020756e636f4e66696e65645f753a73007374656d5f723a4b666268063efe623a73302d73303a63302e633130323320303030c930303030303030fb0330303030430000000000000066698865"], 0x74) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8}, 0x0, 0x20000000000, 0x0, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r1, 0xab02, 0x7) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x101000, 0x0) getsockopt$MISDN_TIME_STAMP(r5, 0x0, 0x1, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:21:36 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 480.481392] oom_reaper: reaped process 12775 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:21:36 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 480.816604] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 480.828093] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 480.833506] CPU: 0 PID: 12805 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 480.841475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 480.850845] Call Trace: [ 480.853444] dump_stack+0x188/0x20d [ 480.857064] dump_header+0x159/0xa5e [ 480.860770] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 480.865862] ? ___ratelimit+0x59/0x573 [ 480.869742] oom_kill_process.cold+0x10/0x6dc [ 480.874244] ? task_will_free_mem+0x134/0x6d0 [ 480.878743] out_of_memory+0x349/0x1250 [ 480.882708] ? oom_killer_disable+0x270/0x270 [ 480.887199] mem_cgroup_out_of_memory+0x1c7/0x240 [ 480.892031] ? memcg_event_wake+0x210/0x210 [ 480.896367] ? do_raw_spin_unlock+0x171/0x260 [ 480.900851] try_charge+0xe22/0x1300 [ 480.904559] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 480.909392] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 480.914227] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 480.920370] ? mark_held_locks+0xf0/0xf0 [ 480.924687] mem_cgroup_try_charge+0x249/0x5c0 [ 480.929263] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 480.934182] __handle_mm_fault+0x1cfb/0x3b60 [ 480.938581] ? copy_page_range+0x1e70/0x1e70 [ 480.942978] ? count_memcg_event_mm+0x279/0x4c0 [ 480.947910] handle_mm_fault+0x1a5/0x670 [ 480.951975] __get_user_pages+0x599/0x1650 [ 480.956213] ? follow_page_mask+0x1a60/0x1a60 [ 480.960792] ? lock_acquire+0x170/0x400 [ 480.964770] populate_vma_page_range+0x1fd/0x290 [ 480.969607] __mm_populate+0x1e8/0x350 [ 480.973496] ? populate_vma_page_range+0x290/0x290 [ 480.978496] ? do_mlock+0x6b0/0x6b0 [ 480.982118] __x64_sys_mlockall+0x340/0x500 [ 480.986430] do_syscall_64+0xf9/0x620 [ 480.990398] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 480.995576] RIP: 0033:0x45c479 [ 480.998911] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.017802] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 481.026547] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 481.034150] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 481.041408] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 481.048669] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 481.056012] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 481.064722] Task in /syz3 killed as a result of limit of /syz3 [ 481.071193] memory: usage 307200kB, limit 307200kB, failcnt 7353 [ 481.077351] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 481.084202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 481.090387] Memory cgroup stats for /syz3: cache:20KB rss:296316KB rss_huge:159744KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:124536KB active_anon:9052KB inactive_file:0KB active_file:4KB unevictable:162776KB 14:21:37 executing program 5: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:37 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x10000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000080)={0x5, 0x4, 0x4, 0x1, 0x8ed, {}, {0x1, 0x1, 0x3f, 0x0, 0x5, 0x4, "c47e6acb"}, 0x9, 0x1, @offset=0x5, 0x7fff, 0x0, 0xffffffffffffffff}) ioctl$NBD_CLEAR_QUE(r1, 0xab05) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x7) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) [ 481.111984] Memory cgroup out of memory: Kill process 12796 (syz-executor.3) score 1163 or sacrifice child [ 481.122313] Killed process 12796 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 481.141665] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 481.173871] oom_reaper: reaped process 12796 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 481.182106] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 481.198382] CPU: 0 PID: 12798 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 481.206403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.215766] Call Trace: [ 481.219184] dump_stack+0x188/0x20d [ 481.222838] dump_header+0x159/0xa5e [ 481.226572] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 481.231690] ? ___ratelimit+0x59/0x573 [ 481.235598] oom_kill_process.cold+0x10/0x6dc [ 481.240120] ? task_will_free_mem+0x134/0x6d0 [ 481.244636] out_of_memory+0x349/0x1250 [ 481.248638] ? oom_killer_disable+0x270/0x270 [ 481.253167] mem_cgroup_out_of_memory+0x1c7/0x240 [ 481.258030] ? memcg_event_wake+0x210/0x210 [ 481.262379] ? do_raw_spin_unlock+0x171/0x260 [ 481.266935] try_charge+0xe22/0x1300 [ 481.270688] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 481.275555] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 481.280426] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 481.286668] ? mark_held_locks+0xf0/0xf0 [ 481.290800] mem_cgroup_try_charge+0x249/0x5c0 [ 481.295491] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 481.300477] __handle_mm_fault+0x1cfb/0x3b60 [ 481.305051] ? copy_page_range+0x1e70/0x1e70 [ 481.309509] ? count_memcg_event_mm+0x279/0x4c0 [ 481.314200] handle_mm_fault+0x1a5/0x670 [ 481.318453] __get_user_pages+0x599/0x1650 [ 481.322699] ? follow_page_mask+0x1a60/0x1a60 [ 481.327238] ? lock_acquire+0x170/0x400 [ 481.331257] populate_vma_page_range+0x1fd/0x290 [ 481.336031] __mm_populate+0x1e8/0x350 [ 481.340005] ? populate_vma_page_range+0x290/0x290 [ 481.345015] ? do_mlock+0x6b0/0x6b0 [ 481.348769] __x64_sys_mlockall+0x340/0x500 [ 481.353107] do_syscall_64+0xf9/0x620 [ 481.357052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 481.362252] RIP: 0033:0x45c479 [ 481.365486] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.384383] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 481.392091] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 481.399369] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 481.406662] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 481.413992] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 481.421388] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 481.443832] Task in /syz2 killed as a result of limit of /syz2 [ 481.623137] memory: usage 307200kB, limit 307200kB, failcnt 17184 [ 481.630101] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 481.636872] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 481.643282] Memory cgroup stats for /syz2: cache:72KB rss:296552KB rss_huge:161792KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:4KB active_file:0KB unevictable:148472KB [ 481.664977] Memory cgroup out of memory: Kill process 12716 (syz-executor.2) score 1163 or sacrifice child [ 481.674920] Killed process 12716 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 481.732627] oom_reaper: reaped process 12716 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 481.758075] audit: type=1800 audit(1583245297.854:214): pid=12820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16705 res=0 [ 481.779921] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 481.791234] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 481.796623] CPU: 0 PID: 12805 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 481.804501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.814730] Call Trace: [ 481.817326] dump_stack+0x188/0x20d [ 481.820963] dump_header+0x159/0xa5e [ 481.824682] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 481.829787] ? ___ratelimit+0x59/0x573 [ 481.833684] oom_kill_process.cold+0x10/0x6dc [ 481.838184] ? task_will_free_mem+0x134/0x6d0 [ 481.842698] out_of_memory+0x349/0x1250 [ 481.847123] ? oom_killer_disable+0x270/0x270 [ 481.851790] mem_cgroup_out_of_memory+0x1c7/0x240 [ 481.856651] ? memcg_event_wake+0x210/0x210 [ 481.860993] ? do_raw_spin_unlock+0x171/0x260 [ 481.865509] try_charge+0xe22/0x1300 [ 481.869259] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 481.874121] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 481.878995] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 481.885064] ? mark_held_locks+0xf0/0xf0 [ 481.889151] mem_cgroup_try_charge+0x249/0x5c0 [ 481.893753] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 481.898702] __handle_mm_fault+0x1cfb/0x3b60 [ 481.903130] ? copy_page_range+0x1e70/0x1e70 [ 481.907562] ? count_memcg_event_mm+0x279/0x4c0 [ 481.912268] handle_mm_fault+0x1a5/0x670 [ 481.916355] __get_user_pages+0x599/0x1650 [ 481.920642] ? follow_page_mask+0x1a60/0x1a60 [ 481.925160] ? lock_acquire+0x170/0x400 [ 481.929667] populate_vma_page_range+0x1fd/0x290 [ 481.934437] __mm_populate+0x1e8/0x350 [ 481.938331] ? populate_vma_page_range+0x290/0x290 [ 481.943267] ? do_mlock+0x6b0/0x6b0 [ 481.946908] __x64_sys_mlockall+0x340/0x500 [ 481.951237] do_syscall_64+0xf9/0x620 [ 481.955046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 481.960237] RIP: 0033:0x45c479 [ 481.963437] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.982344] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 481.990064] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 481.997337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 482.004609] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 482.011895] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 482.019182] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 482.026738] Task in /syz3 killed as a result of limit of /syz3 [ 482.032779] memory: usage 288624kB, limit 307200kB, failcnt 7407 [ 482.038957] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.045714] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.051882] Memory cgroup stats for /syz3: cache:20KB rss:278016KB rss_huge:157696KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:108200KB active_anon:9052KB inactive_file:4KB active_file:0KB unevictable:160728KB [ 482.073432] Memory cgroup out of memory: Kill process 12719 (syz-executor.3) score 1163 or sacrifice child [ 482.083313] Killed process 12719 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 482.095700] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 482.107497] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 482.113251] CPU: 1 PID: 12817 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 482.121143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.130764] Call Trace: [ 482.133365] dump_stack+0x188/0x20d [ 482.137041] dump_header+0x159/0xa5e [ 482.140764] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 482.145874] ? ___ratelimit+0x59/0x573 [ 482.151597] oom_kill_process.cold+0x10/0x6dc [ 482.156108] ? task_will_free_mem+0x134/0x6d0 [ 482.160618] out_of_memory+0x349/0x1250 [ 482.164601] ? oom_killer_disable+0x270/0x270 [ 482.169111] mem_cgroup_out_of_memory+0x1c7/0x240 [ 482.173982] ? memcg_event_wake+0x210/0x210 [ 482.178324] ? do_raw_spin_unlock+0x171/0x260 [ 482.182844] try_charge+0xe22/0x1300 [ 482.186587] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 482.191455] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 482.196667] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 482.202752] ? lock_downgrade+0x740/0x740 [ 482.206911] mem_cgroup_try_charge+0x249/0x5c0 [ 482.211524] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 482.216481] do_huge_pmd_wp_page+0x921/0x32f0 [ 482.221536] ? __split_huge_pmd+0x29c0/0x29c0 [ 482.223953] oom_reaper: reaped process 12719 (syz-executor.3), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 482.226047] ? pmd_val+0x7c/0xf0 [ 482.239740] ? add_mm_counter_fast.part.0+0x40/0x40 [ 482.244784] __handle_mm_fault+0x1561/0x3b60 [ 482.249215] ? copy_page_range+0x1e70/0x1e70 [ 482.253789] ? count_memcg_event_mm+0x279/0x4c0 [ 482.258502] handle_mm_fault+0x1a5/0x670 [ 482.262587] __get_user_pages+0x599/0x1650 [ 482.266951] ? follow_page_mask+0x1a60/0x1a60 [ 482.271476] ? retint_kernel+0x2d/0x2d [ 482.275588] populate_vma_page_range+0x1fd/0x290 [ 482.280377] __mm_populate+0x1e8/0x350 [ 482.284317] ? populate_vma_page_range+0x290/0x290 [ 482.289301] __x64_sys_mlockall+0x340/0x500 [ 482.293636] do_syscall_64+0xf9/0x620 [ 482.297451] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.302661] RIP: 0033:0x45c479 [ 482.305866] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.325036] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 482.332946] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 482.340224] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 482.347522] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 482.354894] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 482.362176] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 482.369663] Task in /syz5 killed as a result of limit of /syz5 [ 482.375882] memory: usage 307200kB, limit 307200kB, failcnt 10795 [ 482.382271] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.389119] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.395413] Memory cgroup stats for /syz5: cache:0KB rss:295916KB rss_huge:32768KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:254924KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:40912KB [ 482.417144] Memory cgroup out of memory: Kill process 12813 (syz-executor.5) score 1233 or sacrifice child [ 482.427396] Killed process 12828 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 482.458056] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 482.514274] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 482.577964] CPU: 1 PID: 12784 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 482.585893] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.595257] Call Trace: [ 482.597870] dump_stack+0x188/0x20d [ 482.601595] dump_header+0x159/0xa5e [ 482.605344] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 482.610457] ? ___ratelimit+0x59/0x573 [ 482.614356] oom_kill_process.cold+0x10/0x6dc [ 482.618863] ? task_will_free_mem+0x134/0x6d0 [ 482.623370] out_of_memory+0x349/0x1250 [ 482.627358] ? oom_killer_disable+0x270/0x270 [ 482.631875] mem_cgroup_out_of_memory+0x1c7/0x240 [ 482.636723] ? memcg_event_wake+0x210/0x210 [ 482.641089] ? do_raw_spin_unlock+0x171/0x260 [ 482.645589] try_charge+0xe22/0x1300 [ 482.649330] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 482.654183] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 482.659036] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 482.665127] ? lock_downgrade+0x740/0x740 [ 482.669291] mem_cgroup_try_charge+0x249/0x5c0 [ 482.673893] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 482.678831] do_huge_pmd_wp_page+0x921/0x32f0 [ 482.683347] ? __split_huge_pmd+0x29c0/0x29c0 [ 482.687851] ? pmd_val+0x7c/0xf0 [ 482.691243] ? add_mm_counter_fast.part.0+0x40/0x40 [ 482.696267] __handle_mm_fault+0x1561/0x3b60 [ 482.700692] ? copy_page_range+0x1e70/0x1e70 [ 482.706165] ? count_memcg_event_mm+0x279/0x4c0 [ 482.710899] handle_mm_fault+0x1a5/0x670 [ 482.714980] __do_page_fault+0x5ed/0xdd0 [ 482.719300] ? trace_hardirqs_off_caller+0x55/0x210 [ 482.724346] ? vmalloc_fault+0x730/0x730 [ 482.728417] ? page_fault+0x8/0x30 [ 482.731977] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.736841] ? page_fault+0x8/0x30 [ 482.740394] page_fault+0x1e/0x30 [ 482.744460] RIP: 0033:0x4006c4 [ 482.747667] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 51 55 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 37 55 00 00 8a [ 482.766580] RSP: 002b:00007ffcf1e9a300 EFLAGS: 00010202 [ 482.772046] RAX: 0000000020000100 RBX: 000000000076c920 RCX: 0000000020000200 [ 482.779325] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000020000100 [ 482.786604] RBP: 00000000007706c8 R08: 0000000000000000 R09: 0000000000000000 [ 482.793886] R10: 00007ffcf1e9a410 R11: 0000000000000246 R12: 000000000076c060 [ 482.801162] R13: 00000000007706d0 R14: 00000000000758ae R15: 000000000076c06c [ 482.820037] Task in /syz4 killed as a result of limit of /syz4 [ 482.826248] memory: usage 307180kB, limit 307200kB, failcnt 3298 [ 482.832554] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.839475] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 482.845703] Memory cgroup stats for /syz4: cache:56KB rss:295296KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270388KB active_anon:2404KB inactive_file:0KB active_file:8KB unevictable:22608KB [ 482.867566] Memory cgroup out of memory: Kill process 12784 (syz-executor.4) score 1233 or sacrifice child [ 482.877946] Killed process 12815 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 482.909260] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 482.921153] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 482.926715] CPU: 1 PID: 12817 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 482.934613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.943980] Call Trace: [ 482.946592] dump_stack+0x188/0x20d [ 482.950244] dump_header+0x159/0xa5e [ 482.953978] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 482.959286] ? ___ratelimit+0x59/0x573 [ 482.963196] oom_kill_process.cold+0x10/0x6dc [ 482.967857] ? task_will_free_mem+0x134/0x6d0 [ 482.972367] out_of_memory+0x349/0x1250 [ 482.976342] ? oom_killer_disable+0x270/0x270 [ 482.980859] mem_cgroup_out_of_memory+0x1c7/0x240 [ 482.985700] ? memcg_event_wake+0x210/0x210 [ 482.990038] ? do_raw_spin_unlock+0x171/0x260 [ 482.994559] try_charge+0xe22/0x1300 [ 482.998355] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 483.003236] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 483.008099] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 483.014163] ? lock_downgrade+0x740/0x740 [ 483.018329] mem_cgroup_try_charge+0x249/0x5c0 [ 483.022910] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 483.027872] do_huge_pmd_wp_page+0x921/0x32f0 [ 483.032391] ? __split_huge_pmd+0x29c0/0x29c0 [ 483.037023] ? pmd_val+0x7c/0xf0 [ 483.040406] ? add_mm_counter_fast.part.0+0x40/0x40 [ 483.045563] __handle_mm_fault+0x1561/0x3b60 [ 483.050098] ? copy_page_range+0x1e70/0x1e70 [ 483.054521] ? count_memcg_event_mm+0x279/0x4c0 [ 483.059204] handle_mm_fault+0x1a5/0x670 [ 483.063272] __get_user_pages+0x599/0x1650 [ 483.067649] ? follow_page_mask+0x1a60/0x1a60 [ 483.072145] ? retint_kernel+0x2d/0x2d [ 483.076058] populate_vma_page_range+0x1fd/0x290 [ 483.080826] __mm_populate+0x1e8/0x350 [ 483.084744] ? populate_vma_page_range+0x290/0x290 [ 483.089791] __x64_sys_mlockall+0x340/0x500 [ 483.094151] do_syscall_64+0xf9/0x620 [ 483.097984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 483.103197] RIP: 0033:0x45c479 [ 483.106391] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 483.125506] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 483.133224] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 483.140577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 483.147849] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 483.155570] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 483.162890] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 483.170432] Task in /syz5 killed as a result of limit of /syz5 [ 483.176494] memory: usage 303280kB, limit 307200kB, failcnt 10802 [ 483.182824] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 483.190357] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 483.196518] Memory cgroup stats for /syz5: cache:0KB rss:292328KB rss_huge:32768KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:251252KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:40912KB [ 483.218042] Memory cgroup out of memory: Kill process 12813 (syz-executor.5) score 1233 or sacrifice child [ 483.227945] Killed process 12817 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:56432kB, shmem-rss:0kB [ 483.239014] oom_reaper: reaped process 12817 (syz-executor.5), now anon-rss:18384kB, file-rss:56424kB, shmem-rss:0kB 14:21:39 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:39 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x40000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:39 executing program 0: r0 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r0, 0x2008002) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000140)={0x1, 0x1, {0x3a, 0x23, 0x17, 0x1e, 0x1, 0x3bb8124c, 0x0, 0x7c, 0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x30, 0x0, 0x3}, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r1, 0x0) r2 = perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0xc0, 0x0, 0xfc, 0x0, 0x0, 0x3, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1aac, 0x4}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x8, r1, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200000, 0x0) ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000080)=0x82) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, &(0x7f00000000c0)={0x2, 0x2, {0x2, 0x0, 0xfc3d, 0x1}, 0x9}) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x7) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 14:21:39 executing program 5: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:39 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:39 executing program 4: socket$inet6(0xa, 0x5, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 483.466387] audit: type=1804 audit(1583245299.564:215): pid=12839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/268/bus" dev="sda1" ino=16675 res=1 [ 483.529414] audit: type=1804 audit(1583245299.614:216): pid=12839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/268/bus" dev="sda1" ino=16675 res=1 [ 484.110064] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 484.122339] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 484.128365] CPU: 0 PID: 12848 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 484.136286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.145649] Call Trace: [ 484.148363] dump_stack+0x188/0x20d [ 484.152025] dump_header+0x159/0xa5e [ 484.155852] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 484.161053] ? ___ratelimit+0x59/0x573 [ 484.164970] oom_kill_process.cold+0x10/0x6dc [ 484.169928] ? task_will_free_mem+0x134/0x6d0 [ 484.174595] out_of_memory+0x349/0x1250 [ 484.178679] ? oom_killer_disable+0x270/0x270 [ 484.183206] mem_cgroup_out_of_memory+0x1c7/0x240 [ 484.188064] ? memcg_event_wake+0x210/0x210 [ 484.192401] ? do_raw_spin_unlock+0x171/0x260 [ 484.196904] try_charge+0xe22/0x1300 [ 484.200639] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 484.205837] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 484.210790] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 484.216869] mem_cgroup_try_charge+0x249/0x5c0 [ 484.221466] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 484.226408] wp_page_copy+0x3fe/0x1530 [ 484.230319] ? mark_held_locks+0xa6/0xf0 [ 484.234412] ? follow_pfn+0x260/0x260 [ 484.238232] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.242995] do_wp_page+0x518/0xfa0 [ 484.246650] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 484.251775] __handle_mm_fault+0x21a4/0x3b60 [ 484.256200] ? copy_page_range+0x1e70/0x1e70 [ 484.260735] ? count_memcg_event_mm+0x279/0x4c0 [ 484.265445] handle_mm_fault+0x1a5/0x670 [ 484.269541] __get_user_pages+0x599/0x1650 [ 484.273799] ? follow_page_mask+0x1a60/0x1a60 [ 484.278354] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.283245] ? retint_kernel+0x2d/0x2d [ 484.287165] populate_vma_page_range+0x1fd/0x290 [ 484.291950] __mm_populate+0x1e8/0x350 [ 484.295870] ? populate_vma_page_range+0x290/0x290 [ 484.300810] ? do_mlock+0x6b0/0x6b0 [ 484.304466] __x64_sys_mlockall+0x340/0x500 [ 484.308806] do_syscall_64+0xf9/0x620 [ 484.312645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 484.317972] RIP: 0033:0x45c479 [ 484.321180] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 484.340094] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 484.348612] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 484.356044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 484.363330] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 484.370951] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 484.378241] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 484.389909] Task in /syz4 killed as a result of limit of /syz4 [ 484.396285] memory: usage 307200kB, limit 307200kB, failcnt 3501 [ 484.402664] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 484.409956] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 484.416398] Memory cgroup stats for /syz4: cache:56KB rss:296868KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272164KB active_anon:2392KB inactive_file:8KB active_file:4KB unevictable:22348KB [ 484.438496] Memory cgroup out of memory: Kill process 12843 (syz-executor.4) score 1233 or sacrifice child [ 484.448690] Killed process 12853 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 484.461436] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 484.472871] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 484.478861] CPU: 1 PID: 12838 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 484.486754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.496423] Call Trace: [ 484.499174] dump_stack+0x188/0x20d [ 484.502831] dump_header+0x159/0xa5e [ 484.506572] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 14:21:40 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x80000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 484.511701] ? ___ratelimit+0x59/0x573 [ 484.515625] oom_kill_process.cold+0x10/0x6dc [ 484.520171] ? task_will_free_mem+0x134/0x6d0 [ 484.524696] out_of_memory+0x349/0x1250 [ 484.528721] ? oom_killer_disable+0x270/0x270 [ 484.533247] mem_cgroup_out_of_memory+0x1c7/0x240 [ 484.538113] ? memcg_event_wake+0x210/0x210 [ 484.542470] ? do_raw_spin_unlock+0x171/0x260 [ 484.546984] try_charge+0xe22/0x1300 [ 484.550717] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 484.555588] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 484.560494] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 484.566585] mem_cgroup_try_charge+0x249/0x5c0 [ 484.571330] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 484.576284] wp_page_copy+0x3fe/0x1530 [ 484.580177] ? follow_pfn+0x260/0x260 [ 484.583986] ? __lock_acquire+0x6ee/0x49c0 [ 484.588251] do_wp_page+0x518/0xfa0 [ 484.591909] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 484.596598] __handle_mm_fault+0x21a4/0x3b60 [ 484.601046] ? copy_page_range+0x1e70/0x1e70 [ 484.605468] ? count_memcg_event_mm+0x279/0x4c0 [ 484.610151] handle_mm_fault+0x1a5/0x670 [ 484.614230] __get_user_pages+0x599/0x1650 [ 484.618481] ? follow_page_mask+0x1a60/0x1a60 [ 484.623164] ? populate_vma_page_range+0x10e/0x290 [ 484.628226] populate_vma_page_range+0x1fd/0x290 [ 484.632985] __mm_populate+0x1e8/0x350 [ 484.636895] ? populate_vma_page_range+0x290/0x290 [ 484.641949] ? do_mlock+0x6b0/0x6b0 [ 484.645580] __x64_sys_mlockall+0x340/0x500 [ 484.649908] do_syscall_64+0xf9/0x620 [ 484.653736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 484.658929] RIP: 0033:0x45c479 [ 484.662127] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 484.683205] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 484.690919] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 484.698215] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 484.705522] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 484.712822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 484.720203] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 484.728578] Task in /syz3 killed as a result of limit of /syz3 [ 484.734945] memory: usage 307200kB, limit 307200kB, failcnt 7436 [ 484.741261] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 484.748285] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 484.754906] Memory cgroup stats for /syz3: cache:20KB rss:296200KB rss_huge:155648KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:119492KB active_anon:9036KB inactive_file:4KB active_file:0KB unevictable:167756KB [ 484.777074] Memory cgroup out of memory: Kill process 12837 (syz-executor.3) score 1233 or sacrifice child [ 484.787828] Killed process 12849 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB [ 484.822119] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 484.833926] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 484.839573] CPU: 0 PID: 12848 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 484.847452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.856802] Call Trace: [ 484.859407] dump_stack+0x188/0x20d [ 484.863049] dump_header+0x159/0xa5e [ 484.866768] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 484.871892] ? ___ratelimit+0x59/0x573 [ 484.875787] oom_kill_process.cold+0x10/0x6dc [ 484.880288] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.885071] ? task_will_free_mem+0x134/0x6d0 [ 484.889575] out_of_memory+0x349/0x1250 [ 484.893557] ? oom_killer_disable+0x270/0x270 [ 484.898069] mem_cgroup_out_of_memory+0x1c7/0x240 [ 484.902914] ? memcg_event_wake+0x210/0x210 [ 484.907246] ? do_raw_spin_unlock+0x171/0x260 [ 484.912007] try_charge+0xe22/0x1300 [ 484.915739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 484.920629] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 484.925607] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 484.931712] mem_cgroup_try_charge+0x249/0x5c0 [ 484.936349] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 484.941305] wp_page_copy+0x3fe/0x1530 [ 484.945242] ? mark_held_locks+0xa6/0xf0 [ 484.949332] ? follow_pfn+0x260/0x260 [ 484.953173] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.957943] do_wp_page+0x518/0xfa0 [ 484.961594] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 484.966294] __handle_mm_fault+0x21a4/0x3b60 [ 484.970821] ? copy_page_range+0x1e70/0x1e70 [ 484.975252] ? count_memcg_event_mm+0x279/0x4c0 [ 484.979969] handle_mm_fault+0x1a5/0x670 [ 484.984065] __get_user_pages+0x599/0x1650 [ 484.988332] ? follow_page_mask+0x1a60/0x1a60 [ 484.992838] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 484.997728] ? retint_kernel+0x2d/0x2d [ 485.001639] populate_vma_page_range+0x1fd/0x290 [ 485.006416] __mm_populate+0x1e8/0x350 [ 485.010318] ? populate_vma_page_range+0x290/0x290 [ 485.015250] ? do_mlock+0x6b0/0x6b0 [ 485.018895] __x64_sys_mlockall+0x340/0x500 [ 485.023233] do_syscall_64+0xf9/0x620 [ 485.027047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 485.032249] RIP: 0033:0x45c479 [ 485.035569] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 485.054515] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 485.062246] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 485.069720] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 485.077006] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 485.084299] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 485.091591] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 485.100347] Task in /syz4 killed as a result of limit of /syz4 [ 485.106624] memory: usage 305164kB, limit 307200kB, failcnt 3507 [ 485.112983] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 14:21:41 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x803e0000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 485.120052] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.126400] Memory cgroup stats for /syz4: cache:56KB rss:295068KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2392KB inactive_file:12KB active_file:0KB unevictable:22348KB [ 485.148683] Memory cgroup out of memory: Kill process 12843 (syz-executor.4) score 1233 or sacrifice child [ 485.159107] Killed process 12843 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB [ 485.171097] audit: type=1804 audit(1583245300.584:217): pid=12851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/268/bus" dev="sda1" ino=16675 res=1 [ 485.171353] oom_reaper: reaped process 12843 (syz-executor.4), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB 14:21:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r2, 0x0) r3 = socket(0xa, 0x5, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000340)={r5}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000000)={0xbe, 0x2, 0x820c, 0x0, 0x4, 0x7, 0x6d, 0xa702, r5}, &(0x7f0000000080)=0x20) r6 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) [ 485.197985] audit: type=1800 audit(1583245301.164:218): pid=12839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16675 res=0 [ 485.208855] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 485.244738] audit: type=1800 audit(1583245301.164:219): pid=12851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16675 res=0 14:21:41 executing program 5: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 485.304156] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 485.324194] CPU: 0 PID: 12842 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 485.332125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.341576] Call Trace: [ 485.344178] dump_stack+0x188/0x20d [ 485.347812] dump_header+0x159/0xa5e [ 485.351531] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 485.356658] ? ___ratelimit+0x59/0x573 [ 485.360556] oom_kill_process.cold+0x10/0x6dc [ 485.365059] ? task_will_free_mem+0x134/0x6d0 [ 485.369602] out_of_memory+0x349/0x1250 [ 485.373598] ? oom_killer_disable+0x270/0x270 [ 485.378110] mem_cgroup_out_of_memory+0x1c7/0x240 [ 485.382958] ? memcg_event_wake+0x210/0x210 [ 485.387290] ? do_raw_spin_unlock+0x171/0x260 [ 485.391789] try_charge+0xe22/0x1300 [ 485.395511] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 485.400386] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 485.405236] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 485.411296] ? mark_held_locks+0xf0/0xf0 [ 485.415381] mem_cgroup_try_charge+0x249/0x5c0 [ 485.419998] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 485.425019] __handle_mm_fault+0x1cfb/0x3b60 [ 485.429448] ? copy_page_range+0x1e70/0x1e70 [ 485.433861] ? count_memcg_event_mm+0x279/0x4c0 [ 485.438550] handle_mm_fault+0x1a5/0x670 [ 485.442617] __get_user_pages+0x599/0x1650 [ 485.446881] ? follow_page_mask+0x1a60/0x1a60 [ 485.451388] ? lock_acquire+0x170/0x400 [ 485.455370] populate_vma_page_range+0x1fd/0x290 [ 485.460129] __mm_populate+0x1e8/0x350 [ 485.464031] ? populate_vma_page_range+0x290/0x290 [ 485.468973] ? do_mlock+0x6b0/0x6b0 [ 485.472633] __x64_sys_mlockall+0x340/0x500 [ 485.477055] do_syscall_64+0xf9/0x620 [ 485.480882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 485.486088] RIP: 0033:0x45c479 [ 485.489297] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 485.508333] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 485.516515] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 485.523807] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 485.531095] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 485.538398] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 485.545667] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 485.575825] Task in /syz2 killed as a result of limit of /syz2 [ 485.591392] memory: usage 307116kB, limit 307200kB, failcnt 17205 [ 485.599591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.606543] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.613268] Memory cgroup stats for /syz2: cache:72KB rss:296492KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:0KB active_file:0KB unevictable:148412KB [ 485.635886] Memory cgroup out of memory: Kill process 12777 (syz-executor.2) score 1163 or sacrifice child [ 485.646159] Killed process 12777 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 485.688906] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 485.700199] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 485.705598] CPU: 0 PID: 12868 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 485.713484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.724174] Call Trace: [ 485.726792] dump_stack+0x188/0x20d [ 485.730443] dump_header+0x159/0xa5e [ 485.734203] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 485.739348] ? ___ratelimit+0x59/0x573 [ 485.743258] oom_kill_process.cold+0x10/0x6dc [ 485.747771] ? task_will_free_mem+0x134/0x6d0 [ 485.752284] out_of_memory+0x349/0x1250 [ 485.756300] ? oom_killer_disable+0x270/0x270 [ 485.761772] mem_cgroup_out_of_memory+0x1c7/0x240 [ 485.766635] ? memcg_event_wake+0x210/0x210 [ 485.770977] ? do_raw_spin_unlock+0x171/0x260 [ 485.775492] try_charge+0xe22/0x1300 [ 485.779229] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 485.784093] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 485.788952] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 485.795021] ? mark_held_locks+0xf0/0xf0 [ 485.799196] mem_cgroup_try_charge+0x249/0x5c0 [ 485.803834] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 485.808772] __handle_mm_fault+0x1cfb/0x3b60 [ 485.813187] ? copy_page_range+0x1e70/0x1e70 [ 485.817622] ? count_memcg_event_mm+0x279/0x4c0 [ 485.822353] handle_mm_fault+0x1a5/0x670 [ 485.826429] __get_user_pages+0x599/0x1650 [ 485.830680] ? follow_page_mask+0x1a60/0x1a60 [ 485.835274] ? lock_acquire+0x170/0x400 [ 485.839250] populate_vma_page_range+0x1fd/0x290 [ 485.844009] __mm_populate+0x1e8/0x350 [ 485.847920] ? populate_vma_page_range+0x290/0x290 [ 485.852874] ? do_mlock+0x6b0/0x6b0 [ 485.856519] __x64_sys_mlockall+0x340/0x500 [ 485.860845] do_syscall_64+0xf9/0x620 [ 485.864666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 485.869865] RIP: 0033:0x45c479 [ 485.873057] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 485.892164] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 485.899880] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 485.907160] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 485.914509] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 485.921857] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 485.929116] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c 14:21:42 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd0070000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 485.936593] Task in /syz5 killed as a result of limit of /syz5 [ 485.942662] memory: usage 307200kB, limit 307200kB, failcnt 10841 [ 485.949267] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.956033] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 485.963422] Memory cgroup stats for /syz5: cache:0KB rss:297372KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:269632KB active_anon:288KB inactive_file:8KB active_file:4KB unevictable:27572KB [ 485.985687] Memory cgroup out of memory: Kill process 12852 (syz-executor.5) score 1163 or sacrifice child [ 485.995602] Killed process 12852 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 486.029746] Memory cgroup out of memory: Kill process 12867 (syz-executor.5) score 1164 or sacrifice child [ 486.040586] Killed process 12867 (syz-executor.5) total-vm:74700kB, anon-rss:14632kB, file-rss:39080kB, shmem-rss:0kB 14:21:42 executing program 5: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 486.090247] oom_reaper: reaped process 12852 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 486.540527] oom_kill_process: 1 callbacks suppressed [ 486.540564] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 486.557479] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 486.564455] CPU: 0 PID: 12877 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 486.572364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.581972] Call Trace: [ 486.584611] dump_stack+0x188/0x20d [ 486.588295] dump_header+0x159/0xa5e [ 486.592124] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 486.597272] ? ___ratelimit+0x59/0x573 [ 486.601184] oom_kill_process.cold+0x10/0x6dc [ 486.605697] ? task_will_free_mem+0x134/0x6d0 [ 486.610210] out_of_memory+0x349/0x1250 [ 486.614289] ? oom_killer_disable+0x270/0x270 [ 486.618809] mem_cgroup_out_of_memory+0x1c7/0x240 [ 486.623667] ? memcg_event_wake+0x210/0x210 [ 486.628010] ? do_raw_spin_unlock+0x171/0x260 [ 486.632524] try_charge+0xe22/0x1300 [ 486.636274] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 486.641222] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 486.646103] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 486.652203] mem_cgroup_try_charge+0x249/0x5c0 [ 486.656810] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 486.661844] do_huge_pmd_wp_page+0x921/0x32f0 [ 486.666370] ? __split_huge_pmd+0x29c0/0x29c0 [ 486.670999] ? retint_kernel+0x2d/0x2d [ 486.674906] ? pmd_val+0x7c/0xf0 [ 486.678285] ? add_mm_counter_fast.part.0+0x40/0x40 [ 486.683310] ? __handle_mm_fault+0x383/0x3b60 [ 486.687821] __handle_mm_fault+0x1561/0x3b60 [ 486.692244] ? copy_page_range+0x1e70/0x1e70 [ 486.696664] ? count_memcg_event_mm+0x279/0x4c0 [ 486.701369] handle_mm_fault+0x1a5/0x670 [ 486.705458] __get_user_pages+0x599/0x1650 [ 486.709729] ? follow_page_mask+0x1a60/0x1a60 [ 486.714252] ? populate_vma_page_range+0x17e/0x290 [ 486.719285] populate_vma_page_range+0x1fd/0x290 [ 486.724103] __mm_populate+0x1e8/0x350 [ 486.728029] ? populate_vma_page_range+0x290/0x290 [ 486.733099] ? do_mlock+0x6b0/0x6b0 [ 486.736762] __x64_sys_mlockall+0x340/0x500 14:21:42 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:42 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000002c0)=0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r3, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000300)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r3, 0xc0086423, &(0x7f0000000340)={r4, 0x7}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000080)={0x4, 0x7, 0xe7, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x990902, 0x4, [], @value=0x4}}) ioctl$DRM_IOCTL_MODE_ATOMIC(r8, 0xc03864bc, &(0x7f00000001c0)={0x701, 0x3, &(0x7f00000000c0)=[0x4, 0x63, 0x8], &(0x7f0000000100)=[0xff], &(0x7f0000000140)=[0x4, 0x3], &(0x7f0000000180)=[0x8, 0x5, 0x0], 0x0, 0x1}) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x7) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) 14:21:42 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:42 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:42 executing program 4: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 486.741234] do_syscall_64+0xf9/0x620 [ 486.745066] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 486.750403] RIP: 0033:0x45c479 [ 486.753612] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 486.772529] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 486.780319] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 486.787607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 486.794982] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 486.802278] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 486.809565] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 486.820279] Task in /syz5 killed as a result of limit of /syz5 [ 486.826536] memory: usage 307200kB, limit 307200kB, failcnt 10897 [ 486.833007] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 486.839929] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 486.846341] Memory cgroup stats for /syz5: cache:0KB rss:296000KB rss_huge:38912KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:252880KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:43088KB [ 486.868380] Memory cgroup out of memory: Kill process 12876 (syz-executor.5) score 1233 or sacrifice child [ 486.878684] Killed process 12883 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 487.001675] oom_reaper: reaped process 12883 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 487.270232] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 487.281777] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 487.287421] CPU: 0 PID: 12889 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 487.295444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.304839] Call Trace: [ 487.307446] dump_stack+0x188/0x20d [ 487.311124] dump_header+0x159/0xa5e [ 487.314988] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 487.320219] ? ___ratelimit+0x59/0x573 [ 487.324644] oom_kill_process.cold+0x10/0x6dc [ 487.329278] ? task_will_free_mem+0x134/0x6d0 [ 487.333821] out_of_memory+0x349/0x1250 [ 487.337928] ? oom_killer_disable+0x270/0x270 [ 487.342447] mem_cgroup_out_of_memory+0x1c7/0x240 [ 487.347301] ? memcg_event_wake+0x210/0x210 [ 487.351663] ? do_raw_spin_unlock+0x171/0x260 [ 487.356254] try_charge+0xe22/0x1300 [ 487.360080] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 487.364940] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 487.369954] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 487.376250] mem_cgroup_try_charge+0x249/0x5c0 [ 487.380972] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 487.386184] wp_page_copy+0x3fe/0x1530 [ 487.390097] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 487.394886] ? follow_pfn+0x260/0x260 [ 487.398693] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 487.403723] do_wp_page+0x518/0xfa0 [ 487.407359] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 487.412037] __handle_mm_fault+0x21a4/0x3b60 [ 487.416460] ? copy_page_range+0x1e70/0x1e70 [ 487.420960] ? count_memcg_event_mm+0x279/0x4c0 [ 487.425655] handle_mm_fault+0x1a5/0x670 [ 487.429896] __get_user_pages+0x599/0x1650 [ 487.434139] ? follow_page_mask+0x1a60/0x1a60 [ 487.438638] ? mark_held_locks+0xf0/0xf0 [ 487.442708] ? lock_acquire+0x170/0x400 [ 487.446690] populate_vma_page_range+0x1fd/0x290 [ 487.451454] __mm_populate+0x1e8/0x350 [ 487.455349] ? populate_vma_page_range+0x290/0x290 [ 487.460276] ? do_mlock+0x6b0/0x6b0 [ 487.463929] __x64_sys_mlockall+0x340/0x500 [ 487.468257] do_syscall_64+0xf9/0x620 [ 487.472061] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 487.477278] RIP: 0033:0x45c479 [ 487.480475] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 487.499634] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 487.507694] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 487.514962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 487.522662] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 487.529935] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 487.537202] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 487.545280] Task in /syz4 killed as a result of limit of /syz4 [ 487.551523] memory: usage 307200kB, limit 307200kB, failcnt 3528 [ 487.557780] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 487.564783] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 487.571105] Memory cgroup stats for /syz4: cache:56KB rss:296868KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272164KB active_anon:2392KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 487.594292] Memory cgroup out of memory: Kill process 12888 (syz-executor.4) score 1233 or sacrifice child [ 487.604797] Killed process 12897 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:21:43 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:43 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNGETSNDBUF(r0, 0x800454d3, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r5, 0x2008002) setsockopt$bt_l2cap_L2CAP_LM(r5, 0x6, 0x3, &(0x7f0000000000)=0x4, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r1, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 487.858292] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 487.937123] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 487.973280] CPU: 0 PID: 12896 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 487.981183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.990632] Call Trace: [ 487.993257] dump_stack+0x188/0x20d [ 487.996898] dump_header+0x159/0xa5e [ 488.000621] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 488.005731] ? ___ratelimit+0x59/0x573 [ 488.009628] oom_kill_process.cold+0x10/0x6dc [ 488.014159] ? task_will_free_mem+0x134/0x6d0 [ 488.018679] out_of_memory+0x349/0x1250 [ 488.022667] ? oom_killer_disable+0x270/0x270 [ 488.027177] mem_cgroup_out_of_memory+0x1c7/0x240 [ 488.032115] ? memcg_event_wake+0x210/0x210 [ 488.036450] ? do_raw_spin_unlock+0x171/0x260 [ 488.040952] try_charge+0xe22/0x1300 [ 488.044681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 488.049531] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 488.054390] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 488.060465] ? mark_held_locks+0xf0/0xf0 [ 488.064639] mem_cgroup_try_charge+0x249/0x5c0 [ 488.069344] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 488.074295] __handle_mm_fault+0x1cfb/0x3b60 [ 488.078723] ? copy_page_range+0x1e70/0x1e70 [ 488.083147] ? count_memcg_event_mm+0x279/0x4c0 [ 488.087835] handle_mm_fault+0x1a5/0x670 [ 488.091910] __get_user_pages+0x599/0x1650 [ 488.096166] ? follow_page_mask+0x1a60/0x1a60 [ 488.100674] ? lock_acquire+0x170/0x400 [ 488.104667] populate_vma_page_range+0x1fd/0x290 [ 488.109436] __mm_populate+0x1e8/0x350 [ 488.113337] ? populate_vma_page_range+0x290/0x290 [ 488.118318] ? do_mlock+0x6b0/0x6b0 [ 488.122011] __x64_sys_mlockall+0x340/0x500 [ 488.126385] do_syscall_64+0xf9/0x620 [ 488.130302] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 488.135886] RIP: 0033:0x45c479 [ 488.139090] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 488.158089] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 488.165991] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 488.173708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 488.181015] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 14:21:44 executing program 5: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 488.188294] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 488.195574] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 488.275661] Task in /syz2 killed as a result of limit of /syz2 [ 488.282682] memory: usage 307196kB, limit 307200kB, failcnt 17220 [ 488.299579] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 488.324036] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 488.351456] Memory cgroup stats for /syz2: cache:72KB rss:296560KB rss_huge:159744KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137188KB active_anon:8976KB inactive_file:0KB active_file:4KB unevictable:150548KB 14:21:44 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x300000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 488.463702] Memory cgroup out of memory: Kill process 12832 (syz-executor.2) score 1163 or sacrifice child [ 488.499998] Killed process 12832 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 488.538530] oom_reaper: reaped process 12832 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 488.952724] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 488.964281] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 488.970379] CPU: 0 PID: 12915 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 488.978281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.987648] Call Trace: [ 488.990249] dump_stack+0x188/0x20d [ 488.993908] dump_header+0x159/0xa5e [ 488.997632] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 489.002739] ? ___ratelimit+0x59/0x573 [ 489.006633] oom_kill_process.cold+0x10/0x6dc [ 489.011168] out_of_memory+0x349/0x1250 [ 489.015154] ? oom_killer_disable+0x270/0x270 [ 489.019664] mem_cgroup_out_of_memory+0x1c7/0x240 [ 489.024543] ? memcg_event_wake+0x210/0x210 [ 489.028974] ? do_raw_spin_unlock+0x171/0x260 [ 489.033474] try_charge+0xe22/0x1300 [ 489.037200] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 489.042072] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 489.046935] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 489.053109] mem_cgroup_try_charge+0x249/0x5c0 [ 489.057721] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 489.062671] wp_page_copy+0x3fe/0x1530 [ 489.066696] ? mark_held_locks+0xa6/0xf0 [ 489.070798] ? follow_pfn+0x260/0x260 [ 489.074623] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 489.079399] do_wp_page+0x518/0xfa0 [ 489.083074] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 489.087769] __handle_mm_fault+0x21a4/0x3b60 [ 489.092198] ? copy_page_range+0x1e70/0x1e70 [ 489.096617] ? count_memcg_event_mm+0x279/0x4c0 [ 489.101330] handle_mm_fault+0x1a5/0x670 [ 489.105405] __get_user_pages+0x599/0x1650 [ 489.109658] ? follow_page_mask+0x1a60/0x1a60 [ 489.114267] ? retint_kernel+0x2d/0x2d [ 489.118181] ? populate_vma_page_range+0x10e/0x290 [ 489.123129] populate_vma_page_range+0x1fd/0x290 [ 489.127904] __mm_populate+0x1e8/0x350 [ 489.131822] ? populate_vma_page_range+0x290/0x290 [ 489.136759] ? do_mlock+0x6b0/0x6b0 [ 489.140418] __x64_sys_mlockall+0x340/0x500 [ 489.144769] do_syscall_64+0xf9/0x620 [ 489.148587] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 489.153809] RIP: 0033:0x45c479 [ 489.157024] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 489.176030] RSP: 002b:00007f50fc7ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 489.183764] RAX: ffffffffffffffda RBX: 00007f50fc7ed6d4 RCX: 000000000045c479 [ 489.191049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 489.198335] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 489.205713] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 489.213013] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 489.221249] Task in /syz5 killed as a result of limit of /syz5 [ 489.227444] memory: usage 307200kB, limit 307200kB, failcnt 10994 [ 489.233844] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 489.241032] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 489.247288] Memory cgroup stats for /syz5: cache:0KB rss:297156KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:256140KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:40908KB [ 489.269330] Memory cgroup out of memory: Kill process 12912 (syz-executor.5) score 1233 or sacrifice child [ 489.279729] Killed process 12919 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 490.963246] oom_reaper: reaped process 12919 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:21:44 executing program 4: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:47 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:47 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 491.497295] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 491.509030] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 491.514680] CPU: 1 PID: 12922 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 491.522685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.532043] Call Trace: [ 491.534641] dump_stack+0x188/0x20d [ 491.538279] dump_header+0x159/0xa5e [ 491.541988] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 491.547084] ? ___ratelimit+0x59/0x573 [ 491.550969] oom_kill_process.cold+0x10/0x6dc [ 491.555473] ? task_will_free_mem+0x134/0x6d0 [ 491.559987] out_of_memory+0x349/0x1250 [ 491.563985] ? oom_killer_disable+0x270/0x270 [ 491.568519] mem_cgroup_out_of_memory+0x1c7/0x240 [ 491.573365] ? memcg_event_wake+0x210/0x210 [ 491.577704] ? do_raw_spin_unlock+0x171/0x260 [ 491.582214] try_charge+0xe22/0x1300 [ 491.585946] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 491.590806] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 491.595660] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 491.601892] mem_cgroup_try_charge+0x249/0x5c0 [ 491.606483] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 491.611437] wp_page_copy+0x3fe/0x1530 [ 491.615351] ? follow_pfn+0x260/0x260 [ 491.620405] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 491.625043] do_wp_page+0x518/0xfa0 [ 491.629032] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 491.633727] __handle_mm_fault+0x21a4/0x3b60 [ 491.638151] ? copy_page_range+0x1e70/0x1e70 [ 491.642573] ? count_memcg_event_mm+0x279/0x4c0 [ 491.647268] handle_mm_fault+0x1a5/0x670 [ 491.651337] __get_user_pages+0x599/0x1650 [ 491.655686] ? follow_page_mask+0x1a60/0x1a60 [ 491.660228] ? populate_vma_page_range+0x10e/0x290 [ 491.665264] populate_vma_page_range+0x1fd/0x290 [ 491.670037] __mm_populate+0x1e8/0x350 [ 491.673926] ? populate_vma_page_range+0x290/0x290 [ 491.678868] ? __x64_sys_mlockall+0x289/0x500 [ 491.683367] __x64_sys_mlockall+0x340/0x500 [ 491.688059] do_syscall_64+0xf9/0x620 [ 491.691877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 491.697056] RIP: 0033:0x45c479 [ 491.700242] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 491.719564] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 491.727261] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 491.735050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 491.743870] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 491.751127] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 491.758393] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 491.766395] Task in /syz4 killed as a result of limit of /syz4 [ 491.772876] memory: usage 307200kB, limit 307200kB, failcnt 3564 [ 491.779379] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 491.786231] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 491.792505] Memory cgroup stats for /syz4: cache:56KB rss:296868KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272144KB active_anon:2392KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 491.814545] Memory cgroup out of memory: Kill process 12921 (syz-executor.4) score 1233 or sacrifice child [ 491.825887] Killed process 12927 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 491.840994] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 491.853482] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 491.859083] CPU: 0 PID: 12929 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 491.866982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.876954] Call Trace: [ 491.879562] dump_stack+0x188/0x20d [ 491.883212] dump_header+0x159/0xa5e [ 491.886942] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 491.892069] ? ___ratelimit+0x59/0x573 [ 491.895954] oom_kill_process.cold+0x10/0x6dc [ 491.900446] ? task_will_free_mem+0x134/0x6d0 [ 491.904941] out_of_memory+0x349/0x1250 [ 491.908911] ? oom_killer_disable+0x270/0x270 [ 491.913405] mem_cgroup_out_of_memory+0x1c7/0x240 [ 491.918237] ? memcg_event_wake+0x210/0x210 [ 491.922562] ? do_raw_spin_unlock+0x171/0x260 [ 491.927052] try_charge+0xe22/0x1300 [ 491.931920] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 491.936757] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 491.941591] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 491.947638] ? mark_held_locks+0xf0/0xf0 [ 491.951694] mem_cgroup_try_charge+0x249/0x5c0 [ 491.956272] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 491.961195] __handle_mm_fault+0x1cfb/0x3b60 [ 491.965605] ? copy_page_range+0x1e70/0x1e70 [ 491.970024] ? count_memcg_event_mm+0x279/0x4c0 [ 491.974712] handle_mm_fault+0x1a5/0x670 [ 491.978767] __get_user_pages+0x599/0x1650 [ 491.982996] ? follow_page_mask+0x1a60/0x1a60 [ 491.987492] ? lock_acquire+0x170/0x400 [ 491.991461] populate_vma_page_range+0x1fd/0x290 [ 491.998432] __mm_populate+0x1e8/0x350 [ 492.002314] ? populate_vma_page_range+0x290/0x290 [ 492.007404] ? do_mlock+0x6b0/0x6b0 [ 492.011053] __x64_sys_mlockall+0x340/0x500 [ 492.015380] do_syscall_64+0xf9/0x620 [ 492.019699] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 492.025178] RIP: 0033:0x45c479 [ 492.028901] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 492.048041] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 492.055874] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 492.063353] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 492.070649] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 492.078051] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 492.085355] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 492.092849] Task in /syz3 killed as a result of limit of /syz3 [ 492.099749] memory: usage 307200kB, limit 307200kB, failcnt 7460 [ 492.106075] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 492.113417] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 492.119760] Memory cgroup stats for /syz3: cache:20KB rss:296264KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:124924KB active_anon:9052KB inactive_file:4KB active_file:4KB unevictable:160716KB [ 492.141343] Memory cgroup out of memory: Kill process 12830 (syz-executor.3) score 1163 or sacrifice child [ 492.151416] Killed process 12830 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 492.164516] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 492.176572] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 492.182345] CPU: 1 PID: 12922 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 492.190236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 492.199709] Call Trace: [ 492.202322] dump_stack+0x188/0x20d [ 492.205991] dump_header+0x159/0xa5e [ 492.209735] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 492.214861] ? ___ratelimit+0x59/0x573 [ 492.218767] oom_kill_process.cold+0x10/0x6dc [ 492.223296] ? task_will_free_mem+0x134/0x6d0 [ 492.227812] out_of_memory+0x349/0x1250 [ 492.231811] ? oom_killer_disable+0x270/0x270 [ 492.236462] mem_cgroup_out_of_memory+0x1c7/0x240 [ 492.241337] ? memcg_event_wake+0x210/0x210 [ 492.245697] ? do_raw_spin_unlock+0x171/0x260 14:21:48 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000100)={0xa30000, 0x1, 0x6f4, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x9a090d, 0x1, [], @p_u8=&(0x7f0000000080)=0x1}}) write$cgroup_subtree(r2, &(0x7f0000000140)={[{0x2b, 'io'}, {0x2b, 'cpu'}, {0x2d, 'cpu'}, {0x2d, 'memory'}, {0x2d, 'cpu'}, {0x2b, 'rdma'}, {0x2d, 'io'}, {0x2d, 'rdma'}]}, 0x2b) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x51, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r2, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x60, 0x140a, 0x200, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x200040c4) r5 = open(&(0x7f0000000000)='./bus\x00', 0x64001, 0x60) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r5, 0x0) ioctl$TIOCGRS485(r5, 0x542e, &(0x7f0000000000)) ioctl$KVM_RUN(r4, 0xae80, 0x0) r6 = syz_open_dev$mouse(&(0x7f0000000440)='/dev/input/mouse#\x00', 0x9, 0x2300) ioctl$VHOST_SET_VRING_ENDIAN(r6, 0x4008af13, &(0x7f0000000480)={0x2, 0xffffffb7}) [ 492.250210] try_charge+0xe22/0x1300 [ 492.253958] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 492.258832] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 492.263703] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 492.269799] mem_cgroup_try_charge+0x249/0x5c0 [ 492.274544] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 492.279512] wp_page_copy+0x3fe/0x1530 [ 492.283751] ? follow_pfn+0x260/0x260 [ 492.287608] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 492.292224] do_wp_page+0x518/0xfa0 [ 492.295878] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 492.300587] __handle_mm_fault+0x21a4/0x3b60 [ 492.305020] ? copy_page_range+0x1e70/0x1e70 [ 492.309458] ? count_memcg_event_mm+0x279/0x4c0 [ 492.314169] handle_mm_fault+0x1a5/0x670 [ 492.318266] __get_user_pages+0x599/0x1650 [ 492.322595] ? follow_page_mask+0x1a60/0x1a60 [ 492.327181] ? populate_vma_page_range+0x10e/0x290 [ 492.332196] populate_vma_page_range+0x1fd/0x290 [ 492.336982] __mm_populate+0x1e8/0x350 [ 492.340907] ? populate_vma_page_range+0x290/0x290 [ 492.345857] ? __x64_sys_mlockall+0x289/0x500 [ 492.350373] __x64_sys_mlockall+0x340/0x500 [ 492.354713] do_syscall_64+0xf9/0x620 [ 492.358557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 492.363774] RIP: 0033:0x45c479 [ 492.366995] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 492.385912] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 492.393647] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 492.400931] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 492.408298] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 492.415582] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 492.422952] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 492.436236] Task in /syz4 killed as a result of limit of /syz4 [ 492.442349] memory: usage 305152kB, limit 307200kB, failcnt 3570 14:21:48 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x500000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 492.448760] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 492.456173] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 492.462663] Memory cgroup stats for /syz4: cache:56KB rss:295068KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2392KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 492.484307] Memory cgroup out of memory: Kill process 12921 (syz-executor.4) score 1233 or sacrifice child [ 492.494242] Killed process 12922 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB 14:21:48 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x600000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:48 executing program 4: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:49 executing program 0: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x1, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) ioctl$VIDIOC_QBUF(r4, 0xc058560f, &(0x7f0000000080)={0x257, 0x1, 0x4, 0x40000, 0xfffffff7, {}, {0x3, 0x8, 0x6, 0x3, 0x7, 0x81, "a66beca5"}, 0x4, 0x4, @fd, 0x0, 0x0, 0xffffffffffffffff}) ioctl$KVM_DEASSIGN_DEV_IRQ(r5, 0x4040ae75, &(0x7f0000000100)={0x800, 0x2, 0x9}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$NBD_SET_SIZE(r1, 0xab02, 0x7) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) write$P9_RREADDIR(r4, &(0x7f0000000140)={0x28, 0x29, 0x2, {0xc00, [{{0x1, 0x3, 0x2}, 0xfffffffffffffe00, 0x9, 0x5, './bus'}]}}, 0x28) 14:21:49 executing program 5: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:49 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x700000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 493.248840] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 493.260367] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 493.265989] CPU: 1 PID: 12943 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 493.274493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 493.283855] Call Trace: [ 493.286470] dump_stack+0x188/0x20d [ 493.290124] dump_header+0x159/0xa5e [ 493.293866] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 493.298989] ? ___ratelimit+0x59/0x573 [ 493.302898] oom_kill_process.cold+0x10/0x6dc [ 493.307425] ? task_will_free_mem+0x134/0x6d0 [ 493.312055] out_of_memory+0x349/0x1250 [ 493.316057] ? mark_held_locks+0xa6/0xf0 [ 493.320129] ? oom_killer_disable+0x270/0x270 [ 493.324637] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 493.329255] mem_cgroup_out_of_memory+0x1c7/0x240 [ 493.334110] ? memcg_event_wake+0x210/0x210 [ 493.338446] try_charge+0xe22/0x1300 [ 493.342172] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 493.347030] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 493.351887] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 493.357965] ? retint_kernel+0x2d/0x2d [ 493.361873] ? __lock_acquire+0x6ee/0x49c0 [ 493.366111] mem_cgroup_try_charge+0x249/0x5c0 [ 493.370702] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 493.375642] wp_page_copy+0x3fe/0x1530 [ 493.379596] ? follow_pfn+0x260/0x260 [ 493.383438] ? get_page+0x99/0x100 [ 493.386986] ? get_page+0xa4/0x100 [ 493.390540] do_wp_page+0x518/0xfa0 [ 493.394193] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 493.398948] __handle_mm_fault+0x21a4/0x3b60 [ 493.403402] ? copy_page_range+0x1e70/0x1e70 [ 493.407842] ? count_memcg_event_mm+0x279/0x4c0 [ 493.412665] handle_mm_fault+0x1a5/0x670 [ 493.416881] __get_user_pages+0x599/0x1650 [ 493.421147] ? follow_page_mask+0x1a60/0x1a60 [ 493.425677] populate_vma_page_range+0x1fd/0x290 [ 493.430506] __mm_populate+0x1e8/0x350 [ 493.434426] ? populate_vma_page_range+0x290/0x290 [ 493.439382] ? do_mlock+0x6b0/0x6b0 [ 493.443028] __x64_sys_mlockall+0x340/0x500 [ 493.447498] do_syscall_64+0xf9/0x620 [ 493.451419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 493.456628] RIP: 0033:0x45c479 [ 493.459836] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 493.478749] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 493.486476] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 493.493750] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 493.501032] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 493.508310] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 493.515582] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 493.524534] Task in /syz4 killed as a result of limit of /syz4 [ 493.530970] memory: usage 307200kB, limit 307200kB, failcnt 3580 [ 493.537302] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 493.544304] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 493.550635] Memory cgroup stats for /syz4: cache:56KB rss:296736KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271944KB active_anon:2396KB inactive_file:0KB active_file:8KB unevictable:22480KB [ 493.573365] Memory cgroup out of memory: Kill process 12940 (syz-executor.4) score 1233 or sacrifice child [ 493.583898] Killed process 12949 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 493.706897] oom_reaper: reaped process 12949 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 494.075348] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 494.086906] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 494.092907] CPU: 0 PID: 12959 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 494.100836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.110303] Call Trace: [ 494.112921] dump_stack+0x188/0x20d [ 494.116576] dump_header+0x159/0xa5e [ 494.120402] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 494.125526] ? ___ratelimit+0x59/0x573 [ 494.129445] oom_kill_process.cold+0x10/0x6dc [ 494.134073] ? task_will_free_mem+0x134/0x6d0 [ 494.138596] out_of_memory+0x349/0x1250 [ 494.142590] ? oom_killer_disable+0x270/0x270 [ 494.147107] mem_cgroup_out_of_memory+0x1c7/0x240 [ 494.151959] ? memcg_event_wake+0x210/0x210 [ 494.156295] ? do_raw_spin_unlock+0x171/0x260 [ 494.160797] try_charge+0xe22/0x1300 [ 494.164531] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 494.169388] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 494.174241] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 494.180312] mem_cgroup_try_charge+0x249/0x5c0 [ 494.184906] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 494.189851] wp_page_copy+0x3fe/0x1530 [ 494.194099] ? follow_pfn+0x260/0x260 [ 494.197922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 494.204021] do_wp_page+0x518/0xfa0 [ 494.207680] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 494.212365] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 494.217932] __handle_mm_fault+0x21a4/0x3b60 [ 494.222363] ? copy_page_range+0x1e70/0x1e70 [ 494.226817] ? count_memcg_event_mm+0x279/0x4c0 [ 494.231517] handle_mm_fault+0x1a5/0x670 [ 494.235592] __get_user_pages+0x599/0x1650 [ 494.239843] ? follow_page_mask+0x1a60/0x1a60 [ 494.244722] ? __sanitizer_cov_trace_pc+0x22/0x50 [ 494.249577] populate_vma_page_range+0x1fd/0x290 [ 494.254348] __mm_populate+0x1e8/0x350 [ 494.258247] ? populate_vma_page_range+0x290/0x290 [ 494.263267] ? do_mlock+0x6b0/0x6b0 [ 494.266906] __x64_sys_mlockall+0x340/0x500 [ 494.271669] do_syscall_64+0xf9/0x620 [ 494.275484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 494.280685] RIP: 0033:0x45c479 [ 494.283908] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 494.303087] RSP: 002b:00007f50fc7ecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 494.310826] RAX: ffffffffffffffda RBX: 00007f50fc7ed6d4 RCX: 000000000045c479 [ 494.318135] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 494.325414] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 494.332840] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 494.340127] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 494.348893] Task in /syz5 killed as a result of limit of /syz5 [ 494.355288] memory: usage 307200kB, limit 307200kB, failcnt 12083 [ 494.361821] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 494.368688] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 494.375004] Memory cgroup stats for /syz5: cache:0KB rss:297288KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:256132KB active_anon:276KB inactive_file:4KB active_file:4KB unevictable:40908KB [ 494.396914] Memory cgroup out of memory: Kill process 12954 (syz-executor.5) score 1233 or sacrifice child [ 494.407785] Killed process 12963 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 14:21:51 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:51 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x800000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:51 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, 0x0, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 495.152818] audit: type=1800 audit(1583245311.254:220): pid=12955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16581 res=0 14:21:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) r3 = open(&(0x7f0000000000)='./file0\x00', 0x22400, 0x80) ioctl$NBD_SET_SIZE(r3, 0xab02, 0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:21:51 executing program 4: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:51 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x900000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 495.838846] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 495.850581] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 495.856182] CPU: 0 PID: 12982 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 495.864064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.873421] Call Trace: [ 495.876023] dump_stack+0x188/0x20d [ 495.879665] dump_header+0x159/0xa5e [ 495.883391] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 495.888500] ? ___ratelimit+0x59/0x573 [ 495.892398] oom_kill_process.cold+0x10/0x6dc [ 495.896906] ? task_will_free_mem+0x134/0x6d0 [ 495.901413] out_of_memory+0x349/0x1250 [ 495.905406] ? oom_killer_disable+0x270/0x270 [ 495.909917] mem_cgroup_out_of_memory+0x1c7/0x240 [ 495.914769] ? memcg_event_wake+0x210/0x210 [ 495.919130] ? do_raw_spin_unlock+0x171/0x260 [ 495.923634] try_charge+0xe22/0x1300 [ 495.927361] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 495.932216] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 495.937067] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 495.943144] mem_cgroup_try_charge+0x249/0x5c0 [ 495.947757] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 495.952702] wp_page_copy+0x3fe/0x1530 [ 495.956607] ? follow_pfn+0x260/0x260 [ 495.960427] do_wp_page+0x518/0xfa0 [ 495.964160] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 495.968844] __handle_mm_fault+0x21a4/0x3b60 [ 495.973271] ? copy_page_range+0x1e70/0x1e70 [ 495.977693] ? count_memcg_event_mm+0x279/0x4c0 [ 495.982388] handle_mm_fault+0x1a5/0x670 [ 495.986465] __get_user_pages+0x599/0x1650 [ 495.990718] ? follow_page_mask+0x1a60/0x1a60 [ 495.995219] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 495.999994] ? retint_kernel+0x2d/0x2d [ 496.003894] populate_vma_page_range+0x1fd/0x290 [ 496.008663] __mm_populate+0x1e8/0x350 [ 496.012563] ? populate_vma_page_range+0x290/0x290 [ 496.017491] ? do_mlock+0x6b0/0x6b0 [ 496.021134] __x64_sys_mlockall+0x340/0x500 [ 496.026688] do_syscall_64+0xf9/0x620 [ 496.030503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 496.035707] RIP: 0033:0x45c479 [ 496.038906] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 496.057909] RSP: 002b:00007f31093fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 496.065628] RAX: ffffffffffffffda RBX: 00007f31093fd6d4 RCX: 000000000045c479 [ 496.073078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 496.080372] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 496.087647] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 496.095017] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 496.103840] Task in /syz4 killed as a result of limit of /syz4 [ 496.110116] memory: usage 307200kB, limit 307200kB, failcnt 3685 [ 496.116416] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 496.123311] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 496.129689] Memory cgroup stats for /syz4: cache:56KB rss:296764KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271900KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22476KB [ 496.151973] Memory cgroup out of memory: Kill process 12978 (syz-executor.4) score 1233 or sacrifice child [ 496.162254] Killed process 12983 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 14:21:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) r0 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$getregs(0xe, r0, 0x0, &(0x7f0000000080)=""/87) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r1, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x8, 0x1) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000100)={{0x5, 0x80}, 0x1, 0x9, 0x1, {0x1, 0xf7}, 0x40, 0xa32}) 14:21:52 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:52 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xa00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:53 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 497.039596] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 497.142209] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 497.147648] CPU: 1 PID: 12974 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 497.155837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.165213] Call Trace: [ 497.167839] dump_stack+0x188/0x20d [ 497.171512] dump_header+0x159/0xa5e [ 497.175265] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 497.180429] ? ___ratelimit+0x59/0x573 [ 497.184339] oom_kill_process.cold+0x10/0x6dc [ 497.188859] ? task_will_free_mem+0x134/0x6d0 [ 497.193503] out_of_memory+0x349/0x1250 [ 497.197515] ? oom_killer_disable+0x270/0x270 [ 497.202052] mem_cgroup_out_of_memory+0x1c7/0x240 [ 497.206920] ? memcg_event_wake+0x210/0x210 [ 497.211293] ? do_raw_spin_unlock+0x171/0x260 [ 497.215813] try_charge+0xe22/0x1300 [ 497.219681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 497.224584] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 497.229640] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 497.235897] ? mark_held_locks+0xf0/0xf0 [ 497.240017] mem_cgroup_try_charge+0x249/0x5c0 [ 497.244618] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 497.249683] __handle_mm_fault+0x1cfb/0x3b60 [ 497.254111] ? copy_page_range+0x1e70/0x1e70 [ 497.258549] ? count_memcg_event_mm+0x279/0x4c0 [ 497.263397] handle_mm_fault+0x1a5/0x670 [ 497.267482] __get_user_pages+0x599/0x1650 [ 497.271866] ? follow_page_mask+0x1a60/0x1a60 [ 497.276413] ? lock_acquire+0x170/0x400 [ 497.280499] populate_vma_page_range+0x1fd/0x290 [ 497.285286] __mm_populate+0x1e8/0x350 [ 497.289195] ? populate_vma_page_range+0x290/0x290 [ 497.294156] ? do_mlock+0x6b0/0x6b0 [ 497.297813] __x64_sys_mlockall+0x340/0x500 [ 497.302161] do_syscall_64+0xf9/0x620 [ 497.305987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 497.311197] RIP: 0033:0x45c479 [ 497.314425] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 497.334179] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 497.341931] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 [ 497.349214] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 497.356495] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 497.364586] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 497.371888] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 497.836850] Task in /syz2 killed as a result of limit of /syz2 [ 497.844061] memory: usage 307200kB, limit 307200kB, failcnt 17242 [ 497.855119] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 497.863131] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 497.874121] Memory cgroup stats for /syz2: cache:72KB rss:296652KB rss_huge:159744KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137188KB active_anon:8976KB inactive_file:0KB active_file:0KB unevictable:150636KB [ 497.930822] Memory cgroup out of memory: Kill process 12882 (syz-executor.2) score 1163 or sacrifice child 14:21:54 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 498.023153] Killed process 12882 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 498.085576] oom_reaper: reaped process 12882 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 14:21:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r4, 0x2008002) connect$tipc(r4, &(0x7f0000000000)=@id={0x1e, 0x3, 0x1, {0x4e24}}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:54 executing program 4: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:54 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xb00020000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 498.367047] audit: type=1800 audit(1583245314.464:221): pid=13012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16601 res=0 14:21:54 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:54 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:54 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:54 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xd00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 498.670075] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 498.682494] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 498.687987] CPU: 1 PID: 13029 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 498.695897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.705263] Call Trace: [ 498.707870] dump_stack+0x188/0x20d [ 498.711541] dump_header+0x159/0xa5e [ 498.715273] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 498.720521] ? ___ratelimit+0x59/0x573 [ 498.724422] oom_kill_process.cold+0x10/0x6dc [ 498.728945] ? task_will_free_mem+0x134/0x6d0 [ 498.733935] out_of_memory+0x349/0x1250 [ 498.738035] ? oom_killer_disable+0x270/0x270 [ 498.742639] mem_cgroup_out_of_memory+0x1c7/0x240 [ 498.747520] ? memcg_event_wake+0x210/0x210 [ 498.751893] ? do_raw_spin_unlock+0x171/0x260 [ 498.756416] try_charge+0xe22/0x1300 [ 498.760162] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 498.765368] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 498.770367] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 498.776449] ? mark_held_locks+0xf0/0xf0 [ 498.780594] mem_cgroup_try_charge+0x249/0x5c0 [ 498.785212] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 498.790149] __handle_mm_fault+0x1cfb/0x3b60 [ 498.794581] ? copy_page_range+0x1e70/0x1e70 [ 498.799013] ? count_memcg_event_mm+0x279/0x4c0 [ 498.803727] handle_mm_fault+0x1a5/0x670 [ 498.807812] __get_user_pages+0x599/0x1650 [ 498.812098] ? follow_page_mask+0x1a60/0x1a60 [ 498.816634] ? lock_acquire+0x170/0x400 [ 498.820687] populate_vma_page_range+0x1fd/0x290 [ 498.825530] __mm_populate+0x1e8/0x350 [ 498.829694] ? populate_vma_page_range+0x290/0x290 [ 498.834645] ? do_mlock+0x6b0/0x6b0 [ 498.838289] __x64_sys_mlockall+0x340/0x500 [ 498.842723] do_syscall_64+0xf9/0x620 [ 498.846538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 498.851739] RIP: 0033:0x45c479 [ 498.854940] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 498.874031] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 498.881938] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 498.889228] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 498.896644] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.903933] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 498.911512] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 498.919112] Task in /syz5 killed as a result of limit of /syz5 [ 498.925107] memory: usage 307200kB, limit 307200kB, failcnt 12116 [ 498.931490] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 498.938300] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 498.944620] Memory cgroup stats for /syz5: cache:0KB rss:297140KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:269504KB active_anon:288KB inactive_file:8KB active_file:4KB unevictable:27520KB [ 498.966239] Memory cgroup out of memory: Kill process 11431 (syz-executor.5) score 1162 or sacrifice child [ 498.976163] Killed process 11431 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 498.989053] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 499.000828] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 499.006515] CPU: 0 PID: 13022 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 499.014406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.023768] Call Trace: [ 499.026367] dump_stack+0x188/0x20d [ 499.029993] dump_header+0x159/0xa5e [ 499.033720] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 499.039615] ? ___ratelimit+0x59/0x573 [ 499.043522] oom_kill_process.cold+0x10/0x6dc [ 499.048032] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 499.052783] ? task_will_free_mem+0x134/0x6d0 [ 499.057417] out_of_memory+0x349/0x1250 [ 499.061405] ? oom_killer_disable+0x270/0x270 [ 499.066281] mem_cgroup_out_of_memory+0x1c7/0x240 [ 499.071128] ? memcg_event_wake+0x210/0x210 [ 499.075488] ? do_raw_spin_unlock+0x171/0x260 [ 499.080001] try_charge+0xe22/0x1300 [ 499.083803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 499.088728] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 499.093566] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 499.100230] mem_cgroup_try_charge+0x249/0x5c0 [ 499.104803] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 499.113270] wp_page_copy+0x3fe/0x1530 [ 499.117192] ? follow_pfn+0x260/0x260 [ 499.121086] ? __lock_acquire+0x6ee/0x49c0 [ 499.125361] do_wp_page+0x518/0xfa0 [ 499.129001] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 499.133981] __handle_mm_fault+0x21a4/0x3b60 [ 499.138506] ? copy_page_range+0x1e70/0x1e70 [ 499.143187] ? count_memcg_event_mm+0x279/0x4c0 [ 499.147908] handle_mm_fault+0x1a5/0x670 [ 499.151994] __get_user_pages+0x599/0x1650 [ 499.156247] ? follow_page_mask+0x1a60/0x1a60 [ 499.160864] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 499.165640] ? retint_kernel+0x2d/0x2d [ 499.169553] populate_vma_page_range+0x1fd/0x290 [ 499.174315] __mm_populate+0x1e8/0x350 [ 499.178216] ? populate_vma_page_range+0x290/0x290 [ 499.183169] __x64_sys_mlockall+0x340/0x500 [ 499.187493] do_syscall_64+0xf9/0x620 [ 499.191319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 499.196523] RIP: 0033:0x45c479 [ 499.199738] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 499.218734] RSP: 002b:00007f31093fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 499.226461] RAX: ffffffffffffffda RBX: 00007f31093fd6d4 RCX: 000000000045c479 [ 499.233842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 499.241121] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 499.248505] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 499.255792] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 499.271006] Task in /syz4 killed as a result of limit of /syz4 [ 499.277411] memory: usage 307200kB, limit 307200kB, failcnt 3712 [ 499.283949] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.291115] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.297416] Memory cgroup stats for /syz4: cache:56KB rss:296648KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271880KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22476KB [ 499.320173] Memory cgroup out of memory: Kill process 13017 (syz-executor.4) score 1233 or sacrifice child [ 499.330424] Killed process 13028 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34944kB, shmem-rss:0kB [ 499.357575] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 499.369021] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 499.374509] CPU: 0 PID: 13029 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 499.382402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.391970] Call Trace: [ 499.394578] dump_stack+0x188/0x20d [ 499.398236] dump_header+0x159/0xa5e [ 499.401967] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 499.407088] ? ___ratelimit+0x59/0x573 [ 499.410994] oom_kill_process.cold+0x10/0x6dc [ 499.415515] ? task_will_free_mem+0x134/0x6d0 [ 499.420029] out_of_memory+0x349/0x1250 [ 499.424142] ? oom_killer_disable+0x270/0x270 [ 499.428662] mem_cgroup_out_of_memory+0x1c7/0x240 [ 499.433519] ? memcg_event_wake+0x210/0x210 [ 499.437895] ? do_raw_spin_unlock+0x171/0x260 [ 499.442415] try_charge+0xe22/0x1300 [ 499.446234] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 499.451091] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 499.455948] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 499.462546] ? mark_held_locks+0xf0/0xf0 [ 499.466656] mem_cgroup_try_charge+0x249/0x5c0 [ 499.471265] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 499.476580] __handle_mm_fault+0x1cfb/0x3b60 [ 499.481514] ? copy_page_range+0x1e70/0x1e70 [ 499.485950] ? count_memcg_event_mm+0x279/0x4c0 [ 499.491135] handle_mm_fault+0x1a5/0x670 [ 499.495224] __get_user_pages+0x599/0x1650 [ 499.499491] ? follow_page_mask+0x1a60/0x1a60 [ 499.504001] ? lock_acquire+0x170/0x400 [ 499.508002] populate_vma_page_range+0x1fd/0x290 [ 499.512771] __mm_populate+0x1e8/0x350 [ 499.516683] ? populate_vma_page_range+0x290/0x290 [ 499.521619] ? do_mlock+0x6b0/0x6b0 [ 499.525286] __x64_sys_mlockall+0x340/0x500 [ 499.529942] do_syscall_64+0xf9/0x620 [ 499.533767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 499.539052] RIP: 0033:0x45c479 [ 499.542259] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 499.561451] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 499.569181] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 499.577505] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 499.584799] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 499.592168] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 499.599537] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 499.607612] Task in /syz5 killed as a result of limit of /syz5 [ 499.613691] memory: usage 288756kB, limit 307200kB, failcnt 12122 [ 499.619988] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.626755] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.634019] Memory cgroup stats for /syz5: cache:0KB rss:278952KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:251252KB active_anon:288KB inactive_file:8KB active_file:4KB unevictable:27520KB [ 499.660361] Memory cgroup out of memory: Kill process 11461 (syz-executor.5) score 1162 or sacrifice child [ 499.670442] Killed process 11461 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 499.713810] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 499.725132] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 499.730586] CPU: 1 PID: 13030 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 499.738490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.748133] Call Trace: [ 499.750746] dump_stack+0x188/0x20d [ 499.754450] dump_header+0x159/0xa5e [ 499.758187] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 499.763314] ? ___ratelimit+0x59/0x573 [ 499.767233] oom_kill_process.cold+0x10/0x6dc [ 499.771748] ? task_will_free_mem+0x134/0x6d0 [ 499.776261] out_of_memory+0x349/0x1250 [ 499.780255] ? oom_killer_disable+0x270/0x270 [ 499.784769] mem_cgroup_out_of_memory+0x1c7/0x240 [ 499.789626] ? memcg_event_wake+0x210/0x210 [ 499.793963] ? do_raw_spin_unlock+0x171/0x260 [ 499.798461] try_charge+0xe22/0x1300 [ 499.802184] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 499.807034] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 499.811887] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 499.817947] ? mark_held_locks+0xf0/0xf0 [ 499.822029] mem_cgroup_try_charge+0x249/0x5c0 [ 499.826715] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 499.831667] __handle_mm_fault+0x1cfb/0x3b60 [ 499.836113] ? copy_page_range+0x1e70/0x1e70 [ 499.840541] ? count_memcg_event_mm+0x279/0x4c0 [ 499.845247] handle_mm_fault+0x1a5/0x670 [ 499.849329] __get_user_pages+0x599/0x1650 [ 499.854677] ? follow_page_mask+0x1a60/0x1a60 [ 499.859204] ? lock_acquire+0x170/0x400 [ 499.863206] populate_vma_page_range+0x1fd/0x290 [ 499.868082] __mm_populate+0x1e8/0x350 [ 499.872021] ? populate_vma_page_range+0x290/0x290 [ 499.876971] ? do_mlock+0x6b0/0x6b0 [ 499.880838] __x64_sys_mlockall+0x340/0x500 [ 499.885191] do_syscall_64+0xf9/0x620 [ 499.889024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 499.894220] RIP: 0033:0x45c479 [ 499.897525] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 499.916454] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 499.924392] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 499.931694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 499.939095] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 499.947071] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 499.954441] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 499.961989] Task in /syz3 killed as a result of limit of /syz3 [ 499.968049] memory: usage 307200kB, limit 307200kB, failcnt 7485 [ 499.974224] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.981051] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 499.987215] Memory cgroup stats for /syz3: cache:20KB rss:296104KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:126588KB active_anon:9052KB inactive_file:4KB active_file:4KB unevictable:160632KB [ 500.008891] Memory cgroup out of memory: Kill process 12975 (syz-executor.3) score 1163 or sacrifice child [ 500.019556] Killed process 12975 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 500.075830] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 500.087150] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 500.092608] CPU: 1 PID: 13030 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 500.100537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.109905] Call Trace: [ 500.112560] dump_stack+0x188/0x20d [ 500.116203] dump_header+0x159/0xa5e [ 500.119923] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 500.125044] ? ___ratelimit+0x59/0x573 [ 500.128944] oom_kill_process.cold+0x10/0x6dc [ 500.133443] ? task_will_free_mem+0x134/0x6d0 [ 500.137942] out_of_memory+0x349/0x1250 [ 500.142027] ? oom_killer_disable+0x270/0x270 [ 500.146559] mem_cgroup_out_of_memory+0x1c7/0x240 [ 500.151400] ? memcg_event_wake+0x210/0x210 [ 500.155736] ? do_raw_spin_unlock+0x171/0x260 [ 500.160226] try_charge+0xe22/0x1300 [ 500.163938] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 500.168774] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 500.173653] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 500.179749] ? mark_held_locks+0xf0/0xf0 [ 500.184351] mem_cgroup_try_charge+0x249/0x5c0 [ 500.188974] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 500.193902] __handle_mm_fault+0x1cfb/0x3b60 [ 500.198323] ? copy_page_range+0x1e70/0x1e70 [ 500.202865] ? count_memcg_event_mm+0x279/0x4c0 [ 500.207555] handle_mm_fault+0x1a5/0x670 [ 500.211699] __get_user_pages+0x599/0x1650 [ 500.215931] ? follow_page_mask+0x1a60/0x1a60 [ 500.220533] ? lock_acquire+0x170/0x400 [ 500.224603] populate_vma_page_range+0x1fd/0x290 [ 500.229356] __mm_populate+0x1e8/0x350 [ 500.233243] ? populate_vma_page_range+0x290/0x290 [ 500.238618] ? do_mlock+0x6b0/0x6b0 [ 500.242262] __x64_sys_mlockall+0x340/0x500 [ 500.246602] do_syscall_64+0xf9/0x620 [ 500.250436] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 500.255959] RIP: 0033:0x45c479 [ 500.259204] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 500.278289] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 500.286097] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 500.293469] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 500.300748] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 500.308149] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 500.315415] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 500.322996] Task in /syz3 killed as a result of limit of /syz3 [ 500.329066] memory: usage 301080kB, limit 307200kB, failcnt 7647 [ 500.330466] oom_reaper: reaped process 12975 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 500.335259] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 500.353029] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 500.359292] Memory cgroup stats for /syz3: cache:20KB rss:289776KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:116396KB active_anon:9052KB inactive_file:4KB active_file:4KB unevictable:164304KB [ 500.380928] Memory cgroup out of memory: Kill process 13025 (syz-executor.3) score 1171 or sacrifice child [ 500.390838] Killed process 13025 (syz-executor.3) total-vm:74700kB, anon-rss:16688kB, file-rss:39080kB, shmem-rss:0kB 14:21:56 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:56 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xe00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:56 executing program 4: socket$inet6(0xa, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r4, 0x0) ioctl$VIDIOC_G_FMT(r4, 0xc0d05604, &(0x7f0000000100)={0x9, @win={{0x9, 0x200, 0xf964, 0x3}, 0x9, 0x0, &(0x7f0000000080)={{0x5, 0x9, 0x1c}, &(0x7f0000000000)={{0x0, 0x9, 0x2, 0x7fffffff}}}, 0x4, &(0x7f00000000c0)="78ac4ba5e2a0e4ee33c3c341ff7e7f45f20021c14676a85aa30340804b9d8b370af04b7d91da46bc7e2f6c0f7eb466bfb2a7e0da5ed2a60f", 0x8}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:56 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0xf00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:56 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 500.970600] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 500.983044] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 500.989474] CPU: 0 PID: 13048 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 500.997475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.006839] Call Trace: [ 501.009444] dump_stack+0x188/0x20d [ 501.013117] dump_header+0x159/0xa5e [ 501.016842] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 501.021956] ? ___ratelimit+0x59/0x573 [ 501.026030] oom_kill_process.cold+0x10/0x6dc [ 501.030635] ? task_will_free_mem+0x134/0x6d0 [ 501.035150] out_of_memory+0x349/0x1250 [ 501.039138] ? oom_killer_disable+0x270/0x270 [ 501.043826] mem_cgroup_out_of_memory+0x1c7/0x240 [ 501.048676] ? memcg_event_wake+0x210/0x210 [ 501.053026] ? do_raw_spin_unlock+0x171/0x260 [ 501.057528] try_charge+0xe22/0x1300 [ 501.061259] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 501.066109] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 501.070960] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 501.077032] mem_cgroup_try_charge+0x249/0x5c0 [ 501.081624] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 501.086651] do_huge_pmd_wp_page+0x921/0x32f0 [ 501.091158] ? mark_held_locks+0xa6/0xf0 [ 501.095224] ? __split_huge_pmd+0x29c0/0x29c0 [ 501.099994] ? pmd_val+0x7c/0xf0 [ 501.103468] ? add_mm_counter_fast.part.0+0x40/0x40 [ 501.109272] __handle_mm_fault+0x1561/0x3b60 [ 501.113706] ? copy_page_range+0x1e70/0x1e70 [ 501.118138] ? count_memcg_event_mm+0x279/0x4c0 [ 501.122933] handle_mm_fault+0x1a5/0x670 [ 501.127044] __get_user_pages+0x599/0x1650 [ 501.131309] ? follow_page_mask+0x1a60/0x1a60 [ 501.135836] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 501.140690] ? retint_kernel+0x2d/0x2d [ 501.144701] populate_vma_page_range+0x1fd/0x290 [ 501.149559] __mm_populate+0x1e8/0x350 [ 501.153458] ? populate_vma_page_range+0x290/0x290 [ 501.158391] ? do_mlock+0x6b0/0x6b0 [ 501.162026] __x64_sys_mlockall+0x340/0x500 [ 501.166368] do_syscall_64+0xf9/0x620 [ 501.170203] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.175420] RIP: 0033:0x45c479 [ 501.178620] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 501.197649] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 501.205418] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 501.212704] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 501.219994] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.227913] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 501.235235] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 501.245024] Task in /syz5 killed as a result of limit of /syz5 [ 501.251340] memory: usage 307200kB, limit 307200kB, failcnt 12145 [ 501.258180] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.265051] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.271484] Memory cgroup stats for /syz5: cache:0KB rss:295864KB rss_huge:34816KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:252872KB active_anon:276KB inactive_file:4KB active_file:8KB unevictable:42828KB [ 501.296634] Memory cgroup out of memory: Kill process 13047 (syz-executor.5) score 1233 or sacrifice child [ 501.306802] Killed process 13055 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 501.319966] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 501.331603] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 501.337738] CPU: 0 PID: 13057 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 501.345836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.355198] Call Trace: [ 501.357812] dump_stack+0x188/0x20d [ 501.361473] dump_header+0x159/0xa5e [ 501.365218] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 501.370338] ? ___ratelimit+0x59/0x573 [ 501.374261] oom_kill_process.cold+0x10/0x6dc [ 501.378776] ? task_will_free_mem+0x134/0x6d0 [ 501.383297] out_of_memory+0x349/0x1250 [ 501.387290] ? oom_killer_disable+0x270/0x270 [ 501.391809] mem_cgroup_out_of_memory+0x1c7/0x240 [ 501.396674] ? memcg_event_wake+0x210/0x210 [ 501.401110] ? do_raw_spin_unlock+0x171/0x260 [ 501.405714] try_charge+0xe22/0x1300 [ 501.409542] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 501.414409] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 501.420408] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 501.427618] ? retint_kernel+0x2d/0x2d [ 501.431534] ? __lock_acquire+0x6ee/0x49c0 [ 501.435781] mem_cgroup_try_charge+0x249/0x5c0 [ 501.440387] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 501.445421] wp_page_copy+0x3fe/0x1530 [ 501.449341] ? follow_pfn+0x260/0x260 [ 501.453156] ? __lock_acquire+0x6ee/0x49c0 [ 501.457402] do_wp_page+0x518/0xfa0 [ 501.461040] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 501.465810] __handle_mm_fault+0x21a4/0x3b60 [ 501.470342] ? copy_page_range+0x1e70/0x1e70 [ 501.474756] ? count_memcg_event_mm+0x279/0x4c0 [ 501.479448] handle_mm_fault+0x1a5/0x670 [ 501.483530] __get_user_pages+0x599/0x1650 [ 501.487791] ? follow_page_mask+0x1a60/0x1a60 [ 501.492324] populate_vma_page_range+0x1fd/0x290 [ 501.497094] __mm_populate+0x1e8/0x350 [ 501.501005] ? populate_vma_page_range+0x290/0x290 [ 501.505942] ? do_mlock+0x6b0/0x6b0 [ 501.509578] __x64_sys_mlockall+0x340/0x500 [ 501.513906] do_syscall_64+0xf9/0x620 [ 501.517714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.522909] RIP: 0033:0x45c479 [ 501.526124] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 501.545229] RSP: 002b:00007f31093fcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 501.552934] RAX: ffffffffffffffda RBX: 00007f31093fd6d4 RCX: 000000000045c479 [ 501.560217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 501.567934] RBP: 000000000076bfc0 R08: 0000000000000000 R09: 0000000000000000 [ 501.575299] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 501.582926] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bfcc [ 501.590534] Task in /syz4 killed as a result of limit of /syz4 [ 501.596785] memory: usage 307200kB, limit 307200kB, failcnt 3757 [ 501.603008] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.609824] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.616158] Memory cgroup stats for /syz4: cache:56KB rss:296656KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271880KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22476KB [ 501.637630] Memory cgroup out of memory: Kill process 13049 (syz-executor.4) score 1233 or sacrifice child [ 501.647691] Killed process 13058 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 501.675805] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 501.687580] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 501.693291] CPU: 1 PID: 13048 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 501.702649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.712022] Call Trace: [ 501.714639] dump_stack+0x188/0x20d [ 501.718290] dump_header+0x159/0xa5e [ 501.722125] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 501.727249] ? ___ratelimit+0x59/0x573 [ 501.731358] oom_kill_process.cold+0x10/0x6dc [ 501.735871] ? task_will_free_mem+0x134/0x6d0 [ 501.740381] out_of_memory+0x349/0x1250 [ 501.744376] ? oom_killer_disable+0x270/0x270 [ 501.748887] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 501.753663] mem_cgroup_out_of_memory+0x1c7/0x240 [ 501.760965] ? memcg_event_wake+0x210/0x210 [ 501.765350] try_charge+0xe22/0x1300 [ 501.769192] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 501.774420] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 501.780597] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 501.786689] mem_cgroup_try_charge+0x249/0x5c0 [ 501.791317] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 501.796976] do_huge_pmd_wp_page+0x921/0x32f0 [ 501.801488] ? mark_held_locks+0xa6/0xf0 [ 501.805559] ? __split_huge_pmd+0x29c0/0x29c0 [ 501.810161] ? pmd_val+0x7c/0xf0 [ 501.813543] ? add_mm_counter_fast.part.0+0x40/0x40 [ 501.819448] __handle_mm_fault+0x1561/0x3b60 [ 501.823863] ? copy_page_range+0x1e70/0x1e70 [ 501.828364] ? count_memcg_event_mm+0x279/0x4c0 [ 501.833059] handle_mm_fault+0x1a5/0x670 [ 501.837222] __get_user_pages+0x599/0x1650 [ 501.841504] ? follow_page_mask+0x1a60/0x1a60 [ 501.846006] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 501.850769] ? retint_kernel+0x2d/0x2d [ 501.854668] populate_vma_page_range+0x1fd/0x290 [ 501.859873] __mm_populate+0x1e8/0x350 [ 501.864205] ? populate_vma_page_range+0x290/0x290 [ 501.869134] ? do_mlock+0x6b0/0x6b0 [ 501.872777] __x64_sys_mlockall+0x340/0x500 [ 501.877717] do_syscall_64+0xf9/0x620 [ 501.881615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 501.886805] RIP: 0033:0x45c479 [ 501.890002] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 501.908900] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 501.916622] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 14:21:58 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 501.923978] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 501.931248] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.939402] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 501.946772] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 501.956599] Task in /syz5 killed as a result of limit of /syz5 [ 501.962856] memory: usage 303344kB, limit 307200kB, failcnt 12151 [ 501.969263] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.976155] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 501.983828] Memory cgroup stats for /syz5: cache:0KB rss:292208KB rss_huge:32768KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:251252KB active_anon:276KB inactive_file:8KB active_file:4KB unevictable:40780KB [ 502.005682] Memory cgroup out of memory: Kill process 13047 (syz-executor.5) score 1233 or sacrifice child [ 502.015870] Killed process 13047 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB [ 502.055167] oom_reaper: reaped process 13047 (syz-executor.5), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB 14:21:58 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:58 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x4cb, 0x0, 0x0, 0x0, 0x4]}) openat$vfio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vfio/vfio\x00', 0x101000, 0x0) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) r5 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r4) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000200)={'syz', 0x1}, &(0x7f00000004c0)="dee7030022cf9e5e1dbac27b0426fc0299c40800000000000000c894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976ede8860ab49c3a4f51ab0124b50c3362201a307df03000", 0x78, r5) r6 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000440)={{{@in=@empty, @in6=@ipv4={[], [], @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8) r8 = getgid() r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r9, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r9, 0x8008ae9d, &(0x7f00000002c0)=""/117) keyctl$chown(0x4, r6, r7, r8) r10 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r10, 0x40044103, &(0x7f0000000080)=0xdf9) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:21:58 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1100000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:21:58 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:58 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:21:59 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1200000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 503.094919] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 503.106405] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 503.112148] CPU: 1 PID: 13081 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 503.120040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.129402] Call Trace: [ 503.132008] dump_stack+0x188/0x20d [ 503.135652] dump_header+0x159/0xa5e [ 503.139383] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 503.144499] ? ___ratelimit+0x59/0x573 [ 503.148403] oom_kill_process.cold+0x10/0x6dc [ 503.152928] ? task_will_free_mem+0x134/0x6d0 [ 503.157457] out_of_memory+0x349/0x1250 [ 503.161557] ? oom_killer_disable+0x270/0x270 [ 503.166089] mem_cgroup_out_of_memory+0x1c7/0x240 [ 503.170976] ? memcg_event_wake+0x210/0x210 [ 503.175410] ? do_raw_spin_unlock+0x171/0x260 [ 503.179929] try_charge+0xe22/0x1300 [ 503.183675] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 503.188537] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 503.193468] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 503.199550] ? retint_kernel+0x2d/0x2d [ 503.203457] ? __lock_acquire+0x6ee/0x49c0 [ 503.207884] mem_cgroup_try_charge+0x249/0x5c0 [ 503.212495] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 503.217442] wp_page_copy+0x3fe/0x1530 [ 503.221383] ? retint_kernel+0x2d/0x2d [ 503.225289] ? follow_pfn+0x260/0x260 [ 503.229103] ? do_wp_page+0x29f/0xfa0 [ 503.232918] do_wp_page+0x518/0xfa0 [ 503.236643] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 503.241328] __handle_mm_fault+0x21a4/0x3b60 [ 503.245749] ? copy_page_range+0x1e70/0x1e70 [ 503.250166] ? count_memcg_event_mm+0x279/0x4c0 [ 503.255387] handle_mm_fault+0x1a5/0x670 [ 503.259477] __get_user_pages+0x599/0x1650 [ 503.263744] ? follow_page_mask+0x1a60/0x1a60 [ 503.268259] ? lock_acquire+0x170/0x400 [ 503.272251] populate_vma_page_range+0x1fd/0x290 [ 503.277023] __mm_populate+0x1e8/0x350 [ 503.280925] ? populate_vma_page_range+0x290/0x290 [ 503.285872] ? do_mlock+0x6b0/0x6b0 [ 503.289527] __x64_sys_mlockall+0x340/0x500 [ 503.293874] do_syscall_64+0xf9/0x620 [ 503.297707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 503.302913] RIP: 0033:0x45c479 [ 503.306124] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 503.325620] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 503.333343] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 503.341149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 503.348438] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 503.356256] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 503.363804] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 503.372085] Task in /syz4 killed as a result of limit of /syz4 [ 503.378342] memory: usage 307200kB, limit 307200kB, failcnt 3789 [ 503.384679] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 503.391616] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 503.398264] Memory cgroup stats for /syz4: cache:56KB rss:296704KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272020KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 503.420402] Memory cgroup out of memory: Kill process 13075 (syz-executor.4) score 1233 or sacrifice child [ 503.430881] Killed process 13087 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 503.445572] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 503.456920] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 503.462349] CPU: 0 PID: 13098 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 503.470329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.479788] Call Trace: [ 503.482396] dump_stack+0x188/0x20d [ 503.486034] dump_header+0x159/0xa5e [ 503.489773] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 503.494905] ? ___ratelimit+0x59/0x573 [ 503.498830] oom_kill_process.cold+0x10/0x6dc [ 503.503346] ? task_will_free_mem+0x134/0x6d0 [ 503.507955] out_of_memory+0x349/0x1250 [ 503.511954] ? oom_killer_disable+0x270/0x270 [ 503.516483] mem_cgroup_out_of_memory+0x1c7/0x240 [ 503.521615] ? memcg_event_wake+0x210/0x210 [ 503.525991] ? do_raw_spin_unlock+0x171/0x260 [ 503.530499] try_charge+0xe22/0x1300 [ 503.534236] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 503.539335] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 503.544202] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 503.550287] ? mark_held_locks+0xf0/0xf0 [ 503.554368] mem_cgroup_try_charge+0x249/0x5c0 [ 503.558967] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 503.563916] __handle_mm_fault+0x1cfb/0x3b60 [ 503.568334] ? copy_page_range+0x1e70/0x1e70 [ 503.572750] ? count_memcg_event_mm+0x279/0x4c0 [ 503.577535] handle_mm_fault+0x1a5/0x670 [ 503.581605] __get_user_pages+0x599/0x1650 [ 503.585858] ? follow_page_mask+0x1a60/0x1a60 [ 503.590451] ? lock_acquire+0x170/0x400 [ 503.594452] populate_vma_page_range+0x1fd/0x290 [ 503.599218] __mm_populate+0x1e8/0x350 [ 503.603216] ? populate_vma_page_range+0x290/0x290 [ 503.608143] ? do_mlock+0x6b0/0x6b0 [ 503.611778] __x64_sys_mlockall+0x340/0x500 [ 503.616108] do_syscall_64+0xf9/0x620 [ 503.619916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 503.625108] RIP: 0033:0x45c479 [ 503.628305] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 503.647220] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 503.654948] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 503.662237] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 503.669521] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 503.677337] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 503.684632] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 503.692082] Task in /syz3 killed as a result of limit of /syz3 [ 503.698107] memory: usage 307200kB, limit 307200kB, failcnt 7662 [ 503.704267] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 503.711055] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 503.717285] Memory cgroup stats for /syz3: cache:20KB rss:296160KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:126456KB active_anon:9052KB inactive_file:0KB active_file:0KB unevictable:160720KB [ 503.740573] Memory cgroup out of memory: Kill process 13002 (syz-executor.3) score 1163 or sacrifice child [ 503.750549] Killed process 13002 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 14:21:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$SIOCX25GSUBSCRIP(r4, 0x89e0, &(0x7f0000000080)={'erspan0\x00', 0x100000001, 0x8}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 503.856333] oom_reaper: reaped process 13002 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 14:22:00 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1d00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:22:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r3, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000023000/0x18000)=nil, &(0x7f00000008c0)=[@text64={0x40, &(0x7f0000000180)="410f20d636473e6536dd514a460f013a0f01f8640f01c20f01cf48b8d67a0000000000000f23c80f21f835000080000f23f80f017c83fd36f2460f00d5b9800000c00f3235004000000f30", 0x4b}], 0x1, 0x8, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r5, 0x2008002) write$tun(r5, &(0x7f0000002040)={@void, @void, @eth={@multicast, @random="bf02b5cc6521", @void, {@ipv4={0x800, @generic={{0x15, 0x4, 0x2, 0xc, 0x1054, 0x66, 0xffff, 0x49, 0x6c, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@generic={0x44, 0xc, "afc104d3a4bf02ffa37b"}, @rr={0x7, 0xf, 0x26, [@multicast2, @multicast2, @remote]}, @noop, @noop, @ssrr={0x89, 0x17, 0x36, [@local, @multicast1, @multicast1, @dev={0xac, 0x14, 0x14, 0x25}, @multicast2]}, @ssrr={0x89, 0xb, 0x32, [@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}, "4db2a54fa904bac60773de1115b449e350d86877db7507344e3ee1945ad0bce8a49c77d4028ef14c7d724d34044cae8b64fae40c4dea6390558545c8889afce6ee195e5d29136fd5c84df704051b8719ffaa13be8079e310829c3f996b8375459e8822ceece26f7db48023a566f703b9047050576d3f70c992f99ea5079a0f5fd96a9356285c12e49c8ee51663522e3254bafa5e2e6e1128e31a3bcdbc48460a93774d62c9834a123e1792d937a067c2a1bfaea1533692151d791348f5db3d86143d462c535397cbfbdf8b46f2eacb3187b31f76d5fbf3a07a3ce12837699382108bb5f99ee9ab2a6ffd9f32479827836833e25632300a288611243c58b522c0856956103c0ff1eb9cc4bbe6e1d628aa36cc0ed851a3a1a3b5b70f98e1542c6ffe02cafbb5a23ced10e86404c71b0679ed72c1dbe359fd975a0331a0b434d82adbf70aa5baf0c84b6fa36fa4b8272209210a9e87ab414cdc773f132e2cbee66c324203e3bb76a73298a941d4bb155b4ffc060eb3a9f132e7f61812e86bdd17b359df652f50bab5085c8c6004419b256e37405afbb8e90d1b29bcf99e33c14e3c68fcea7a7734010c56baafe56b8e758017cc4512757bdadfaa05aeca5115e047d6cb126da30903f737aa8ea572042bc5b3764f2b9dd40d70de2afe2e205782e83eb00b3eab80ffe6aa352676312608b4dcaf82aaaa48ff9983453f9471c11a0fa130c3acd4cee2f4c79ed180683fb773b11b1917140fb4b0ee9b683767eee4693f4840c1e8db036c6bea61682cdb9fc63148d9a04ea957e6dfbe5db055da7286e81bcf89cffa5104a83f782c7d9b580320047943c999b77123348399632f4270bcc65a478b66075450565129e375a136459ab9df58c3abf571793e9ca478fe00ec74da11419b3eaf59434c163419687bae3eecb31ab44a0b8da155e89e3e821488969d830e28bed66820c1ffb9bbdb4de77cba6bf45b4583a996541a69e1d41408399a31f5e5f88f5fcdaa15c255cee5b7262380ac13d396f0d54f953f8264053046cd7887afb9aaffc34062804e89d6a2390e39acbca8e200e602e3bf78309c2c2a114b2df45b3eb0161e7735d884bbce4fd116e366e3ff6ddbe7c75ca5c5ccb0f8476c6bacdbaf8f79e15a2232206c1c5fbe15bcdb7b7da94d1398d1c05db051e7427889f9d3c6e37ef1a5487d5ddab9ca7101bada22d715cd7cd0e29f5cdd6d7714b553bb855436de1b65708bd9793cca9fabeb2c09bd0b60ee337e10e59f380f956f8195b0bbddd57e05b7aaf2ec72ad4fbe6a3e3398b38ae3004b0d444372b9e4a7a3e200baaffd460e10c147a31e261d49c55b0535157c4fedbd9f270d90ea5f75e19b8ddd2dea6a1030c430d11a17ec442327cceea772b616f2d90828c51d56743a621b2f2351d9913165f09c458a41866194cbe267f8627323ce8bf2d28db3866eaec8ff9dafcb6e7235f84868713d87c607d305435ee0708c151f5a87e0bd7520e65e1aaafc8059cb886b78430023e441781cb9da8ea702b1a41b5e1c279e6a95bbc226b3cfc345bfda753a60d391ecc18992570c23126266638cfe0a7c7645cf9dceea76e74de4109a130df8868f29c5076b73ef9e16825354f419c17d8b8787ee9974a86dc81b0e1dd616e812afe418d87b8f793b86d4df2930da0742371fb9bc42dbd82bb7619ca4116548ebfcae405b5423ef3296a93d53310469786ea8afccb0558b67a633635fd56ca84ac9b8388d90fe576b870f882fc41c45f5282ee061d62632f489eb2f5a54b667b2d07028856ea9d1793a78cfb3797932e30e50ae1f6b340328f81b2fff1c726e8df8a8e1b3327195f1ca354f4649018103a3326cbf9633d3ed73a3c55afbd781ab616a88f37d4feffa92c0db308d9bbf1078aa94fb231c7d1af028503b7bbe972b614b263e9ec30cb6b383bdef76a164721fbee11cc7436d2a9a473aeb1f5a4edc9359acb39c3cc55daea98ad566c30540f3fad5a0b7fbedd1f939b573c1117980924863026c42c1bb069adb6bce28fd2a8a39ddec9f5e0e6ae0cf513d04eaa47843f2fadc9458a855fc9a01f8817edc5ca15069c6af8b020a97063517cc6ece082459d5b88abcb67a9a244349ff0e7c3eb94a4ee9486ed4d5713eb97b1b37ca95b4926d14fa8ab016f5d4f9749ec6704c597453293f1da617874b391657989f4f2cd4acb35580b05316b5bb560dad5cce02da436f91605cff01fbfa801764186e48c65938ae3ea68a03667cce83c0f5d71f9bcca422a0a0c98bc325ccccd3260196d93f5fdd8a14df8e14f6db2e4d4b4bb1d0f9ef3d3b73d82425b8b637df13a1f9e6c6b5220aa14e9a265d5a45a73b0c51b3400acd473846b77a31f64ea9c428243573f25a918994d3aaddd0d2dd3917ea280426291f128500c57450a62ffc8e174bc27043ab8221cd4732dd3b0f671bbe1390c9c60a40f63a0c3414067a046c866657d5399f29188ceb5b29308eeb5a90ac486f2c32297e95a841195fe7202c22d223c979c2a95aaa5168ea55227902b56d4fb0efd3b5687792780ad9e7b26dfb9acfa74c2e503dc1c59e6b1ac0110ef8dca15c09e0e85686791491c3b5f725873b67d46ee8cce30e8a2abf9d5d59419c2928305ee1332f7633c0d085eb72c64848203b4df319db415a779f45feb7355245f9aa94e1b30dfbbd13134d9ddb44f393832c60d22d3d0d746b02b8b9e2b6d466a55de9f6f815f160815832c7529c76daa7bd5abd41cb0792abbf920eba3cd3b930960ed8ab7abc24e5598e69089b621167a2e935d6c508beb5ebf20aa11b4df9688ab3b1d51c69083252388aebfa756bc62c058c67eea0c5e29ad80bbaf7665b070ed126702351425f1c3ba90f7ea2f4afb5b1eeee3019711410425d12aa65ffbec228872d8929fb8e6cd5fa9bbdf5af49e3089828b202788bfa88b64353bd64607f324e38e844f6dc6bd9e9c93668ce942b18bf5b827ac9c2149f3ff3b170d524b04242be3d22c80645f767f20dd40a3d22ba0ff728046fa85f97f537cb3a9c716059f40ba1267b71cf38e54ee409fef84e2b4434c9c3b71320c0aa6bde1e3702158cbdd22f3908f58366d1272a7d2d9f549c8f80fc7b6d2e0519279f7238437ec95efa87cc8f2d5f7793b80f511613180e2123b8398fb30014a6dab5ba6b5c00a5de5c0dfbeac175edca05ac9b0214ae8a9455ff7042c76377f974963daeb57594743ed31e69d2bb31439c34de2cd94e62a05abb44cd2f1332fa74c1faa7a61ad8d5c373eff68dc2ba403eec29f62870026daaa8fad05cd8c97b3c155ad1857810ed488f62be368d91748d22c9ba153a991e5c67c5d39f200cf9c54359e2b13dc15e423ef02abce322fbbf6b1584939f9e72ec9d688e8ab25b68716aa77b23ba2cf570786fbb7d7a8246496232650a44be8fa931cc66c5e78c8f4af447c0aa5a012f149bba42d848d7d6b8d0f319860b70fd58a1e0ba63c792e0bf12c453a55efd35cfbef72f3c3eb3f08beee8bb597eccbd77d6c82707cda4764aee61960fbeacefd430b4f6a2c74db1821ea84def8961770b9a1b7055c32ea6acbc8002a87198818d6bf1d0c41f953e4c100c185573cf52b509dab115914d3ffed808975d705c3b4bd57869b388a29c030f230b0e49030dab887caeab78b4c5e15a39225eb223b443c7120202ae115467368ac598b27e9d55372f27a0d1659d2e858925c2240bc08f7fb90733bc5bb60943e64d9166eeb04c7257613ecd257f0d6ad1154355c825a075c7631df68755032e5f57c406c3c51e227ae8467703388a9c1f97c689770cc89176c24230c07658805c1555d672c08a96168405ece716c96a40c93e364eb3bb96c3a9c0a9befad2cde6ce91c7180d2df8c266d79cd5a8275628842db9d8c1c818fc4499d6058ac52ef75f8e5eeaf1239df36b0ac388f71d603ddf4f04151e4a3ad32365d929ffcdd739aea1fc0e280289e75ffec938bddebf494f961ed1cad9829907108d25064f4fef1cb06b9180f385642b69c72f7c51bd7b800bb3275f1ba6733d239842ba717d5c4ed1e94779b3b309d9667aa885eaa5e4403b2c26bc7074a101e3d11501d20db2637324c4667bd44de81b65b6cf7703ea8c67693bb2233b68e424f90d646b3760fa8545c373ce9a45233ce672c46b5e00e5cfd5f30b5480e0b175d8ec905b545635d15fa8d3748d6515e24f2a86b9b2620d531634b4fe7ac1d36728e7a682dfeed468dca93a5024244d5b1c112f647a480a89bebd88869cb33fe05ae31e0a5abc32c8eb4881f2957fc22b26654f7e0ceea2ba908dfe8ddee0cbb3e19940c81079c3ebc0026ebf2af436ebf7b9e912922bde0c9e32dde6f9b8239db2b9c4abc67ba2ce63dc48a0a2aaa0d4b5036ff5b1e5ffdb5d5a65b1a87c07f3b778b19af90b6a096d2b33f93616c801523fef76f27f04c0696bd4e4a584cef9fbb9f596f6bd39b30a7edcc64b25b793311113dadba40fd3d05f103bf33d0171bd01b9df9b0ef9d66b76e63ba0e9145dd8beefbea55abfada9f9063ae09d48d24d3adafaf52398974e72494383a88182da751a16e57a1859dd2038532d9598d23d0633c99f00f37442c6812756dc00a18da7f51054f4312a310249b018884244e372155ec4d10d104c83dbab0084f9b7e3936dbb2af182bc40f810136857c2f3ec9cbed0db2144792d511795a463e6b89bf863aa08d9b8fa3a74be0483d3b5e0aaf28cb7f961bca625ac5fd5a96090c0735ae11ad44aa95ba624a5619de64376da3fc89eed11745dc54f7e03a41386cb7baf9611d8d95b6e1e8b756dcd5a7ba12a510dc6b0a12001ce916d5ecb04839732b997b5df46545884d5585f60533644b8376062caf7557b64515395a01fa7c9a13952775a1b1aadfdca918daedd0dada0932f6d1af42ba8f422adba44ba03c27bd32580df355ec5be0be3bde5858c5398dc4828c848ed3d1d439c0ca116b0fe880d7e36b42c675daff4eabc8f3a00f9aef2132c714e7a77eda4d1e4f63bc428b7a7dd735ea9a1e30458d85c8bb2f9d1a374efc21260c3e265146d9e787e3a111e72557132e9755aade150925677cb0e9f417b4299dd4294a475c5e229d02fd1f1da5706ff03ea7a64ae32fb88e941eaa491653bd7061395a428173ae060126adc2abdd48d8fcb04ebc4dc5de470c66865bc77a68b9bc51b718d4ba0620445735b14649ff28faebf33ab786717efa23550f6645d318115b735cd76fa090028eb47282c1147c9d2b3d6ca02fb12a8135e4252d44c82c52487d830c4c8a377de5fec8f0a22ec1fb49513c906533e12b3ff7c70691b3d19e969449ad12ee39c18bd64abb723cdd81bbe9d2e7f8f4aa3876eff42ed1945ad02d2d496308aa6a498d9b79eb0b98630fb2371f4dfb2823e0d126391a2d396f641ef564d9b5b050d35d447be8ad43c2ab9a1029d679a3411507818513cf571265db7212e08a66f571858b69452cf37ca077397ee25dd6a6b14134306381bd80d1436fe4059337f82a1247e114c902d5ac3538db43b8092a253ff069bfa99f6d108f855035981c0ca296160c8678080439600902f91ce7417e4ef66e7cb5d00af36d36c928122c7a7af158f311138a8dadcbbdbdb2f14e14d76022b10c61922bb26980254cea70f98738e0dd864ac25dd3443134e9e92221f1909b1f956bbc30d2082278127d257c1a9e5b81326486291716e3e9cf9328219e0d0f5c40d811b22538010f1c420aff26c28a752ba48345f5b009d6623de68b451386de70bcbadb2d9f0461eae236c860188e5891181"}}}}}, 0x1062) 14:22:00 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x1f00000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:22:00 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 504.521571] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 504.533083] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 504.538557] CPU: 1 PID: 13116 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 504.546447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.555893] Call Trace: [ 504.558494] dump_stack+0x188/0x20d [ 504.562132] dump_header+0x159/0xa5e [ 504.565853] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 504.571145] ? ___ratelimit+0x59/0x573 [ 504.575043] oom_kill_process.cold+0x10/0x6dc [ 504.579546] ? task_will_free_mem+0x134/0x6d0 [ 504.584051] out_of_memory+0x349/0x1250 [ 504.588038] ? oom_killer_disable+0x270/0x270 [ 504.592568] mem_cgroup_out_of_memory+0x1c7/0x240 [ 504.597414] ? memcg_event_wake+0x210/0x210 [ 504.601756] ? do_raw_spin_unlock+0x171/0x260 [ 504.606276] try_charge+0xe22/0x1300 [ 504.610302] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 504.615472] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 504.620462] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 504.626607] ? mark_held_locks+0xf0/0xf0 [ 504.630689] mem_cgroup_try_charge+0x249/0x5c0 [ 504.635804] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 504.640743] __handle_mm_fault+0x1cfb/0x3b60 [ 504.645157] ? copy_page_range+0x1e70/0x1e70 [ 504.649608] ? count_memcg_event_mm+0x279/0x4c0 [ 504.654481] handle_mm_fault+0x1a5/0x670 [ 504.658551] __get_user_pages+0x599/0x1650 [ 504.662798] ? follow_page_mask+0x1a60/0x1a60 [ 504.667689] ? lock_acquire+0x170/0x400 [ 504.671670] populate_vma_page_range+0x1fd/0x290 [ 504.676437] __mm_populate+0x1e8/0x350 [ 504.680333] ? populate_vma_page_range+0x290/0x290 [ 504.685350] ? do_mlock+0x6b0/0x6b0 [ 504.688989] __x64_sys_mlockall+0x340/0x500 [ 504.693324] do_syscall_64+0xf9/0x620 [ 504.697154] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 504.702443] RIP: 0033:0x45c479 [ 504.705730] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 504.725705] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 504.733432] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 504.740705] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 504.747978] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 504.755251] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 504.762523] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 504.769976] Task in /syz5 killed as a result of limit of /syz5 [ 504.775997] memory: usage 307200kB, limit 307200kB, failcnt 12168 [ 504.782322] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 504.790001] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 504.796149] Memory cgroup stats for /syz5: cache:0KB rss:297060KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:269760KB active_anon:288KB inactive_file:8KB active_file:4KB unevictable:27112KB [ 504.817701] Memory cgroup out of memory: Kill process 13090 (syz-executor.5) score 1163 or sacrifice child [ 504.827764] Killed process 13090 (syz-executor.5) total-vm:74964kB, anon-rss:18508kB, file-rss:34816kB, shmem-rss:0kB [ 507.034648] oom_reaper: reaped process 13090 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 507.176819] audit: type=1804 audit(1583245323.274:222): pid=13111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir216893364/syzkaller.uJv0Tp/281/bus" dev="sda1" ino=16613 res=1 14:22:03 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:03 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:03 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:03 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x2000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:22:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20000, 0x0) openat$cgroup(r2, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0)='ethtool\x00') r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 507.907076] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 507.921183] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 507.926762] CPU: 1 PID: 13126 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 507.934660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.944036] Call Trace: [ 507.946664] dump_stack+0x188/0x20d [ 507.950553] dump_header+0x159/0xa5e [ 507.954291] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 507.959562] ? ___ratelimit+0x59/0x573 [ 507.963484] oom_kill_process.cold+0x10/0x6dc [ 507.968002] ? task_will_free_mem+0x134/0x6d0 [ 507.972528] out_of_memory+0x349/0x1250 [ 507.976520] ? oom_killer_disable+0x270/0x270 [ 507.981051] mem_cgroup_out_of_memory+0x1c7/0x240 [ 507.986000] ? memcg_event_wake+0x210/0x210 [ 507.990457] ? do_raw_spin_unlock+0x171/0x260 [ 507.994976] try_charge+0xe22/0x1300 [ 507.998747] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 508.003715] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 508.008751] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 508.014942] mem_cgroup_try_charge+0x249/0x5c0 [ 508.019814] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 508.024901] wp_page_copy+0x3fe/0x1530 [ 508.028815] ? follow_pfn+0x260/0x260 [ 508.032765] ? __lock_acquire+0x6ee/0x49c0 [ 508.037135] do_wp_page+0x518/0xfa0 [ 508.040863] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 508.045555] __handle_mm_fault+0x21a4/0x3b60 [ 508.049979] ? copy_page_range+0x1e70/0x1e70 [ 508.054400] ? count_memcg_event_mm+0x279/0x4c0 [ 508.059094] handle_mm_fault+0x1a5/0x670 [ 508.063178] __get_user_pages+0x599/0x1650 [ 508.067432] ? follow_page_mask+0x1a60/0x1a60 [ 508.071937] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 508.076704] ? retint_kernel+0x2d/0x2d [ 508.080607] populate_vma_page_range+0x1fd/0x290 [ 508.085374] __mm_populate+0x1e8/0x350 [ 508.089275] ? populate_vma_page_range+0x290/0x290 [ 508.094212] ? do_mlock+0x6b0/0x6b0 [ 508.097878] __x64_sys_mlockall+0x340/0x500 [ 508.102223] do_syscall_64+0xf9/0x620 [ 508.106056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.111247] RIP: 0033:0x45c479 [ 508.114452] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 508.133644] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 508.141406] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 508.148800] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 508.156172] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.163461] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 508.170756] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 508.178772] Task in /syz4 killed as a result of limit of /syz4 [ 508.185839] memory: usage 307200kB, limit 307200kB, failcnt 3825 [ 508.192219] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.199299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.205681] Memory cgroup stats for /syz4: cache:56KB rss:296740KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:272028KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 508.228330] Memory cgroup out of memory: Kill process 13122 (syz-executor.4) score 1233 or sacrifice child [ 508.238403] Killed process 13129 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 508.298520] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 508.310713] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 508.316342] CPU: 1 PID: 13126 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 508.324230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.333602] Call Trace: [ 508.336208] dump_stack+0x188/0x20d [ 508.339847] dump_header+0x159/0xa5e [ 508.343568] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 508.348704] ? ___ratelimit+0x59/0x573 [ 508.352600] oom_kill_process.cold+0x10/0x6dc [ 508.357120] ? task_will_free_mem+0x134/0x6d0 [ 508.361658] out_of_memory+0x349/0x1250 [ 508.365646] ? oom_killer_disable+0x270/0x270 [ 508.370160] mem_cgroup_out_of_memory+0x1c7/0x240 [ 508.375027] ? memcg_event_wake+0x210/0x210 [ 508.379374] ? do_raw_spin_unlock+0x171/0x260 [ 508.383882] try_charge+0xe22/0x1300 [ 508.387688] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 508.392554] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 508.397600] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 508.404397] mem_cgroup_try_charge+0x249/0x5c0 [ 508.409012] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 508.413950] wp_page_copy+0x3fe/0x1530 [ 508.417884] ? follow_pfn+0x260/0x260 [ 508.421690] ? __lock_acquire+0x6ee/0x49c0 [ 508.425954] do_wp_page+0x518/0xfa0 [ 508.429599] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 508.434284] __handle_mm_fault+0x21a4/0x3b60 [ 508.438719] ? copy_page_range+0x1e70/0x1e70 [ 508.443141] ? count_memcg_event_mm+0x279/0x4c0 [ 508.447844] handle_mm_fault+0x1a5/0x670 [ 508.452012] __get_user_pages+0x599/0x1650 [ 508.456285] ? follow_page_mask+0x1a60/0x1a60 [ 508.460793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 508.465561] ? retint_kernel+0x2d/0x2d [ 508.469464] populate_vma_page_range+0x1fd/0x290 [ 508.474260] __mm_populate+0x1e8/0x350 [ 508.478152] ? populate_vma_page_range+0x290/0x290 [ 508.483104] ? do_mlock+0x6b0/0x6b0 [ 508.486754] __x64_sys_mlockall+0x340/0x500 [ 508.491077] do_syscall_64+0xf9/0x620 [ 508.494890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.500165] RIP: 0033:0x45c479 [ 508.503356] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 508.522341] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 508.530049] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 508.537315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 508.545548] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.553766] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 508.561296] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 508.570140] Task in /syz4 killed as a result of limit of /syz4 [ 508.576353] memory: usage 305300kB, limit 307200kB, failcnt 3855 [ 508.582724] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.589605] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.596393] Memory cgroup stats for /syz4: cache:56KB rss:295132KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:270316KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22348KB [ 508.618348] Memory cgroup out of memory: Kill process 13122 (syz-executor.4) score 1233 or sacrifice child [ 508.628506] Killed process 13122 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:56432kB, shmem-rss:0kB 14:22:04 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 508.642591] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 508.655230] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 508.660915] CPU: 0 PID: 13127 Comm: syz-executor.3 Not tainted 4.19.107-syzkaller #0 [ 508.668814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.678838] Call Trace: [ 508.681438] dump_stack+0x188/0x20d [ 508.685098] dump_header+0x159/0xa5e [ 508.688839] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 508.693962] ? ___ratelimit+0x59/0x573 [ 508.697870] oom_kill_process.cold+0x10/0x6dc [ 508.702385] ? task_will_free_mem+0x134/0x6d0 [ 508.703830] oom_reaper: reaped process 13122 (syz-executor.4), now anon-rss:18252kB, file-rss:56424kB, shmem-rss:0kB [ 508.706911] out_of_memory+0x349/0x1250 [ 508.721636] ? mark_held_locks+0xa6/0xf0 [ 508.725715] ? oom_killer_disable+0x270/0x270 [ 508.730224] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 508.734830] mem_cgroup_out_of_memory+0x1c7/0x240 [ 508.739694] ? memcg_event_wake+0x210/0x210 [ 508.744058] try_charge+0xe22/0x1300 [ 508.747801] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 508.752678] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 508.757528] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 508.763588] mem_cgroup_try_charge+0x249/0x5c0 [ 508.768180] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 508.773113] wp_page_copy+0x3fe/0x1530 [ 508.776996] ? follow_pfn+0x260/0x260 [ 508.780807] ? __lock_acquire+0x6ee/0x49c0 [ 508.785037] do_wp_page+0x518/0xfa0 [ 508.788654] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 508.793324] __handle_mm_fault+0x21a4/0x3b60 [ 508.797744] ? copy_page_range+0x1e70/0x1e70 [ 508.802316] ? count_memcg_event_mm+0x279/0x4c0 [ 508.806988] handle_mm_fault+0x1a5/0x670 [ 508.811046] __get_user_pages+0x599/0x1650 [ 508.815298] ? follow_page_mask+0x1a60/0x1a60 [ 508.819872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 508.824639] ? retint_kernel+0x2d/0x2d [ 508.828531] populate_vma_page_range+0x1fd/0x290 [ 508.833278] __mm_populate+0x1e8/0x350 [ 508.837156] ? populate_vma_page_range+0x290/0x290 [ 508.842160] ? do_mlock+0x6b0/0x6b0 [ 508.845781] __x64_sys_mlockall+0x340/0x500 [ 508.850112] do_syscall_64+0xf9/0x620 [ 508.853942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 508.859204] RIP: 0033:0x45c479 [ 508.862396] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 508.881370] RSP: 002b:00007fad00d32c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 508.889080] RAX: ffffffffffffffda RBX: 00007fad00d336d4 RCX: 000000000045c479 [ 508.896336] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 508.904026] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.911301] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 508.918652] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 508.927635] Task in /syz3 killed as a result of limit of /syz3 [ 508.933908] memory: usage 307200kB, limit 307200kB, failcnt 7703 [ 508.940403] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 14:22:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4000000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 508.947254] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 508.953538] Memory cgroup stats for /syz3: cache:20KB rss:295996KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:121396KB active_anon:9036KB inactive_file:0KB active_file:0KB unevictable:165708KB [ 508.979047] Memory cgroup out of memory: Kill process 13123 (syz-executor.3) score 1233 or sacrifice child [ 508.989264] Killed process 13131 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:22:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x20, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:22:05 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x401f000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 509.633644] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 509.645264] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 509.650794] CPU: 1 PID: 13142 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 509.658686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.668047] Call Trace: [ 509.670649] dump_stack+0x188/0x20d [ 509.674481] dump_header+0x159/0xa5e [ 509.678214] ? dump_header+0x10/0xa5e [ 509.682021] oom_kill_process.cold+0x10/0x6dc [ 509.686530] ? task_will_free_mem+0x134/0x6d0 [ 509.691030] out_of_memory+0x349/0x1250 [ 509.695017] ? oom_killer_disable+0x270/0x270 [ 509.699610] mem_cgroup_out_of_memory+0x1c7/0x240 [ 509.704627] ? memcg_event_wake+0x210/0x210 [ 509.708964] ? do_raw_spin_unlock+0x171/0x260 [ 509.713463] try_charge+0xe22/0x1300 [ 509.717193] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 509.722041] ? retint_kernel+0x2d/0x2d [ 509.725962] mem_cgroup_try_charge+0x249/0x5c0 [ 509.730561] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 509.735500] wp_page_copy+0x3fe/0x1530 [ 509.739390] ? retint_kernel+0x2d/0x2d [ 509.743284] ? follow_pfn+0x260/0x260 [ 509.747095] do_wp_page+0x518/0xfa0 [ 509.750730] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 509.755406] __handle_mm_fault+0x21a4/0x3b60 [ 509.759823] ? copy_page_range+0x1e70/0x1e70 [ 509.764234] ? count_memcg_event_mm+0x279/0x4c0 [ 509.768927] handle_mm_fault+0x1a5/0x670 [ 509.773012] __get_user_pages+0x599/0x1650 [ 509.777359] ? follow_page_mask+0x1a60/0x1a60 [ 509.781855] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 509.786614] ? retint_kernel+0x2d/0x2d [ 509.790510] populate_vma_page_range+0x1fd/0x290 [ 509.795272] __mm_populate+0x1e8/0x350 [ 509.799165] ? populate_vma_page_range+0x290/0x290 [ 509.804119] ? do_mlock+0x6b0/0x6b0 [ 509.807755] __x64_sys_mlockall+0x340/0x500 [ 509.812084] do_syscall_64+0xf9/0x620 [ 509.815887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 509.821078] RIP: 0033:0x45c479 [ 509.824277] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 509.843178] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 509.850905] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 509.858173] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 509.865437] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 509.872704] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 509.879973] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 509.887411] Task in /syz5 killed as a result of limit of /syz5 [ 509.893856] memory: usage 307200kB, limit 307200kB, failcnt 23147 [ 509.900266] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 509.907075] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 509.913451] Memory cgroup stats for /syz5: cache:0KB rss:297024KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:255992KB active_anon:280KB inactive_file:4KB active_file:4KB unevictable:40780KB [ 509.935610] Memory cgroup out of memory: Kill process 13141 (syz-executor.5) score 1233 or sacrifice child [ 509.945988] Killed process 13143 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 14:22:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000738000/0x2000)=nil, 0x2000, 0x0, 0x852, r3, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000080)={0x0, 0x0, {0xfff, 0x6, 0x2024, 0x4, 0x8, 0x4, 0x1, 0x5}}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:22:06 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x4d01000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:22:06 executing program 3: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:06 executing program 2: openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r2, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:06 executing program 4: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x2}}, 0x14) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) r1 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0) ftruncate(r1, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 14:22:06 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x40000, 0x0) ioctl$TIOCSCTTY(r3, 0x540e, 0x7) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) read$midi(r0, &(0x7f00000000c0)=""/140, 0x8c) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x47, 0x105a00) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 14:22:06 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x6400000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) 14:22:06 executing program 5: socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget$private(0x0, 0x3000, 0x800, &(0x7f0000ffa000/0x3000)=nil) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x42600, 0xb8) sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x34, 0x4, 0x6, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004895) ioctl$TIOCNXCL(r1, 0x540d) ftruncate(0xffffffffffffffff, 0x2008002) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000002c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 511.085596] Unknown ioctl 21518 [ 511.360056] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 511.395372] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 511.401462] CPU: 1 PID: 13173 Comm: syz-executor.2 Not tainted 4.19.107-syzkaller #0 [ 511.409572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.418957] Call Trace: [ 511.421949] dump_stack+0x188/0x20d [ 511.425597] dump_header+0x159/0xa5e [ 511.429432] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 511.434548] ? ___ratelimit+0x59/0x573 [ 511.438457] oom_kill_process.cold+0x10/0x6dc [ 511.443068] ? task_will_free_mem+0x134/0x6d0 [ 511.447579] out_of_memory+0x349/0x1250 [ 511.451756] ? oom_killer_disable+0x270/0x270 [ 511.456276] mem_cgroup_out_of_memory+0x1c7/0x240 [ 511.461257] ? memcg_event_wake+0x210/0x210 [ 511.465597] ? do_raw_spin_unlock+0x171/0x260 [ 511.470105] try_charge+0xe22/0x1300 [ 511.473850] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 511.478795] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 511.483769] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 511.489853] ? mark_held_locks+0xf0/0xf0 [ 511.494014] mem_cgroup_try_charge+0x249/0x5c0 [ 511.498617] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 511.503565] __handle_mm_fault+0x1cfb/0x3b60 [ 511.507987] ? copy_page_range+0x1e70/0x1e70 [ 511.512410] ? count_memcg_event_mm+0x279/0x4c0 [ 511.517138] handle_mm_fault+0x1a5/0x670 [ 511.521321] __get_user_pages+0x599/0x1650 [ 511.525593] ? follow_page_mask+0x1a60/0x1a60 [ 511.530431] ? lock_acquire+0x170/0x400 [ 511.534603] populate_vma_page_range+0x1fd/0x290 [ 511.539516] __mm_populate+0x1e8/0x350 [ 511.543519] ? populate_vma_page_range+0x290/0x290 [ 511.548696] ? do_mlock+0x6b0/0x6b0 [ 511.552978] __x64_sys_mlockall+0x340/0x500 [ 511.557376] do_syscall_64+0xf9/0x620 [ 511.561434] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 511.566652] RIP: 0033:0x45c479 [ 511.569881] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 511.588804] RSP: 002b:00007f8731d4bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 511.596527] RAX: ffffffffffffffda RBX: 00007f8731d4c6d4 RCX: 000000000045c479 14:22:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000011000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000200)="66b9800000c00f326635000800000f300f090f01dff2ab0f00540bbaf80c66b8cc37688f66efbafc0cb004eef30f1efcf30fc7320f01d1baf80c66b860e03c8166efbafc0ced", 0x46}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x7) prctl$PR_GET_TIMERSLACK(0x1e) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14:22:07 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x0, 0x0) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) write$sndseq(0xffffffffffffffff, 0x0, 0x0) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x189, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x0) mmap$xdp(&(0x7f0000737000/0x3000)=nil, 0x3000, 0x0, 0x852, r1, 0x0) ioctl$TIOCL_SETVESABLANK(r1, 0x541c, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x7701000000000000}, 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) syz_open_dev$media(0x0, 0x0, 0x400080) [ 511.604356] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 511.611631] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 511.618948] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 511.626261] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 511.635567] Task in /syz2 killed as a result of limit of /syz2 [ 511.643067] memory: usage 307200kB, limit 307200kB, failcnt 17304 [ 511.649701] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 511.656628] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 511.663131] Memory cgroup stats for /syz2: cache:72KB rss:296684KB rss_huge:157696KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:139236KB active_anon:8976KB inactive_file:8KB active_file:0KB unevictable:148656KB [ 511.685815] Memory cgroup out of memory: Kill process 12950 (syz-executor.2) score 1163 or sacrifice child [ 511.695961] Killed process 12950 (syz-executor.2) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 511.708707] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 511.725344] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 511.731499] CPU: 1 PID: 13178 Comm: syz-executor.4 Not tainted 4.19.107-syzkaller #0 [ 511.739493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.749065] Call Trace: [ 511.751695] dump_stack+0x188/0x20d [ 511.755357] dump_header+0x159/0xa5e [ 511.759095] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 511.764266] ? ___ratelimit+0x59/0x573 [ 511.768182] oom_kill_process.cold+0x10/0x6dc [ 511.773304] ? task_will_free_mem+0x134/0x6d0 [ 511.778097] out_of_memory+0x349/0x1250 [ 511.782097] ? oom_killer_disable+0x270/0x270 [ 511.786648] mem_cgroup_out_of_memory+0x1c7/0x240 [ 511.791514] ? memcg_event_wake+0x210/0x210 [ 511.795858] ? __raw_callee_save___pv_queued_spin_unlock+0xc/0x12 [ 511.802245] ? do_raw_spin_unlock+0x171/0x260 [ 511.812070] try_charge+0xe22/0x1300 [ 511.815965] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 511.820910] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 511.825782] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 511.832752] mem_cgroup_try_charge+0x249/0x5c0 [ 511.837722] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 511.842686] wp_page_copy+0x3fe/0x1530 [ 511.846726] ? follow_pfn+0x260/0x260 [ 511.850541] ? __lock_acquire+0x6ee/0x49c0 [ 511.855033] do_wp_page+0x518/0xfa0 [ 511.858917] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 511.863640] __handle_mm_fault+0x21a4/0x3b60 [ 511.868072] ? copy_page_range+0x1e70/0x1e70 [ 511.872698] ? count_memcg_event_mm+0x279/0x4c0 [ 511.877663] handle_mm_fault+0x1a5/0x670 [ 511.882004] __get_user_pages+0x599/0x1650 [ 511.886387] ? follow_page_mask+0x1a60/0x1a60 [ 511.890900] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 511.895692] ? retint_kernel+0x2d/0x2d [ 511.899612] populate_vma_page_range+0x1fd/0x290 [ 511.905202] __mm_populate+0x1e8/0x350 [ 511.909512] ? populate_vma_page_range+0x290/0x290 [ 511.914672] ? do_mlock+0x6b0/0x6b0 [ 511.918434] __x64_sys_mlockall+0x340/0x500 [ 511.923005] do_syscall_64+0xf9/0x620 [ 511.927084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 511.932521] RIP: 0033:0x45c479 [ 511.935865] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 511.955955] RSP: 002b:00007f310941dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 511.964108] RAX: ffffffffffffffda RBX: 00007f310941e6d4 RCX: 000000000045c479 [ 511.972104] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 511.979530] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 511.987089] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 511.995170] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 512.004861] Task in /syz4 killed as a result of limit of /syz4 [ 512.010091] oom_reaper: reaped process 12950 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 512.012366] memory: usage 307200kB, limit 307200kB, failcnt 3887 [ 512.030378] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 512.038510] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 512.045443] Memory cgroup stats for /syz4: cache:56KB rss:296580KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:271904KB active_anon:2396KB inactive_file:4KB active_file:4KB unevictable:22480KB [ 512.069286] Memory cgroup out of memory: Kill process 13170 (syz-executor.4) score 1233 or sacrifice child [ 512.081906] Killed process 13184 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 512.095991] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 512.108156] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 512.113946] CPU: 0 PID: 13177 Comm: syz-executor.5 Not tainted 4.19.107-syzkaller #0 [ 512.122353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.132074] Call Trace: [ 512.134903] dump_stack+0x188/0x20d [ 512.138551] dump_header+0x159/0xa5e [ 512.142294] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 512.147499] ? ___ratelimit+0x59/0x573 [ 512.151610] oom_kill_process.cold+0x10/0x6dc [ 512.156128] ? task_will_free_mem+0x134/0x6d0 [ 512.160819] out_of_memory+0x349/0x1250 [ 512.164817] ? oom_killer_disable+0x270/0x270 [ 512.169513] mem_cgroup_out_of_memory+0x1c7/0x240 [ 512.174373] ? memcg_event_wake+0x210/0x210 [ 512.178884] ? do_raw_spin_unlock+0x171/0x260 [ 512.183613] try_charge+0xe22/0x1300 [ 512.187387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 512.192335] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 512.197630] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 512.203879] ? retint_kernel+0x2d/0x2d [ 512.208033] mem_cgroup_try_charge+0x249/0x5c0 [ 512.212636] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 512.217582] wp_page_copy+0x3fe/0x1530 [ 512.221992] ? follow_pfn+0x260/0x260 [ 512.227026] ? write_comp_data+0x9/0x70 [ 512.231081] do_wp_page+0x518/0xfa0 [ 512.234821] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 512.239619] __handle_mm_fault+0x21a4/0x3b60 [ 512.244138] ? copy_page_range+0x1e70/0x1e70 [ 512.248671] ? count_memcg_event_mm+0x279/0x4c0 [ 512.253921] handle_mm_fault+0x1a5/0x670 [ 512.258566] __get_user_pages+0x599/0x1650 [ 512.263363] ? follow_page_mask+0x1a60/0x1a60 [ 512.268541] ? populate_vma_page_range+0x10e/0x290 [ 512.273497] populate_vma_page_range+0x1fd/0x290 [ 512.278767] __mm_populate+0x1e8/0x350 [ 512.282764] ? populate_vma_page_range+0x290/0x290 [ 512.287794] ? do_mlock+0x6b0/0x6b0 [ 512.292125] __x64_sys_mlockall+0x340/0x500 [ 512.296592] do_syscall_64+0xf9/0x620 [ 512.300952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 512.306867] RIP: 0033:0x45c479 [ 512.310203] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 512.330715] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 512.338628] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 512.346216] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 512.354004] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.362193] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 512.370098] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 512.377732] Task in /syz5 killed as a result of limit of /syz5 [ 512.384280] memory: usage 307084kB, limit 307200kB, failcnt 23181 [ 512.390999] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 512.398560] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 512.405536] Memory cgroup stats for /syz5: cache:0KB rss:296764KB rss_huge:30720KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:255552KB active_anon:280KB inactive_file:0KB active_file:4KB unevictable:41040KB [ 512.428414] Memory cgroup out of memory: Kill process 13176 (syz-executor.5) score 1233 or sacrifice child [ 512.440038] Killed process 13190 (syz-executor.5) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 617.057811] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 617.064329] rcu: (detected by 0, t=10502 jiffies, g=27949, q=26) [ 617.070617] rcu: All QSes seen, last rcu_preempt kthread activity 10503 (4294998715-4294988212), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 617.083381] syz-executor.5 R running task 26496 13177 8227 0x80000002 [ 617.090597] Call Trace: [ 617.093187] [ 617.095399] sched_show_task.cold+0x2e2/0x343 [ 617.100092] ? set_rq_offline.part.0+0x140/0x140 [ 617.104898] rcu_check_callbacks.cold+0xaf0/0xddc [ 617.109883] update_process_times+0x2a/0x70 [ 617.114229] tick_sched_handle+0x9b/0x180 [ 617.118398] tick_sched_timer+0x42/0x130 [ 617.122477] __hrtimer_run_queues+0x2fc/0xd50 [ 617.126995] ? tick_sched_do_timer+0x1a0/0x1a0 [ 617.131602] ? hrtimer_fixup_activate+0x30/0x30 [ 617.136292] ? kvm_clock_read+0x14/0x30 [ 617.140453] ? ktime_get_update_offsets_now+0x2db/0x450 [ 617.145850] hrtimer_interrupt+0x312/0x770 [ 617.150112] smp_apic_timer_interrupt+0x10c/0x550 [ 617.154984] apic_timer_interrupt+0xf/0x20 [ 617.159235] [ 617.161484] RIP: 0010:mem_cgroup_get_nr_swap_pages+0x48/0x140 [ 617.167386] Code: c0 20 3e 6e 8b 48 ba 00 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 ea 00 00 00 8b 05 4f f8 e9 07 4c 8b 2d a8 cd ca 09 <85> c0 0f 84 ae 00 00 00 0f 1f 44 00 00 48 3b 1d 3c f8 e9 07 0f 84 [ 617.186425] RSP: 0018:ffff8881f02171a0 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13 [ 617.194145] RAX: 0000000000000001 RBX: ffff888047024980 RCX: ffffffff81a3704c [ 617.201530] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffffffff8b6e3e20 [ 617.208814] RBP: ffff8881f02173d8 R08: ffff88803ecee4c0 R09: fffffbfff16dc7c5 [ 617.216113] R10: fffffbfff16dc7c4 R11: ffffffff8b6e3e27 R12: 0000000000000000 [ 617.223402] R13: 0000000000000000 R14: 000000000000003c R15: ffff8881f02176c0 [ 617.230702] ? mem_cgroup_get_nr_swap_pages+0x1c/0x140 [ 617.236100] shrink_node_memcg+0xb87/0x14b0 [ 617.240549] ? find_held_lock+0x2d/0x110 [ 617.244652] ? shrink_active_list+0x13e0/0x13e0 [ 617.249349] ? __lock_is_held+0xad/0x140 [ 617.253438] ? lock_downgrade+0x740/0x740 [ 617.257609] ? check_preemption_disabled+0x41/0x280 [ 617.262829] ? mem_cgroup_iter+0x454/0xb80 [ 617.267095] ? unregister_memcg_shrinker.isra.0+0x50/0x50 [ 617.272826] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 617.277604] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 617.283253] ? vmpressure+0x52/0x350 [ 617.287004] shrink_node+0x270/0x1350 [ 617.290845] ? shrink_node_memcg+0x14b0/0x14b0 [ 617.295448] ? kvm_clock_read+0x14/0x30 [ 617.299451] do_try_to_free_pages+0x3a3/0x1090 [ 617.304055] ? shrink_node+0x1350/0x1350 [ 617.308143] try_to_free_mem_cgroup_pages+0x2ef/0x8b0 [ 617.313365] ? try_to_free_pages+0x7c0/0x7c0 [ 617.317789] ? mark_held_locks+0xa6/0xf0 [ 617.321875] ? _raw_spin_unlock_irqrestore+0x67/0xe0 [ 617.327027] try_charge+0x4ca/0x1300 [ 617.330770] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 617.335627] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 617.340664] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 617.346759] mem_cgroup_try_charge+0x249/0x5c0 [ 617.351457] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 617.356398] wp_page_copy+0x3fe/0x1530 [ 617.360321] ? follow_pfn+0x260/0x260 [ 617.364236] ? retint_kernel+0x2d/0x2d [ 617.368151] do_wp_page+0x518/0xfa0 [ 617.371913] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 617.376786] __handle_mm_fault+0x21a4/0x3b60 [ 617.381214] ? copy_page_range+0x1e70/0x1e70 [ 617.385817] ? count_memcg_event_mm+0x279/0x4c0 [ 617.390531] handle_mm_fault+0x1a5/0x670 [ 617.394616] __get_user_pages+0x599/0x1650 [ 617.399077] ? follow_page_mask+0x1a60/0x1a60 [ 617.403700] ? populate_vma_page_range+0x10e/0x290 [ 617.408662] populate_vma_page_range+0x1fd/0x290 [ 617.413451] __mm_populate+0x1e8/0x350 [ 617.417389] ? populate_vma_page_range+0x290/0x290 [ 617.422446] ? do_mlock+0x6b0/0x6b0 [ 617.426090] __x64_sys_mlockall+0x340/0x500 [ 617.430423] do_syscall_64+0xf9/0x620 [ 617.434247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 617.439660] RIP: 0033:0x45c479 [ 617.442964] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 617.462341] RSP: 002b:00007f50fc80dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 617.470076] RAX: ffffffffffffffda RBX: 00007f50fc80e6d4 RCX: 000000000045c479 [ 617.477388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 617.484676] RBP: 000000000076bf20 R08: 0000000000000000 R09: 0000000000000000 [ 617.492048] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 617.499356] R13: 0000000000000736 R14: 00000000004c9b76 R15: 000000000076bf2c [ 617.506718] rcu: rcu_preempt kthread starved for 10546 jiffies! g27949 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 617.517303] rcu: RCU grace-period kthread stack dump: [ 617.522499] rcu_preempt R running task 29472 10 2 0x80000000 [ 617.529706] Call Trace: [ 617.532323] ? __schedule+0x866/0x1d80 [ 617.536215] ? schedule_timeout+0x4c3/0xf20 [ 617.540552] ? firmware_map_remove+0x19a/0x19a [ 617.545152] ? _raw_spin_unlock_irqrestore+0x67/0xe0 [ 617.550262] schedule+0x8d/0x1b0 [ 617.553651] schedule_timeout+0x4d1/0xf20 [ 617.557833] ? usleep_range+0x160/0x160 [ 617.561826] ? __next_timer_interrupt+0x190/0x190 [ 617.566684] ? prepare_to_swait_exclusive+0x110/0x110 [ 617.572009] rcu_gp_kthread+0xcee/0x2060 [ 617.576108] ? rcu_blocking_is_gp+0x90/0x90 [ 617.580441] ? _raw_spin_unlock_irqrestore+0x67/0xe0 [ 617.585572] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 617.590164] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 617.595387] ? __kthread_parkme+0xfd/0x1b0 [ 617.599635] ? rcu_blocking_is_gp+0x90/0x90 [ 617.603978] kthread+0x34a/0x420 [ 617.607385] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 617.613044] ret_from_fork+0x24/0x30