tegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f0000000600)={0x5, 0x3f, 0x214b}) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:12 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = getpid() ptrace$getregs(0xe, r0, 0x9, &(0x7f0000000180)=""/4096) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x1, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x10000, 0x0, 0x4}}, 0x20) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001640)={{{@in6=@loopback, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@ipv4={[], [], @broadcast}}}, &(0x7f00000014c0)=0xe8) stat(&(0x7f0000001540)='./file0\x00', &(0x7f0000001580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f0000001600)=[r3]) fchownat(r1, &(0x7f0000001380)='./file0\x00', r2, 0x0, 0x1400) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000001200)={0x0, @in={{0x2, 0x4e22, @loopback}}, [0x80000001, 0x0, 0x8001, 0x4, 0x4, 0x8, 0xfffffffffffffffa, 0xf095, 0x8, 0x93ff, 0x9, 0x7, 0x4, 0x9, 0x4]}, &(0x7f0000001300)=0x100) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000001500)={r4, 0x7, 0x6fa, 0x10000, 0x4, 0x80000001}, 0x14) connect(r1, &(0x7f0000001180)=@caif=@dbg={0x25, 0x3, 0x1f}, 0x80) 05:05:12 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf21000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:12 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db026600000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:12 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x1, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xd) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:13 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db007400000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1983.173444][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1983.224545][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1983.232578][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1983.242643][ T7890] Call Trace: [ 1983.245948][ T7890] dump_stack+0x172/0x1f0 [ 1983.250313][ T7890] dump_header+0x10f/0xb6c [ 1983.254747][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1983.260572][ T7890] ? ___ratelimit+0x60/0x595 [ 1983.265171][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1983.265195][ T7890] oom_kill_process.cold+0x10/0x15 [ 1983.265216][ T7890] out_of_memory+0x79a/0x1280 [ 1983.265238][ T7890] ? lock_downgrade+0x880/0x880 [ 1983.265253][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1983.265269][ T7890] ? oom_killer_disable+0x280/0x280 [ 1983.265300][ T7890] ? find_held_lock+0x35/0x130 [ 1983.275541][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1983.275554][ T7890] ? memcg_event_wake+0x230/0x230 [ 1983.275574][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1983.275594][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 1983.275612][ T7890] try_charge+0x102c/0x15c0 [ 1983.275623][ T7890] ? find_held_lock+0x35/0x130 [ 1983.275643][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1983.275655][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1983.275668][ T7890] ? find_held_lock+0x35/0x130 [ 1983.275683][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1983.275710][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1983.275730][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1983.275749][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1983.368986][ T7890] __memcg_kmem_charge+0x136/0x300 [ 1983.374122][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1983.379500][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1983.385225][ T7890] ? copy_page_range+0x125a/0x1f90 [ 1983.390355][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1983.396606][ T7890] alloc_pages_current+0x107/0x210 [ 1983.401716][ T7890] pte_alloc_one+0x1b/0x1a0 [ 1983.406218][ T7890] __pte_alloc+0x20/0x310 [ 1983.410544][ T7890] copy_page_range+0x1529/0x1f90 [ 1983.415472][ T7890] ? find_held_lock+0x35/0x130 [ 1983.420237][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1983.426602][ T7890] ? pmd_alloc+0x180/0x180 [ 1983.431026][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 1983.436474][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 1983.441139][ T7890] ? __vma_link_rb+0x279/0x370 [ 1983.445909][ T7890] copy_process.part.0+0x568b/0x7980 [ 1983.451211][ T7890] ? __cleanup_sighand+0x60/0x60 [ 1983.456143][ T7890] _do_fork+0x257/0xfd0 [ 1983.460635][ T7890] ? fork_idle+0x1d0/0x1d0 [ 1983.465055][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1983.470509][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1983.475963][ T7890] ? do_syscall_64+0x26/0x610 [ 1983.480625][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1983.486688][ T7890] ? do_syscall_64+0x26/0x610 [ 1983.491363][ T7890] __x64_sys_clone+0xbf/0x150 [ 1983.496034][ T7890] do_syscall_64+0x103/0x610 [ 1983.500622][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1983.506513][ T7890] RIP: 0033:0x45737a [ 1983.510449][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1983.530076][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1983.538475][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 1983.546438][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1983.554413][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 1983.562381][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 05:05:13 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0xffc99a3b00000000, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000002) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) getsockopt$TIPC_SRC_DROPPABLE(r3, 0x10f, 0x80, &(0x7f0000000600), &(0x7f00000008c0)=0x4) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffd725bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000a00)={[], 0x0, 0x41, 0x4, 0x10000}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="00002abd7000fcdb00007f6962000000000000000000000000000000000000000000000000000000000000000000000000000000000000793100000000000000000000000000c29602bb0000000000"], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r3, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3a, &(0x7f0000000940)=""/183, &(0x7f0000000900)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:13 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf22000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:13 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x2, 0x30000) ioctl$TIOCMGET(r0, 0x5415, &(0x7f00000000c0)) [ 1983.570358][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 1983.581016][ T7890] memory: usage 307200kB, limit 307200kB, failcnt 2448 [ 1983.587987][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1983.629113][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1983.637206][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:212772KB rss_huge:163840KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:212884KB inactive_file:0KB active_file:0KB unevictable:0KB 05:05:13 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf23000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1983.708111][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10278,uid=0 05:05:13 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbff}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB='K\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200"/98], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1983.784454][ T7890] Memory cgroup out of memory: Killed process 10278 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1983.870514][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 05:05:13 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0xfffffffffffffff9, 0x361480) r1 = dup3(r0, 0xffffffffffffff9c, 0x80000) write$FUSE_IOCTL(r1, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x27, 0x0, 0x200000000000}}, 0x20) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r2, 0x4010ae94, &(0x7f0000000200)={0xa, 0x7, 0xfffffffffffffff9}) [ 1983.960610][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1983.968647][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1983.968654][ T7890] Call Trace: [ 1983.968678][ T7890] dump_stack+0x172/0x1f0 [ 1983.968698][ T7890] dump_header+0x10f/0xb6c [ 1983.968716][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1983.968731][ T7890] ? ___ratelimit+0x60/0x595 [ 1983.968745][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1983.968764][ T7890] oom_kill_process.cold+0x10/0x15 [ 1983.968781][ T7890] out_of_memory+0x79a/0x1280 [ 1983.968796][ T7890] ? lock_downgrade+0x880/0x880 [ 1983.968810][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1983.968827][ T7890] ? oom_killer_disable+0x280/0x280 [ 1983.968839][ T7890] ? find_held_lock+0x35/0x130 [ 1983.968863][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1984.032518][ T7890] ? memcg_event_wake+0x230/0x230 [ 1984.032544][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1984.032568][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 1984.032587][ T7890] try_charge+0x102c/0x15c0 [ 1984.032605][ T7890] ? find_held_lock+0x35/0x130 [ 1984.067122][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1984.072681][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1984.078232][ T7890] ? find_held_lock+0x35/0x130 [ 1984.083013][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1984.088596][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1984.094158][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1984.099378][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1984.104939][ T7890] __memcg_kmem_charge+0x136/0x300 05:05:14 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf24000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1984.110061][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1984.115448][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1984.121191][ T7890] ? copy_page_range+0x125a/0x1f90 [ 1984.126331][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1984.132585][ T7890] alloc_pages_current+0x107/0x210 [ 1984.137715][ T7890] pte_alloc_one+0x1b/0x1a0 [ 1984.142225][ T7890] __pte_alloc+0x20/0x310 [ 1984.146583][ T7890] copy_page_range+0x1529/0x1f90 [ 1984.151533][ T7890] ? find_held_lock+0x35/0x130 [ 1984.156321][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.156362][ T7890] ? pmd_alloc+0x180/0x180 [ 1984.156379][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 1984.156392][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 1984.156409][ T7890] ? __vma_link_rb+0x279/0x370 [ 1984.156431][ T7890] copy_process.part.0+0x568b/0x7980 [ 1984.156485][ T7890] ? __cleanup_sighand+0x60/0x60 [ 1984.167153][ T7890] _do_fork+0x257/0xfd0 [ 1984.167175][ T7890] ? fork_idle+0x1d0/0x1d0 [ 1984.167201][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1984.167215][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1984.167229][ T7890] ? do_syscall_64+0x26/0x610 [ 1984.167249][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1984.167267][ T7890] ? do_syscall_64+0x26/0x610 [ 1984.167301][ T7890] __x64_sys_clone+0xbf/0x150 [ 1984.231872][ T7890] do_syscall_64+0x103/0x610 [ 1984.236490][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1984.242391][ T7890] RIP: 0033:0x45737a [ 1984.246310][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1984.265931][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1984.274368][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 1984.282432][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1984.290425][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 1984.298418][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 1984.306410][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 1984.339621][ T7890] memory: usage 307036kB, limit 307200kB, failcnt 2463 [ 1984.346789][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1984.354575][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1984.361640][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:212772KB rss_huge:163840KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:212852KB inactive_file:0KB active_file:0KB unevictable:0KB 05:05:14 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_open_dev$radio(&(0x7f0000000600)='/dev/radio#\x00', 0x3, 0x2) r1 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x2}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r3 = dup3(r2, r2, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') socket$isdn(0x22, 0x3, 0x25) sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r3, &(0x7f00000008c0)=ANY=[@ANYBLOB="0b0000008d124f79a5f85da0cb86520f75728dbb53dbe14ceb33cf07de5d9dfac83926bd40c368619f6d02ce8c5eb954ab1543dfcd4f3fe72cd21b590bb0f190a9fdfd22d501f1986e3ddf254852eacd0b057bd45e96fd2d028db7fc379fb67ef00d72171dee4f88ecaf558b7859d643a3b92c1cf33602f48a8fc999ded1784160868a66c9f62c36354fbc4815e41f19ec1f4a2ec17a274edb"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r4, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 1984.393869][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12803,uid=0 [ 1984.411294][ T7890] Memory cgroup out of memory: Killed process 12803 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:05:14 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) io_setup(0x6, &(0x7f0000000140)=0x0) io_pgetevents(r1, 0x1, 0x4, &(0x7f0000000180)=[{}, {}, {}, {}], &(0x7f0000000200)={0x0, 0x1c9c380}, &(0x7f0000000280)={&(0x7f0000000240)={0x100000000}, 0x8}) fcntl$addseals(r0, 0x409, 0xc) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000), &(0x7f00000000c0)=0x10) r2 = semget(0x2, 0x0, 0x8) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000080)) semtimedop(r2, &(0x7f0000000100)=[{0x0, 0xa0008000}], 0x0, 0x0) 05:05:14 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf25000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1984.715312][T24351] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1984.732019][T24351] CPU: 1 PID: 24351 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1984.740114][T24351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1984.750178][T24351] Call Trace: [ 1984.753492][T24351] dump_stack+0x172/0x1f0 [ 1984.757845][T24351] dump_header+0x10f/0xb6c [ 1984.762273][T24351] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1984.768607][T24351] ? ___ratelimit+0x60/0x595 [ 1984.773210][T24351] ? do_raw_spin_unlock+0x57/0x270 [ 1984.778340][T24351] oom_kill_process.cold+0x10/0x15 [ 1984.783493][T24351] out_of_memory+0x79a/0x1280 [ 1984.788184][T24351] ? lock_downgrade+0x880/0x880 [ 1984.793041][T24351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.793061][T24351] ? oom_killer_disable+0x280/0x280 [ 1984.793074][T24351] ? find_held_lock+0x35/0x130 [ 1984.793100][T24351] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1984.793118][T24351] ? memcg_event_wake+0x230/0x230 [ 1984.804566][T24351] ? do_raw_spin_unlock+0x57/0x270 [ 1984.804584][T24351] ? _raw_spin_unlock+0x2d/0x50 [ 1984.804603][T24351] try_charge+0x102c/0x15c0 [ 1984.804616][T24351] ? find_held_lock+0x35/0x130 [ 1984.804639][T24351] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1984.804652][T24351] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1984.804666][T24351] ? find_held_lock+0x35/0x130 [ 1984.804680][T24351] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1984.804714][T24351] __memcg_kmem_charge_memcg+0x7c/0x130 05:05:14 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db008100000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:14 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/autofs\x00', 0x400, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000400)={0x0, 0x200, 0x61d5}, &(0x7f0000000480)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000004c0)={r1, 0x9}, &(0x7f0000000500)=0x8) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r2, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r2, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r3, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:14 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r2, 0x800442d4, &(0x7f0000000600)=0x100000000) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[@ANYBLOB="11e499bf5c5f99d6809b7273d912470beb5205426425090000fedbc7af"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1984.815012][T24351] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1984.815034][T24351] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1984.815053][T24351] __memcg_kmem_charge+0x136/0x300 [ 1984.815074][T24351] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1984.815088][T24351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.815107][T24351] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1984.815125][T24351] ? copy_process.part.0+0x1d08/0x7980 [ 1984.815146][T24351] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1984.825271][T24351] ? trace_hardirqs_on+0x67/0x230 05:05:14 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200000000000000000000007047c0a36d4c2100"/98], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1984.825297][T24351] ? kasan_check_read+0x11/0x20 [ 1984.825321][T24351] copy_process.part.0+0x3e0/0x7980 [ 1984.825341][T24351] ? debug_check_no_obj_freed+0x200/0x464 [ 1984.825356][T24351] ? find_held_lock+0x35/0x130 [ 1984.825371][T24351] ? debug_check_no_obj_freed+0x200/0x464 [ 1984.825388][T24351] ? kasan_check_write+0x14/0x20 [ 1984.825405][T24351] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1984.825423][T24351] ? filename_lookup+0x294/0x410 [ 1984.931603][T24351] ? __cleanup_sighand+0x60/0x60 [ 1984.931623][T24351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.931638][T24351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.931656][T24351] ? getname_flags+0x300/0x5b0 [ 1984.931668][T24351] ? getname_flags+0x300/0x5b0 [ 1984.931688][T24351] ? rcu_read_lock_sched_held+0x110/0x130 [ 1984.942193][T24351] _do_fork+0x257/0xfd0 [ 1984.942217][T24351] ? fork_idle+0x1d0/0x1d0 [ 1984.942234][T24351] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1984.942249][T24351] ? do_sys_truncate.part.0+0xbc/0x150 [ 1984.942267][T24351] ? trace_hardirqs_on_thunk+0x1a/0x1c 05:05:15 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000003c0), 0x18f) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 1984.942298][T24351] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1985.022195][T24351] ? do_syscall_64+0x26/0x610 [ 1985.027064][T24351] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1985.033154][T24351] ? do_syscall_64+0x26/0x610 [ 1985.037860][T24351] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1985.043255][T24351] __ia32_sys_vfork+0x1f/0x30 [ 1985.043273][T24351] do_syscall_64+0x103/0x610 [ 1985.043305][T24351] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1985.043329][T24351] RIP: 0033:0x2000000a [ 1985.062536][T24351] Code: Bad RIP value. 05:05:15 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf26000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1985.062546][T24351] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a [ 1985.062561][T24351] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 1985.062570][T24351] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 1985.062579][T24351] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 1985.062587][T24351] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 1985.062595][T24351] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:05:15 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000008c0)='/dev/loop#\x00', 0x100000001, 0x840) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000600)={0x7fffffff, 0xfffffffffffffffa}) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:15 executing program 2: r0 = creat(0xfffffffffffffffe, 0x6) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000280)=0x0, &(0x7f00000002c0), &(0x7f0000000300)) setregid(r1, r2) write$FUSE_IOCTL(r0, &(0x7f0000000140)={0x20, 0x0, 0x7, {0x20, 0x0, 0x3ff8}}, 0x20) accept4$tipc(r0, 0x0, &(0x7f0000000240), 0x80000) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x0, 0xffffffffffffffff}}, 0x20) [ 1985.160851][T24351] memory: usage 307200kB, limit 307200kB, failcnt 2511 [ 1985.198687][T24351] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:15 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000580)={'nat\x00', 0x0, 0x3, 0x8c, [], 0x0, &(0x7f0000000480), &(0x7f00000004c0)=""/140}, &(0x7f0000000600)=0x78) [ 1985.275512][T24351] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1985.327037][T24351] Memory cgroup stats for /syz5: cache:52KB rss:212884KB rss_huge:163840KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:212904KB inactive_file:0KB active_file:0KB unevictable:0KB 05:05:15 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x200, 0x0) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f0000000180)) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:15 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf27000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1985.368703][T24351] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13355,uid=0 [ 1985.388594][T24351] Memory cgroup out of memory: Killed process 13355 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1985.529048][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 05:05:15 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x3ff, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000080)='/dev/capi20\x00', 0x0, 0x0) ioctl$CAPI_GET_FLAGS(r4, 0x80044323, &(0x7f0000000000)) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffe) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) sendmsg$TIPC_NL_SOCK_GET(r3, &(0x7f0000000940)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000900)={&(0x7f0000000980)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="02000000010004dcdf2506000000040006001400070008000200010000000808c01873b90000040007003d250ab3deb8705380c4bf55c901f7bcd4c819f7db16b6f88fcf23920897d5d03801f5961ebc7238e2f71da84fbd6a4102f08b5be3cca5681d8b5bc884809ec8e9219cc2df49be84753ccd9aef65b8bada9841d340c1c03ffb8f1752eca8ce2c96069b525eee27fe6be8d027eed071058a"], 0x30}, 0x1, 0x0, 0x0, 0xc0}, 0x1) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) [ 1985.652186][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1985.660266][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1985.670347][ T7890] Call Trace: [ 1985.673659][ T7890] dump_stack+0x172/0x1f0 [ 1985.678005][ T7890] dump_header+0x10f/0xb6c [ 1985.682443][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1985.688258][ T7890] ? ___ratelimit+0x60/0x595 [ 1985.692888][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1985.698027][ T7890] oom_kill_process.cold+0x10/0x15 [ 1985.703167][ T7890] out_of_memory+0x79a/0x1280 [ 1985.707948][ T7890] ? oom_killer_disable+0x280/0x280 [ 1985.713169][ T7890] ? find_held_lock+0x35/0x130 [ 1985.717955][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1985.723511][ T7890] ? memcg_event_wake+0x230/0x230 [ 1985.728551][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1985.733681][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 1985.738551][ T7890] try_charge+0xa87/0x15c0 [ 1985.742979][ T7890] ? find_held_lock+0x35/0x130 [ 1985.747765][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1985.753343][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1985.758904][ T7890] ? find_held_lock+0x35/0x130 [ 1985.763690][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1985.769300][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1985.774870][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1985.780091][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1985.785667][ T7890] __memcg_kmem_charge+0x136/0x300 [ 1985.790802][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1985.796197][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1985.801943][ T7890] ? copy_page_range+0x125a/0x1f90 [ 1985.807073][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1985.813344][ T7890] alloc_pages_current+0x107/0x210 [ 1985.818476][ T7890] pte_alloc_one+0x1b/0x1a0 [ 1985.823001][ T7890] __pte_alloc+0x20/0x310 [ 1985.827357][ T7890] copy_page_range+0x1529/0x1f90 [ 1985.832318][ T7890] ? find_held_lock+0x35/0x130 [ 1985.837092][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1985.843376][ T7890] ? pmd_alloc+0x180/0x180 [ 1985.847802][ T7890] ? vma_compute_subtree_gap+0x158/0x230 [ 1985.853464][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 1985.858160][ T7890] ? __vma_link_rb+0x279/0x370 [ 1985.862950][ T7890] copy_process.part.0+0x568b/0x7980 [ 1985.868277][ T7890] ? __cleanup_sighand+0x60/0x60 [ 1985.873261][ T7890] _do_fork+0x257/0xfd0 [ 1985.877450][ T7890] ? fork_idle+0x1d0/0x1d0 [ 1985.881890][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1985.887369][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1985.892841][ T7890] ? do_syscall_64+0x26/0x610 [ 1985.897529][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1985.903609][ T7890] ? do_syscall_64+0x26/0x610 [ 1985.908323][ T7890] __x64_sys_clone+0xbf/0x150 [ 1985.913028][ T7890] do_syscall_64+0x103/0x610 [ 1985.917635][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1985.923534][ T7890] RIP: 0033:0x45737a [ 1985.927439][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1985.947052][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1985.955476][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 1985.963461][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1985.971608][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 1985.979592][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 1985.987576][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 1986.029921][ T7890] memory: usage 304912kB, limit 307200kB, failcnt 2511 [ 1986.037306][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1986.047265][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1986.055843][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:210772KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:210748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1986.078893][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=14477,uid=0 [ 1986.095462][ T7890] Memory cgroup out of memory: Killed process 14477 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1986.126901][ T1044] oom_reaper: reaped process 14477 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 05:05:16 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db009400000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:16 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf28000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:16 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=0x4) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:16 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cgroup\x00') bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001100)={r0, &(0x7f00000000c0), &(0x7f0000000100)=""/4096}, 0x18) 05:05:16 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r3 = dup3(r2, r2, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000600)={0x0}, &(0x7f00000008c0)=0xc) ptrace$cont(0x1f, r4, 0x8, 0xffffffff) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r6, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r7 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000900)=ANY=[@ANYBLOB="ffe325bd7000fedb080006200400020066c3a415d5425348888994cab1a8a7deeb84a8ef57deacba59e1ecadb0b504d8d3f6e0fc26e6d59ead502f5ff39123a940488aa5a42c642ec1dda7ba1b950111f953d88e33cf429b46b3cfbe7a44401ae20ac1f47d99d200aa824a00c5b8c9803cac83657e5ac63f9dafb34357c108d185b5a8dbab8c5d332f9f386830ac50d31a697031037e243561ca23744dd71e05a814d12a960fec1d8505db8c70708bdb4ebfc79cf4d55cdcc23de1b0092607fc155a814bb0c4dc3b8839b52e257c474bd96c91c8c940"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r6, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r7, 0x1274, 0x0) getsockopt$sock_buf(r5, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r5, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r7, 0x1275, 0x0) 05:05:16 executing program 2: write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:17 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000008c0)={0x0, @in6={{0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, [], 0x4, 0x0}, 0x4}}, 0x0, 0x3af996ca, 0x80000001, 0x9, 0x5}, &(0x7f0000000600)=0x98) setsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000980)={r6, 0x5, 0x9, 0xffffffffffffff14, 0x3, 0x80000001}, 0x14) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:17 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x200000, 0x0) write$UHID_CREATE2(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000f35f77a0b609c32e4b930aea6149fe470000000000000000000000000000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007600040001000100070000000800000007000000b38b0fe49305e17d66b93ded26532dacdf8e5586e907201dbdc3591672bf0c6a6a2b9858dc24f5b1e6df86801268bf9ba13c67207f33b445a3c01e62445d7bfeb293478cd0bc3fc71f30252511c72d043c3878e7c45dbf08027d17fe0965a7b5389d561afde192d0362eff018de1f205be4a4f98c90ed3fc3335f4a10ba4ba67fe4044ca60ebc4444631ac1538ca9de79066c99f1cd439786f32179e83359f1b9eb0fbf226e5d574e189a586a91ecf7ef75efc68fd9a400b941666605a31226f4ab0e8a12a66bf6cca32fed4d654f0b3a94ce848eb96b515832891267deb3eb51f192c6fb532e86d1b"], 0x18e) 05:05:17 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)=ANY=[@ANYBLOB="ffe325bd70040000000000000000020000a1920e1aae227091a562cd4f1ced225c8e425bfdc80000000000000000"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:17 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00bc00000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:17 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:17 executing program 2: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) write$P9_RVERSION(r0, &(0x7f0000000180)={0x13, 0x65, 0xffff, 0xfffffffffffffc01, 0x6, '9P2000'}, 0x13) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:17 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00bd00000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:17 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="68b00000", @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200"/98], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1987.835002][T25178] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1987.846833][T25178] CPU: 0 PID: 25178 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 1987.854960][T25178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1987.865058][T25178] Call Trace: [ 1987.868376][T25178] dump_stack+0x172/0x1f0 [ 1987.872721][T25178] dump_header+0x10f/0xb6c [ 1987.877159][T25178] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1987.882967][T25178] ? ___ratelimit+0x60/0x595 [ 1987.887591][T25178] ? do_raw_spin_unlock+0x57/0x270 [ 1987.892746][T25178] oom_kill_process.cold+0x10/0x15 [ 1987.897880][T25178] out_of_memory+0x79a/0x1280 [ 1987.902584][T25178] ? lock_downgrade+0x880/0x880 [ 1987.907448][T25178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1987.913706][T25178] ? oom_killer_disable+0x280/0x280 [ 1987.918924][T25178] ? find_held_lock+0x35/0x130 [ 1987.923721][T25178] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1987.929283][T25178] ? memcg_event_wake+0x230/0x230 [ 1987.934350][T25178] ? do_raw_spin_unlock+0x57/0x270 [ 1987.939478][T25178] ? _raw_spin_unlock+0x2d/0x50 [ 1987.944349][T25178] try_charge+0x102c/0x15c0 [ 1987.948864][T25178] ? find_held_lock+0x35/0x130 [ 1987.953648][T25178] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1987.959210][T25178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1987.965488][T25178] ? kasan_check_read+0x11/0x20 [ 1987.970705][T25178] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1987.976262][T25178] mem_cgroup_try_charge+0x24d/0x5e0 [ 1987.981579][T25178] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1987.987228][T25178] wp_page_copy+0x408/0x1740 [ 1987.991829][T25178] ? find_held_lock+0x35/0x130 [ 1987.996612][T25178] ? pmd_pfn+0x1d0/0x1d0 [ 1988.000869][T25178] ? lock_downgrade+0x880/0x880 [ 1988.005731][T25178] ? swp_swapcount+0x540/0x540 [ 1988.010506][T25178] ? kasan_check_read+0x11/0x20 [ 1988.015411][T25178] ? do_raw_spin_unlock+0x57/0x270 [ 1988.020537][T25178] do_wp_page+0x48e/0x1500 [ 1988.024972][T25178] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1988.030382][T25178] __handle_mm_fault+0x22e8/0x3ec0 [ 1988.035507][T25178] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1988.041059][T25178] ? find_held_lock+0x35/0x130 [ 1988.045832][T25178] ? handle_mm_fault+0x322/0xb30 [ 1988.050792][T25178] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.057042][T25178] ? kasan_check_read+0x11/0x20 [ 1988.061900][T25178] handle_mm_fault+0x43f/0xb30 [ 1988.066677][T25178] __do_page_fault+0x5ef/0xda0 [ 1988.071457][T25178] do_page_fault+0x71/0x581 [ 1988.075967][T25178] ? page_fault+0x8/0x30 [ 1988.080219][T25178] page_fault+0x1e/0x30 [ 1988.084386][T25178] RIP: 0033:0x40c0dc [ 1988.088301][T25178] Code: 88 48 20 48 8b 4c 24 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 5c 89 48 24 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 4d 71 ff [ 1988.107929][T25178] RSP: 002b:0000000000a4fbd0 EFLAGS: 00010297 [ 1988.114007][T25178] RAX: 0000000000000030 RBX: 0000000000000064 RCX: 0000000000000000 [ 1988.122001][T25178] RDX: 00000000000000a0 RSI: 00007ff76ea8adb0 RDI: 000000000073bfa8 05:05:17 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000480)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast2}}, &(0x7f00000003c0)=0xe8) r3 = getegid() setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000400)={0xffffffffffffffff, r2, r3}, 0xc) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 1988.129992][T25178] RBP: 00000000000009e1 R08: 0000000000000000 R09: 00007ff76ea8b700 [ 1988.137977][T25178] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 000000000073bfa0 [ 1988.145962][T25178] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000073bfac 05:05:18 executing program 4: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1a300, 0x0) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) semtimedop(0x0, &(0x7f0000000140)=[{0x4, 0x9, 0x800}, {0x0, 0x1000, 0x800}, {0x0, 0x2, 0x800}], 0x3, 0x0) connect$vsock_stream(r0, &(0x7f00000000c0)={0x28, 0x0, 0xffffffff, @reserved}, 0x10) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) 05:05:18 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf2a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:18 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00bf00000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:18 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:18 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 1988.302144][T25178] memory: usage 306936kB, limit 307200kB, failcnt 12284 [ 1988.313662][T25178] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:18 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf2b000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1988.421470][T25178] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1988.435499][T25178] Memory cgroup stats for /syz2: cache:48KB rss:92724KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:92836KB inactive_file:0KB active_file:0KB unevictable:4KB 05:05:18 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1003, 0x23d7) bind$inet6(r1, &(0x7f0000000900)={0xa, 0x4e20, 0x4, @ipv4={[], [], @rand_addr=0x2}, 0x8}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="435b0000000000000100", 0xfffffffffffffef3) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[]}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) openat$cgroup_ro(r2, &(0x7f0000000600)='cpuset.effective_cpus\x00', 0x0, 0x0) getegid() open_by_handle_at(r2, &(0x7f0000000800)=ANY=[@ANYBLOB="0b0000188d9f4759a5d408205d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1988.540235][T25178] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23174,uid=0 05:05:18 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf2c000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1988.602980][T25178] Memory cgroup out of memory: Killed process 23174 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1988.700595][ T1044] oom_reaper: reaped process 23174 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1988.702978][T25322] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1988.764482][T25322] CPU: 0 PID: 25322 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1988.773209][T25322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1988.783282][T25322] Call Trace: [ 1988.786631][T25322] dump_stack+0x172/0x1f0 [ 1988.790981][T25322] dump_header+0x10f/0xb6c [ 1988.795417][T25322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1988.801238][T25322] ? ___ratelimit+0x60/0x595 [ 1988.805842][T25322] ? do_raw_spin_unlock+0x57/0x270 [ 1988.810974][T25322] oom_kill_process.cold+0x10/0x15 [ 1988.816116][T25322] out_of_memory+0x79a/0x1280 [ 1988.820827][T25322] ? oom_killer_disable+0x280/0x280 [ 1988.826032][T25322] ? find_held_lock+0x35/0x130 [ 1988.830817][T25322] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1988.836384][T25322] ? memcg_event_wake+0x230/0x230 [ 1988.841431][T25322] ? do_raw_spin_unlock+0x57/0x270 [ 1988.846574][T25322] ? _raw_spin_unlock+0x2d/0x50 [ 1988.851442][T25322] try_charge+0x102c/0x15c0 [ 1988.855959][T25322] ? find_held_lock+0x35/0x130 [ 1988.860750][T25322] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1988.866336][T25322] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1988.871900][T25322] ? find_held_lock+0x35/0x130 [ 1988.876678][T25322] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1988.882245][T25322] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1988.887818][T25322] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1988.893031][T25322] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1988.898595][T25322] __memcg_kmem_charge+0x136/0x300 [ 1988.903725][T25322] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1988.909112][T25322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.915367][T25322] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1988.921097][T25322] ? copy_process.part.0+0x1d08/0x7980 [ 1988.926580][T25322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1988.931894][T25322] ? trace_hardirqs_on+0x67/0x230 [ 1988.937016][T25322] ? kasan_check_read+0x11/0x20 [ 1988.941896][T25322] copy_process.part.0+0x3e0/0x7980 [ 1988.947099][T25322] ? psi_memstall_leave+0x11c/0x180 [ 1988.952319][T25322] ? sched_clock+0x2e/0x50 [ 1988.956756][T25322] ? psi_memstall_leave+0x12e/0x180 [ 1988.961964][T25322] ? find_held_lock+0x35/0x130 [ 1988.966741][T25322] ? psi_memstall_leave+0x12e/0x180 [ 1988.971968][T25322] ? __cleanup_sighand+0x60/0x60 [ 1988.976910][T25322] ? __lock_acquire+0x548/0x3fb0 [ 1988.981895][T25322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.988150][T25322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1988.994401][T25322] ? debug_smp_processor_id+0x3c/0x280 [ 1988.999890][T25322] _do_fork+0x257/0xfd0 [ 1989.004067][T25322] ? fork_idle+0x1d0/0x1d0 [ 1989.008501][T25322] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 1989.014576][T25322] ? lock_downgrade+0x880/0x880 [ 1989.019434][T25322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.025707][T25322] ? blkcg_exit_queue+0x30/0x30 [ 1989.030565][T25322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1989.036033][T25322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1989.041497][T25322] ? do_syscall_64+0x26/0x610 [ 1989.046172][T25322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1989.052247][T25322] ? do_syscall_64+0x26/0x610 [ 1989.056937][T25322] __x64_sys_clone+0xbf/0x150 [ 1989.061634][T25322] do_syscall_64+0x103/0x610 [ 1989.066250][T25322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1989.072166][T25322] RIP: 0033:0x45b779 [ 1989.076067][T25322] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1989.095685][T25322] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1989.104113][T25322] RAX: ffffffffffffffda RBX: 00007fec78bbf700 RCX: 000000000045b779 05:05:18 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snapshot\x00', 0x28801, 0x0) ioctl$KDSKBLED(r0, 0x4b65, 0x781b) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x440003, 0x0) ioctl$VIDIOC_S_TUNER(r1, 0x4054561e, &(0x7f0000000180)={0x80000001, "04b92c77b7c3d4526d1d42ee97f36e46c02623c55d595c6460fa27d5bd67dd73", 0x7, 0x420, 0x3, 0xffff, 0x1, 0x6, 0x7fffffff, 0x916}) 05:05:18 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000202"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:18 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20004) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f00000008c0)={0xa8e0, 0x1, {0x0, 0x3, 0x58, 0x2, 0x8}}) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:18 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() clock_gettime(0x0, &(0x7f00000008c0)={0x0, 0x0}) futex(&(0x7f0000000600)=0x2, 0x0, 0x2, &(0x7f0000000900)={r6, r7+30000000}, &(0x7f0000000940)=0x1, 0x0) open_by_handle_at(r2, &(0x7f0000000980)=ANY=[@ANYBLOB="0b000700000000000000937e390ce6f5044d8a9bb85dd8ee92cd65bc828c7d9c9555cf3e898bc94be542d40b5e1ba90075585b14ac8ad886d33b9e4988f29abea17fb264a818740f2f9d697ce281eb15ed585f72ebb6fb9cffed1ad707e4a9b2864bdf4a4aed528aaaa0bc079d264a920cc96a7a17272dc8826299f3e13d595c7f253b514f27105694e1a11099c69a470389dd2560849f3186f89339d76ee72699cd6f2076ed9f2011b200bccfc1353cae5d0b322926f2ed30946346b909523925bbf0a6d656667f8c948d178b4c8e57ee74da66cf5832d1e5d10c2f9458"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1989.112094][T25322] RDX: 00007fec78bbf9d0 RSI: 00007fec78bbedb0 RDI: 00000000003d0f00 [ 1989.120076][T25322] RBP: 0000000000a4fcb0 R08: 00007fec78bbf700 R09: 00007fec78bbf700 [ 1989.128056][T25322] R10: 00007fec78bbf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1989.136062][T25322] R13: 0000000000a4fb4f R14: 00007fec78bbf9c0 R15: 000000000073bfac 05:05:19 executing program 4: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm_plock\x00', 0x80, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f00000000c0)={0x6, 0x0, 'client1\x00', 0xffffffff80000002, "29a6199cacaa37c0", "c92e2a40c423d0f0abcbcc52f9cb9de7f51c0d3b9900b430509835adba86362e", 0xffffffff00000001, 0x1ff}) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000180)) 05:05:19 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000940)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x24, r4, 0x0, 0x70bd27, 0x25dfdbff, {{}, 0x0, 0x8001, 0x0, {0x8}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4048004}, 0x840) open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) openat$ppp(0xffffffffffffff9c, &(0x7f0000000980)='/dev/ppp\x00', 0x250000, 0x0) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1989.252049][T25322] memory: usage 307200kB, limit 307200kB, failcnt 2556 [ 1989.285252][T25322] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1989.292796][T25322] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1989.377902][T25322] Memory cgroup stats for /syz5: cache:52KB rss:211404KB rss_huge:163840KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:211452KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1989.421825][T25322] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25000,uid=0 [ 1989.439966][T25322] Memory cgroup out of memory: Killed process 25000 (syz-executor.5) total-vm:72712kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB [ 1989.472260][ T1044] oom_reaper: reaped process 25000 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 1989.482698][T25327] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1989.506495][T25327] CPU: 1 PID: 25327 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1989.514616][T25327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1989.524683][T25327] Call Trace: [ 1989.527991][T25327] dump_stack+0x172/0x1f0 [ 1989.532342][T25327] dump_header+0x10f/0xb6c [ 1989.536776][T25327] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1989.542615][T25327] ? ___ratelimit+0x60/0x595 [ 1989.547324][T25327] ? do_raw_spin_unlock+0x57/0x270 [ 1989.552468][T25327] oom_kill_process.cold+0x10/0x15 [ 1989.557607][T25327] out_of_memory+0x79a/0x1280 [ 1989.562412][T25327] ? oom_killer_disable+0x280/0x280 [ 1989.567629][T25327] ? find_held_lock+0x35/0x130 [ 1989.572416][T25327] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1989.577971][T25327] ? memcg_event_wake+0x230/0x230 [ 1989.583007][T25327] ? do_raw_spin_unlock+0x57/0x270 [ 1989.588659][T25327] ? _raw_spin_unlock+0x2d/0x50 [ 1989.598137][T25327] try_charge+0xa87/0x15c0 [ 1989.602567][T25327] ? find_held_lock+0x35/0x130 [ 1989.607354][T25327] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1989.612911][T25327] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1989.618596][T25327] ? find_held_lock+0x35/0x130 [ 1989.623376][T25327] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1989.628947][T25327] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1989.634979][T25327] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1989.640208][T25327] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1989.645776][T25327] __memcg_kmem_charge+0x136/0x300 [ 1989.650925][T25327] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1989.656318][T25327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.662581][T25327] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1989.668324][T25327] ? copy_process.part.0+0x1d08/0x7980 [ 1989.673803][T25327] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1989.679116][T25327] ? trace_hardirqs_on+0x67/0x230 [ 1989.684150][T25327] ? kasan_check_read+0x11/0x20 [ 1989.689019][T25327] copy_process.part.0+0x3e0/0x7980 [ 1989.694233][T25327] ? debug_check_no_obj_freed+0x200/0x464 [ 1989.700133][T25327] ? find_held_lock+0x35/0x130 [ 1989.704908][T25327] ? debug_check_no_obj_freed+0x200/0x464 [ 1989.710661][T25327] ? kasan_check_write+0x14/0x20 [ 1989.715795][T25327] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1989.722077][T25327] ? filename_lookup+0x294/0x410 [ 1989.727038][T25327] ? __cleanup_sighand+0x60/0x60 [ 1989.731987][T25327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.738241][T25327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.744493][T25327] ? getname_flags+0x300/0x5b0 [ 1989.749261][T25327] ? getname_flags+0x300/0x5b0 [ 1989.754042][T25327] ? rcu_read_lock_sched_held+0x110/0x130 [ 1989.759771][T25327] _do_fork+0x257/0xfd0 [ 1989.763940][T25327] ? fork_idle+0x1d0/0x1d0 [ 1989.768845][T25327] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1989.775098][T25327] ? do_sys_truncate.part.0+0xbc/0x150 [ 1989.780572][T25327] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1989.786036][T25327] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1989.791499][T25327] ? do_syscall_64+0x26/0x610 [ 1989.796178][T25327] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1989.802240][T25327] ? do_syscall_64+0x26/0x610 [ 1989.806917][T25327] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1989.812210][T25327] __ia32_sys_vfork+0x1f/0x30 [ 1989.816889][T25327] do_syscall_64+0x103/0x610 [ 1989.821481][T25327] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1989.827373][T25327] RIP: 0033:0x2000000a [ 1989.831450][T25327] Code: Bad RIP value. [ 1989.835508][T25327] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a [ 1989.843913][T25327] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 1989.851881][T25327] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 1989.859846][T25327] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 1989.867835][T25327] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 1989.875977][T25327] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 1989.912652][T25327] memory: usage 307108kB, limit 307200kB, failcnt 2557 [ 1989.922030][T25327] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1989.930401][T25327] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1989.941779][T25327] Memory cgroup stats for /syz5: cache:52KB rss:211404KB rss_huge:163840KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:211400KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1989.964518][T25327] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=15257,uid=0 [ 1989.981397][T25327] Memory cgroup out of memory: Killed process 15257 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:05:20 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfff000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:20 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf2f000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:20 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r1 = dup3(r0, r0, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r2, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r3 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r2, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r4 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r4, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r4, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 05:05:20 executing program 3: syz_genetlink_get_family_id$team(&(0x7f0000000440)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000200)={'filter\x00', 0x4}, 0x68) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(r0, &(0x7f0000000680)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0xfffffffffffffed8) ioctl$sock_ifreq(r1, 0x0, &(0x7f0000000380)={'nlmon0\x00', @ifru_map={0xbb, 0xaa, 0x3, 0xfffffffffffffffb, 0x7}}) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) setitimer(0x2, &(0x7f0000000540)={{}, {r2, r3/1000+10000}}, &(0x7f00000004c0)) r4 = accept$alg(r1, 0x0, 0x0) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) getsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000400), &(0x7f0000000480)=0x4) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:20 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='ns\x00') setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000180)=0x1f, 0x4) 05:05:20 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0fff00000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:20 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0xfffffffffffffef9, 0x0, 0x0, {0x264, 0x0, 0x0, 0x4}}, 0xffffffffffffffb6) 05:05:20 executing program 4: r0 = semget$private(0x0, 0x0, 0x41) semtimedop(r0, &(0x7f0000000000)=[{0x0, 0xff, 0x1000}, {0x3e7ba2881abc1519, 0x1, 0x1000}, {0x2, 0x7, 0x800}, {0x3, 0x3, 0x1000}, {0x4, 0x0, 0x1800}], 0x5, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) 05:05:20 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf34000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:20 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbf0ff00000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:20 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r1 = dup3(r0, r0, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0xac) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000980)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r3, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r4 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000600), &(0x7f00000008c0)=0x4) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000009c0)=ANY=[@ANYBLOB="6800000003fdb5ffcdc15665e6524831e09c8878770d6041fc56fafa5e828a370dbd78606ff1da4a04ff676c7cc92f148c", @ANYRES16=r3, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200"/98], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r4, 0x1274, 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r2, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000900)) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) 05:05:20 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/autofs\x00', 0x200001, 0x0) accept(r0, &(0x7f0000000480)=@sco, &(0x7f0000000400)=0x80) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r1, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r2, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:20 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf35000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1990.661072][T26034] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1990.711315][T26034] CPU: 1 PID: 26034 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 1990.719433][T26034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1990.729587][T26034] Call Trace: [ 1990.732896][T26034] dump_stack+0x172/0x1f0 [ 1990.737244][T26034] dump_header+0x10f/0xb6c [ 1990.741670][T26034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1990.747502][T26034] ? ___ratelimit+0x60/0x595 [ 1990.752107][T26034] ? do_raw_spin_unlock+0x57/0x270 [ 1990.757236][T26034] oom_kill_process.cold+0x10/0x15 [ 1990.762364][T26034] out_of_memory+0x79a/0x1280 [ 1990.768031][T26034] ? lock_downgrade+0x880/0x880 [ 1990.773152][T26034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1990.779404][T26034] ? oom_killer_disable+0x280/0x280 [ 1990.784609][T26034] ? find_held_lock+0x35/0x130 [ 1990.789391][T26034] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1990.794947][T26034] ? memcg_event_wake+0x230/0x230 [ 1990.799983][T26034] ? do_raw_spin_unlock+0x57/0x270 [ 1990.805102][T26034] ? _raw_spin_unlock+0x2d/0x50 [ 1990.809963][T26034] try_charge+0x102c/0x15c0 [ 1990.814478][T26034] ? find_held_lock+0x35/0x130 [ 1990.819256][T26034] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1990.824824][T26034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1990.831081][T26034] ? kasan_check_read+0x11/0x20 [ 1990.835951][T26034] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1990.841513][T26034] mem_cgroup_try_charge+0x24d/0x5e0 [ 1990.846822][T26034] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1990.852470][T26034] wp_page_copy+0x408/0x1740 [ 1990.857068][T26034] ? find_held_lock+0x35/0x130 [ 1990.861850][T26034] ? pmd_pfn+0x1d0/0x1d0 [ 1990.866100][T26034] ? lock_downgrade+0x880/0x880 [ 1990.870960][T26034] ? swp_swapcount+0x540/0x540 [ 1990.875737][T26034] ? kasan_check_read+0x11/0x20 [ 1990.880596][T26034] ? do_raw_spin_unlock+0x57/0x270 [ 1990.887028][T26034] do_wp_page+0x48e/0x1500 [ 1990.891465][T26034] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1990.896869][T26034] __handle_mm_fault+0x22e8/0x3ec0 [ 1990.901998][T26034] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1990.907551][T26034] ? find_held_lock+0x35/0x130 [ 1990.912327][T26034] ? handle_mm_fault+0x322/0xb30 [ 1990.917283][T26034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1990.923551][T26034] ? kasan_check_read+0x11/0x20 [ 1990.928420][T26034] handle_mm_fault+0x43f/0xb30 [ 1990.933199][T26034] __do_page_fault+0x5ef/0xda0 [ 1990.937979][T26034] do_page_fault+0x71/0x581 [ 1990.942490][T26034] ? page_fault+0x8/0x30 [ 1990.946742][T26034] page_fault+0x1e/0x30 [ 1990.950903][T26034] RIP: 0033:0x45b9e7 [ 1990.954803][T26034] Code: 03 00 00 e8 db 83 fb ff f4 66 2e 0f 1f 84 00 00 00 00 00 f7 c7 02 00 00 00 75 27 64 8b 04 25 08 03 00 00 41 89 c3 41 83 e3 fd 64 44 0f b1 1c 25 08 03 00 00 75 ec 44 89 d8 83 e0 0c 83 f8 04 [ 1990.974444][T26034] RSP: 002b:0000000000a4fb98 EFLAGS: 00010246 [ 1990.980525][T26034] RAX: 0000000000000002 RBX: 00000000001e61e9 RCX: 0000000000486591 [ 1990.988509][T26034] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1990.996489][T26034] RBP: 0000000000000001 R08: 000000007573aa14 R09: 000000007573aa18 [ 1991.004466][T26034] R10: 0000000000a4fca0 R11: 0000000000000000 R12: 000000000073bf00 05:05:21 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000004000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1991.012446][T26034] R13: 000000000073c900 R14: 00000000001e5f2c R15: 000000000073bfac 05:05:21 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000900)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 1991.164136][T26034] memory: usage 307196kB, limit 307200kB, failcnt 12318 [ 1991.171173][T26034] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:21 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000008000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1991.222866][T26034] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1991.231242][T26034] Memory cgroup stats for /syz2: cache:48KB rss:92856KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:92920KB inactive_file:0KB active_file:0KB unevictable:4KB 05:05:21 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {0x2}], 0x2aaaaaaaaaaaab50, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x119181, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r0, 0x400443c9, &(0x7f00000000c0)={{0x7, 0xfff, 0x7, 0x5, 0x4, 0x95c}, 0x8}) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000280)={0x2a, 0x6, 0x0, {0x6, 0x1, 0x1, 0x0, '+'}}, 0x2a) r1 = semget(0x0, 0x0, 0x100) semctl$IPC_RMID(r1, 0x0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000140)={'nat\x00', 0x0, 0x0, 0x0, [], 0x9, &(0x7f0000000100)=[{}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) [ 1991.274941][T26034] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=23175,uid=0 [ 1991.305635][T26034] Memory cgroup out of memory: Killed process 23175 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB 05:05:21 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) write$apparmor_exec(r0, &(0x7f0000000640)={'exec ', 'team0\x00'}, 0xb) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000700)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000042}, 0xc, &(0x7f00000007c0)={&(0x7f0000000740)={0x60, r2, 0x300, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xa7c7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x4090) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT(r0, 0x28, 0x6, &(0x7f0000000680), 0x10) r3 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000600)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xd4, r4, 0x200, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'ovf\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x101}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1ff}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'irlan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'caif0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f}]}, 0xd4}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) [ 1991.396236][T26075] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1991.435210][T26075] CPU: 0 PID: 26075 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 1991.443358][T26075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1991.453423][T26075] Call Trace: [ 1991.456819][T26075] dump_stack+0x172/0x1f0 [ 1991.461161][T26075] dump_header+0x10f/0xb6c [ 1991.465577][T26075] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1991.471391][T26075] ? ___ratelimit+0x60/0x595 [ 1991.475980][T26075] ? do_raw_spin_unlock+0x57/0x270 [ 1991.481116][T26075] oom_kill_process.cold+0x10/0x15 [ 1991.486241][T26075] out_of_memory+0x79a/0x1280 [ 1991.490945][T26075] ? oom_killer_disable+0x280/0x280 [ 1991.496152][T26075] ? find_held_lock+0x35/0x130 [ 1991.500945][T26075] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1991.506590][T26075] ? memcg_event_wake+0x230/0x230 [ 1991.511634][T26075] ? do_raw_spin_unlock+0x57/0x270 [ 1991.516758][T26075] ? _raw_spin_unlock+0x2d/0x50 [ 1991.521626][T26075] try_charge+0x102c/0x15c0 [ 1991.526138][T26075] ? find_held_lock+0x35/0x130 [ 1991.530929][T26075] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1991.536516][T26075] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1991.542073][T26075] ? find_held_lock+0x35/0x130 [ 1991.546849][T26075] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1991.552414][T26075] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1991.557970][T26075] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1991.563177][T26075] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1991.568736][T26075] __memcg_kmem_charge+0x136/0x300 [ 1991.573866][T26075] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1991.579251][T26075] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1991.586740][T26075] ? copy_page_range+0x125a/0x1f90 [ 1991.591864][T26075] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1991.598129][T26075] alloc_pages_current+0x107/0x210 [ 1991.603255][T26075] pte_alloc_one+0x1b/0x1a0 [ 1991.607793][T26075] __pte_alloc+0x20/0x310 [ 1991.612154][T26075] copy_page_range+0x1529/0x1f90 [ 1991.617115][T26075] ? find_held_lock+0x35/0x130 [ 1991.621980][T26075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.628260][T26075] ? pmd_alloc+0x180/0x180 [ 1991.632791][T26075] ? __rb_insert_augmented+0x231/0xdf0 [ 1991.638721][T26075] ? validate_mm_rb+0xa3/0xc0 [ 1991.643406][T26075] ? __vma_link_rb+0x279/0x370 [ 1991.648182][T26075] copy_process.part.0+0x568b/0x7980 [ 1991.653505][T26075] ? __cleanup_sighand+0x60/0x60 [ 1991.658454][T26075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.664700][T26075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.670952][T26075] ? getname_flags+0x300/0x5b0 [ 1991.675724][T26075] ? getname_flags+0x300/0x5b0 [ 1991.680501][T26075] ? rcu_read_lock_sched_held+0x110/0x130 [ 1991.686230][T26075] ? kmem_cache_free+0x225/0x260 [ 1991.691185][T26075] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1991.697095][T26075] _do_fork+0x257/0xfd0 [ 1991.701272][T26075] ? fork_idle+0x1d0/0x1d0 [ 1991.705722][T26075] ? __ia32_sys_mkdir+0x80/0x80 [ 1991.710587][T26075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1991.716068][T26075] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1991.721533][T26075] ? do_syscall_64+0x26/0x610 [ 1991.726219][T26075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1991.732309][T26075] ? do_syscall_64+0x26/0x610 [ 1991.737090][T26075] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1991.742393][T26075] __ia32_sys_fork+0x1f/0x30 [ 1991.746995][T26075] do_syscall_64+0x103/0x610 [ 1991.751604][T26075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1991.757507][T26075] RIP: 0033:0x2000000a [ 1991.761588][T26075] Code: Bad RIP value. [ 1991.765656][T26075] RSP: 002b:00007f71d9357bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 1991.774072][T26075] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 1991.782050][T26075] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000034 [ 1991.790024][T26075] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 05:05:21 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x4, 0x0, 0x0, 0x1}}, 0x20) [ 1991.797999][T26075] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 1991.805980][T26075] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:05:21 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000600)='/dev/input/mouse#\x00', 0x5, 0x400000) getsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f00000008c0), &(0x7f0000000900)=0x4) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r3 = dup3(r2, r2, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r4, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 1991.859682][T26075] memory: usage 307200kB, limit 307200kB, failcnt 9080 [ 1991.867084][T26075] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1991.875611][T26075] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1991.882615][T26075] Memory cgroup stats for /syz1: cache:108KB rss:137492KB rss_huge:75776KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:131568KB inactive_file:0KB active_file:0KB unevictable:4KB [ 1991.916758][T26075] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=10700,uid=0 [ 1991.937026][T26075] Memory cgroup out of memory: Killed process 10700 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 1991.967173][ T1044] oom_reaper: reaped process 10700 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1991.970355][T26239] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1992.014496][T26239] CPU: 0 PID: 26239 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1992.022618][T26239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1992.032677][T26239] Call Trace: [ 1992.035984][T26239] dump_stack+0x172/0x1f0 [ 1992.040347][T26239] dump_header+0x10f/0xb6c [ 1992.044784][T26239] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1992.050597][T26239] ? ___ratelimit+0x60/0x595 [ 1992.050614][T26239] ? do_raw_spin_unlock+0x57/0x270 [ 1992.050634][T26239] oom_kill_process.cold+0x10/0x15 [ 1992.050652][T26239] out_of_memory+0x79a/0x1280 [ 1992.050676][T26239] ? oom_killer_disable+0x280/0x280 [ 1992.050687][T26239] ? find_held_lock+0x35/0x130 [ 1992.050711][T26239] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1992.086085][T26239] ? memcg_event_wake+0x230/0x230 [ 1992.091135][T26239] ? do_raw_spin_unlock+0x57/0x270 [ 1992.096268][T26239] ? _raw_spin_unlock+0x2d/0x50 [ 1992.101150][T26239] try_charge+0x102c/0x15c0 [ 1992.105661][T26239] ? find_held_lock+0x35/0x130 [ 1992.110447][T26239] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1992.116000][T26239] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1992.121559][T26239] ? find_held_lock+0x35/0x130 [ 1992.126346][T26239] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1992.131924][T26239] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1992.137480][T26239] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1992.142690][T26239] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1992.148250][T26239] __memcg_kmem_charge+0x136/0x300 [ 1992.153398][T26239] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1992.158777][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.165032][T26239] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1992.170763][T26239] ? copy_process.part.0+0x1d08/0x7980 [ 1992.176241][T26239] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1992.181545][T26239] ? trace_hardirqs_on+0x67/0x230 [ 1992.186582][T26239] ? kasan_check_read+0x11/0x20 [ 1992.191451][T26239] copy_process.part.0+0x3e0/0x7980 [ 1992.196744][T26239] ? psi_memstall_leave+0x11c/0x180 [ 1992.201953][T26239] ? sched_clock+0x2e/0x50 [ 1992.206376][T26239] ? psi_memstall_leave+0x12e/0x180 [ 1992.211585][T26239] ? find_held_lock+0x35/0x130 [ 1992.216361][T26239] ? psi_memstall_leave+0x12e/0x180 [ 1992.221585][T26239] ? __cleanup_sighand+0x60/0x60 [ 1992.226550][T26239] ? __lock_acquire+0x548/0x3fb0 [ 1992.231519][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.237797][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.244096][T26239] ? debug_smp_processor_id+0x3c/0x280 [ 1992.249606][T26239] _do_fork+0x257/0xfd0 [ 1992.253792][T26239] ? fork_idle+0x1d0/0x1d0 [ 1992.258232][T26239] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 1992.264336][T26239] ? lock_downgrade+0x880/0x880 [ 1992.269207][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.275476][T26239] ? blkcg_exit_queue+0x30/0x30 [ 1992.280356][T26239] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1992.285833][T26239] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1992.291321][T26239] ? do_syscall_64+0x26/0x610 [ 1992.296009][T26239] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1992.302092][T26239] ? do_syscall_64+0x26/0x610 [ 1992.306795][T26239] __x64_sys_clone+0xbf/0x150 [ 1992.311494][T26239] do_syscall_64+0x103/0x610 [ 1992.316114][T26239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1992.322026][T26239] RIP: 0033:0x45b779 [ 1992.325929][T26239] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1992.345545][T26239] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1992.353970][T26239] RAX: ffffffffffffffda RBX: 00007fec78bbf700 RCX: 000000000045b779 05:05:22 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) write$FUSE_NOTIFY_POLL(r3, &(0x7f0000000600)={0x18}, 0x18) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:22 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/2, 0x2000, 0x800}, 0x18) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x8, 0x4) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r3, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000400)='fou\x00') sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000500)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r6, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@FOU_ATTR_AF={0x8, 0x2, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x4000000) 05:05:22 executing program 4: semtimedop(0x0, &(0x7f0000000000)=[{0x4}, {0x0, 0x0, 0xfffffffffffffffc}], 0x2, 0x0) getresgid(&(0x7f0000000040)=0x0, &(0x7f00000000c0), &(0x7f0000000100)) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getegid() lstat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x6, &(0x7f0000000440)=[r0, r1, r2, r3, r4, r5]) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) [ 1992.361960][T26239] RDX: 00007fec78bbf9d0 RSI: 00007fec78bbedb0 RDI: 00000000003d0f00 [ 1992.369942][T26239] RBP: 0000000000a4fcb0 R08: 00007fec78bbf700 R09: 00007fec78bbf700 [ 1992.378095][T26239] R10: 00007fec78bbf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1992.386070][T26239] R13: 0000000000a4fb4f R14: 00007fec78bbf9c0 R15: 000000000073bfac 05:05:22 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x8002, 0x0) write$P9_RATTACH(r0, &(0x7f0000000180)={0x14, 0x69, 0x1, {0x6, 0x4}}, 0x14) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:22 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bfffff0300c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:22 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x7, 0x101000) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffff9c, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @empty}}, 0x1, 0x8000, 0x1, 0x1}, &(0x7f0000000180)=0x98) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000001c0)={r1, 0x1}, &(0x7f0000000200)=0x8) 05:05:22 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') r5 = semget$private(0x0, 0x3, 0x10) semctl$IPC_INFO(r5, 0x4, 0x3, &(0x7f00000008c0)=""/208) sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 1992.655561][T26239] memory: usage 307200kB, limit 307200kB, failcnt 2599 [ 1992.679881][T26239] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1992.766661][T26239] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1992.797544][T26239] Memory cgroup stats for /syz5: cache:52KB rss:209844KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:209920KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1992.858399][T26239] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=20074,uid=0 [ 1992.928492][T26239] Memory cgroup out of memory: Killed process 20074 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1993.063840][ T1044] oom_reaper: reaped process 20074 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1993.101672][T26239] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1993.112152][T26239] CPU: 0 PID: 26239 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1993.120226][T26239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1993.130283][T26239] Call Trace: [ 1993.133620][T26239] dump_stack+0x172/0x1f0 [ 1993.137962][T26239] dump_header+0x10f/0xb6c [ 1993.142399][T26239] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1993.148213][T26239] ? ___ratelimit+0x60/0x595 [ 1993.152807][T26239] ? do_raw_spin_unlock+0x57/0x270 [ 1993.157960][T26239] oom_kill_process.cold+0x10/0x15 [ 1993.163082][T26239] out_of_memory+0x79a/0x1280 [ 1993.167769][T26239] ? lock_downgrade+0x880/0x880 [ 1993.172669][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1993.178967][T26239] ? oom_killer_disable+0x280/0x280 [ 1993.184148][T26239] ? find_held_lock+0x35/0x130 [ 1993.188907][T26239] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1993.194450][T26239] ? memcg_event_wake+0x230/0x230 [ 1993.199497][T26239] ? do_raw_spin_unlock+0x57/0x270 [ 1993.204695][T26239] ? _raw_spin_unlock+0x2d/0x50 [ 1993.209534][T26239] try_charge+0x102c/0x15c0 [ 1993.214024][T26239] ? find_held_lock+0x35/0x130 [ 1993.218774][T26239] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1993.224319][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1993.230552][T26239] ? kasan_check_read+0x11/0x20 [ 1993.235392][T26239] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1993.240922][T26239] mem_cgroup_try_charge+0x24d/0x5e0 [ 1993.246205][T26239] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1993.251842][T26239] wp_page_copy+0x408/0x1740 [ 1993.256419][T26239] ? find_held_lock+0x35/0x130 [ 1993.261195][T26239] ? pmd_pfn+0x1d0/0x1d0 [ 1993.265423][T26239] ? lock_downgrade+0x880/0x880 [ 1993.270261][T26239] ? swp_swapcount+0x540/0x540 [ 1993.275011][T26239] ? kasan_check_read+0x11/0x20 [ 1993.279878][T26239] ? do_raw_spin_unlock+0x57/0x270 [ 1993.284984][T26239] do_wp_page+0x48e/0x1500 [ 1993.289408][T26239] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 1993.294772][T26239] __handle_mm_fault+0x22e8/0x3ec0 [ 1993.299875][T26239] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1993.305411][T26239] ? find_held_lock+0x35/0x130 [ 1993.310159][T26239] ? handle_mm_fault+0x322/0xb30 [ 1993.315084][T26239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1993.321329][T26239] ? kasan_check_read+0x11/0x20 [ 1993.326182][T26239] handle_mm_fault+0x43f/0xb30 [ 1993.330940][T26239] __do_page_fault+0x5ef/0xda0 [ 1993.335695][T26239] do_page_fault+0x71/0x581 [ 1993.340306][T26239] ? page_fault+0x8/0x30 [ 1993.344549][T26239] page_fault+0x1e/0x30 [ 1993.348691][T26239] RIP: 0033:0x40c0f3 [ 1993.352569][T26239] Code: 48 18 8b 4c 24 5c 89 48 24 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 4d 71 ff ff <83> 05 0a 3f 53 00 01 80 7c 24 1e 00 74 0b f6 44 24 18 01 0f 84 89 [ 1993.372151][T26239] RSP: 002b:0000000000a4fbd0 EFLAGS: 00010217 [ 1993.378195][T26239] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 0000000000458da9 [ 1993.386151][T26239] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bfa8 [ 1993.394111][T26239] RBP: 00000000000009e1 R08: 00007fec78bbf700 R09: ffffffffffffffff [ 1993.402079][T26239] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000073bfa0 [ 1993.410035][T26239] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000073bfac [ 1993.420964][T26239] memory: usage 307036kB, limit 307200kB, failcnt 2616 [ 1993.428817][T26239] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1993.436456][T26239] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1993.443351][T26239] Memory cgroup stats for /syz5: cache:52KB rss:209844KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:209884KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1993.465404][T26239] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23329,uid=0 [ 1993.481020][T26239] Memory cgroup out of memory: Killed process 23329 (syz-executor.5) total-vm:197128kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 05:05:23 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x8601) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e24, @rand_addr=0x9}, 0x10) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(r0, &(0x7f0000000000)={0xffffffffffffff73, 0x0, 0x20000000000000, {0x0, 0x4000000000000000}}, 0xfffffc34) r1 = syz_open_dev$mice(&(0x7f0000000400)='/dev/input/mice\x00', 0x0, 0x4000) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000300)={0x0, @loopback, @empty}, &(0x7f0000000340)=0xc) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000380)={@ipv4={[], [], @loopback}, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @loopback, 0xff, 0x2, 0x2, 0x400, 0x3f, 0x1000105, r2}) 05:05:23 executing program 4: r0 = semget(0x0, 0x2, 0x20b) semtimedop(r0, &(0x7f0000000040)=[{0x0, 0x2000000000000000, 0x1000}, {0x3, 0x8000000000}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) 05:05:23 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db3f420f000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:23 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00004000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:23 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f00000008c0)=@add_del={0x2, &(0x7f0000000600)}) r3 = dup2(r1, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:23 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) openat$snapshot(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snapshot\x00', 0x101080, 0x0) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:23 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00d05000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 1993.799320][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1993.863079][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 1993.871120][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1993.881198][ T7890] Call Trace: [ 1993.884508][ T7890] dump_stack+0x172/0x1f0 [ 1993.888859][ T7890] dump_header+0x10f/0xb6c [ 1993.893339][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1993.899180][ T7890] ? ___ratelimit+0x60/0x595 [ 1993.903795][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1993.908924][ T7890] oom_kill_process.cold+0x10/0x15 [ 1993.914052][ T7890] out_of_memory+0x79a/0x1280 [ 1993.918750][ T7890] ? lock_downgrade+0x880/0x880 [ 1993.923621][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1993.929902][ T7890] ? oom_killer_disable+0x280/0x280 [ 1993.935109][ T7890] ? find_held_lock+0x35/0x130 [ 1993.939897][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 1993.945545][ T7890] ? memcg_event_wake+0x230/0x230 [ 1993.950598][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 1993.955731][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 1993.955750][ T7890] try_charge+0x102c/0x15c0 [ 1993.965090][ T7890] ? find_held_lock+0x35/0x130 [ 1993.965116][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1993.965131][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1993.965144][ T7890] ? find_held_lock+0x35/0x130 [ 1993.965159][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 1993.965186][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 1993.965202][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 1993.965222][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 1994.007597][ T7890] __memcg_kmem_charge+0x136/0x300 [ 1994.012727][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 1994.018114][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 1994.023857][ T7890] ? copy_page_range+0x125a/0x1f90 [ 1994.029007][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1994.035283][ T7890] alloc_pages_current+0x107/0x210 [ 1994.040439][ T7890] pte_alloc_one+0x1b/0x1a0 [ 1994.044952][ T7890] __pte_alloc+0x20/0x310 [ 1994.049310][ T7890] copy_page_range+0x1529/0x1f90 [ 1994.054283][ T7890] ? find_held_lock+0x35/0x130 [ 1994.059080][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1994.065374][ T7890] ? pmd_alloc+0x180/0x180 [ 1994.069973][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 1994.075443][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 1994.080134][ T7890] ? __vma_link_rb+0x279/0x370 [ 1994.084922][ T7890] copy_process.part.0+0x568b/0x7980 [ 1994.090254][ T7890] ? __cleanup_sighand+0x60/0x60 [ 1994.095245][ T7890] _do_fork+0x257/0xfd0 [ 1994.099523][ T7890] ? fork_idle+0x1d0/0x1d0 [ 1994.103955][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1994.109431][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1994.114914][ T7890] ? do_syscall_64+0x26/0x610 [ 1994.119599][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1994.119616][ T7890] ? do_syscall_64+0x26/0x610 [ 1994.119638][ T7890] __x64_sys_clone+0xbf/0x150 [ 1994.119665][ T7890] do_syscall_64+0x103/0x610 [ 1994.130417][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1994.130431][ T7890] RIP: 0033:0x45737a [ 1994.130447][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1994.130455][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1994.130470][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 1994.130478][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1994.130494][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 1994.201453][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 05:05:23 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r1 = dup3(r0, r0, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r3, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r4 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000280)) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r3, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r4, 0x1274, 0x0) getsockopt$sock_buf(r2, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r2, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) setsockopt$RDS_GET_MR(r1, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$KVM_SET_MSRS(r1, 0x4008ae89, &(0x7f0000000600)={0x1, 0x0, [{0xaff, 0x0, 0xe705}]}) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) 05:05:24 executing program 3: prctl$PR_GET_FPEMU(0x9, &(0x7f00000004c0)) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000400)=&(0x7f00000003c0)) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000480)=0x4) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(r1, &(0x7f0000000680)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:24 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getgroups(0x3, &(0x7f0000000600)=[0xee00, 0x0, 0x0]) ioctl$TUNSETGROUP(r2, 0x400454ce, r3) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r4, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 1994.209444][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:05:24 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) r6 = add_key$keyring(&(0x7f0000000600)='keyring\x00', &(0x7f00000008c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$assume_authority(0x10, r6) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:24 executing program 4: syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) [ 1994.947854][ T7890] memory: usage 307200kB, limit 307200kB, failcnt 2664 [ 1994.969510][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1994.992904][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1995.019165][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:209844KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:209968KB inactive_file:0KB active_file:0KB unevictable:0KB [ 1995.075449][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24660,uid=0 [ 1995.090934][ T7890] Memory cgroup out of memory: Killed process 24660 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 1995.108526][ T1044] oom_reaper: reaped process 24660 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 05:05:44 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x8000, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 05:05:44 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00c07000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:44 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000a40)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200303b022b690618b43f4f6e74d52b14ac95664a7bee9b0c205b7a76c82f5cd29abb654608047ebca2b2ccbc3919f285ac93739c49e8783fa23ee4424640de0e235c918da0d813165cd2d9f03a1791533140fb6700e331966096e0df06f884e5cd85909c52c2b8f723ae25d390432fcd9888f43dd434ad053bc5f9b4b9d69b9832b82ca3560af7e53b59348abeeae1f5952e1e62b0229501defddb82a751dca6694cc9a72e3fe0af862cf8db2c34fd27808f63147b496635d2bd0247b6b583c9f8ab7b5ece3d764a8cfb30b5f03709200bfe000000"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f00000008c0)=ANY=[@ANYBLOB="0b0000008d125e2628ff6f4f4f79a5f85db19be8a60b38d9b19470ce74ed7bc9cf74d000fc54618f7abe5f62399c1132962ef8bccaa8b88553f88d62697da3b665aa4f39516bedaf2ce9a7d298c884c4edac7393d2ba19a04cf5b653d67a19f06985331c6dc3c75fc8434577c35788f30463469fdff7e35d053d6331f16ba4c5b20c9d4d65913faf099b1aee4831119ad1916a2b4ec5044a51cd13c2568c3a0513cfba04e492dcfc7a7d5d71acc297d1832ae5cb06f50d12543ed8486ca21e812864c1f577c9ef33ecc0e800b1075278a7988e9fca3804e93c023e7a2c3f58b154fc1b77f3efc6a7f6ccd9b83bfb89600aa0801440b43b808f6977b9e9bb5e61b6c2b8c65ead8f4375679c098ffca7e286fc5410eb0693d0a84e7535bf7fc3a7b3cece93ec9cc14aa1c58e04a303d84458cae7332e85410ba01f813781310456c548f5c9185c"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:44 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000480)={0x0, 0x70, &(0x7f00000003c0)=[@in6={0xa, 0x4e21, 0x8000, @rand_addr="668d17236d68b9cf05e31e38c51e9a19", 0x5}, @in6={0xa, 0x4e22, 0x3, @mcast2, 0x2}, @in6={0xa, 0x4e22, 0x3e2457d0, @empty, 0x80}, @in6={0xa, 0x4e23, 0x8, @local, 0x8}]}, &(0x7f00000004c0)=0x10) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000500)={r4, 0x53, "7d9aa40bd1a2bec5649e8ba6a19981247447abdb485829349a88bc86146caa65ccf5dc229e794274a66ccce57300eff19996088de8d8fbad7cc54aadf635c8530e3ecdfad7c7888717f491e4da4dfedd67f018"}, &(0x7f0000000580)=0x5b) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:44 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rtc0\x00', 0x2000, 0x0) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x101400) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000140)={{0x0, 0x6, 0x7, 0xffff, '\x00', 0x8}, 0x1, [0x9, 0x6, 0x5, 0xf3e6, 0x100000000, 0x800, 0x7, 0x801, 0x4, 0x5, 0x76, 0x6, 0x2, 0xfffffffffffffe01, 0x7fff, 0xffffffff, 0x7, 0x24f, 0x8, 0x28, 0x2, 0xffff, 0x3, 0xfffffffffffffffb, 0x9, 0x100000001, 0x8afa, 0x5, 0xffffffffffff1b70, 0x3ff, 0x1, 0x6, 0x42, 0x1, 0xc7, 0x3, 0x400000000, 0x4000000000000000, 0x1, 0x355b, 0x0, 0x3f, 0x7fff, 0x0, 0x0, 0x8, 0x7fff800000, 0x5, 0x80000000, 0x7fff, 0x800, 0x7, 0x81, 0x6, 0x4, 0x1, 0x1, 0xb9a3, 0x4, 0x80000000, 0x4, 0xfffffffffffffffd, 0x9, 0x1, 0xffffffffffff8001, 0x7, 0x5, 0x1, 0xffffffff80000000, 0xb260a12, 0xfff, 0x9, 0x3, 0x2, 0x1, 0x200, 0x7, 0x292, 0x400, 0xfffffffffffffff9, 0x5, 0x5, 0x1db3, 0x4, 0x9, 0x5, 0x100, 0xfffffffffffeffff, 0x0, 0x401, 0x1ff, 0xc00000000, 0x7c9, 0x2, 0x1, 0x1, 0x7, 0x4, 0x80000000, 0xffffffff, 0xfba, 0x619, 0x10000, 0x1ff, 0x2, 0x0, 0x80, 0x9, 0xd6, 0x4, 0x8, 0x9, 0x1061, 0x6, 0x5d, 0x6, 0x27, 0xeb2f, 0xbaf, 0x0, 0x14e3, 0x5, 0x8000, 0x3, 0x5, 0x7be3, 0x189, 0x7f]}) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7fffffff, 0x3) ioctl$TIOCGSOFTCAR(r1, 0x5419, &(0x7f00000000c0)) fremovexattr(r1, &(0x7f0000000640)=@random={'btrfs.', '\'*proc\x00'}) 05:05:44 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000010000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:44 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(r2, r1) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_GET_TIMERSLACK(0x1e) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2014.551427][T27198] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2014.597127][T27198] CPU: 0 PID: 27198 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2014.605271][T27198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2014.605290][T27198] Call Trace: [ 2014.618697][T27198] dump_stack+0x172/0x1f0 [ 2014.623058][T27198] dump_header+0x10f/0xb6c [ 2014.627504][T27198] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2014.633364][T27198] ? ___ratelimit+0x60/0x595 [ 2014.637976][T27198] ? do_raw_spin_unlock+0x57/0x270 05:05:44 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00507100c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2014.638000][T27198] oom_kill_process.cold+0x10/0x15 [ 2014.638018][T27198] out_of_memory+0x79a/0x1280 [ 2014.652921][T27198] ? lock_downgrade+0x880/0x880 [ 2014.657791][T27198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2014.664046][T27198] ? oom_killer_disable+0x280/0x280 [ 2014.669270][T27198] ? find_held_lock+0x35/0x130 [ 2014.674074][T27198] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2014.679633][T27198] ? memcg_event_wake+0x230/0x230 [ 2014.684703][T27198] ? do_raw_spin_unlock+0x57/0x270 [ 2014.689835][T27198] ? _raw_spin_unlock+0x2d/0x50 [ 2014.694811][T27198] try_charge+0x102c/0x15c0 [ 2014.699345][T27198] ? find_held_lock+0x35/0x130 [ 2014.704220][T27198] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2014.709781][T27198] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2014.715362][T27198] ? find_held_lock+0x35/0x130 [ 2014.720338][T27198] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2014.725915][T27198] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2014.731665][T27198] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2014.736886][T27198] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2014.742449][T27198] __memcg_kmem_charge+0x136/0x300 [ 2014.747593][T27198] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2014.756475][T27198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2014.767749][T27198] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2014.773500][T27198] ? copy_process.part.0+0x1d08/0x7980 [ 2014.778981][T27198] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2014.784293][T27198] ? trace_hardirqs_on+0x67/0x230 [ 2014.789477][T27198] copy_process.part.0+0x3e0/0x7980 [ 2014.794701][T27198] ? debug_check_no_obj_freed+0x200/0x464 [ 2014.800437][T27198] ? find_held_lock+0x35/0x130 [ 2014.805217][T27198] ? debug_check_no_obj_freed+0x200/0x464 [ 2014.810962][T27198] ? kasan_check_write+0x14/0x20 [ 2014.815919][T27198] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2014.822177][T27198] ? filename_lookup+0x294/0x410 [ 2014.827144][T27198] ? __cleanup_sighand+0x60/0x60 [ 2014.832109][T27198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2014.838370][T27198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2014.844637][T27198] ? getname_flags+0x300/0x5b0 [ 2014.849421][T27198] ? getname_flags+0x300/0x5b0 [ 2014.854206][T27198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2014.859963][T27198] _do_fork+0x257/0xfd0 [ 2014.864341][T27198] ? fork_idle+0x1d0/0x1d0 [ 2014.868779][T27198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2014.875048][T27198] ? do_sys_truncate.part.0+0xbc/0x150 [ 2014.880553][T27198] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2014.886034][T27198] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2014.891509][T27198] ? do_syscall_64+0x26/0x610 [ 2014.896205][T27198] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2014.902289][T27198] ? do_syscall_64+0x26/0x610 [ 2014.906996][T27198] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2014.912301][T27198] __ia32_sys_vfork+0x1f/0x30 [ 2014.917020][T27198] do_syscall_64+0x103/0x610 [ 2014.921633][T27198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2014.927548][T27198] RIP: 0033:0x2000000a [ 2014.931640][T27198] Code: Bad RIP value. [ 2014.935734][T27198] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a 05:05:44 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000600)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f00000008c0)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) ioctl$TUNSETOFFLOAD(r2, 0x400454d0, 0xd) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:44 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00007400c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2014.944161][T27198] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2014.952164][T27198] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2014.960140][T27198] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 2014.968118][T27198] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2014.976101][T27198] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2015.110881][T27198] memory: usage 307124kB, limit 307200kB, failcnt 2688 [ 2015.119999][T27198] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2015.128517][T27198] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2015.136427][T27198] Memory cgroup stats for /syz5: cache:52KB rss:209964KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:210044KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2015.163745][T27198] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12371,uid=0 [ 2015.182097][T27198] Memory cgroup out of memory: Killed process 12371 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:05:45 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf01008000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2015.205062][ T1044] oom_reaper: reaped process 12371 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2015.211679][T27332] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 05:05:45 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000040000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2015.281996][T27332] CPU: 1 PID: 27332 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2015.290117][T27332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2015.300355][T27332] Call Trace: [ 2015.303659][T27332] dump_stack+0x172/0x1f0 [ 2015.308029][T27332] dump_header+0x10f/0xb6c [ 2015.312454][T27332] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2015.318273][T27332] ? ___ratelimit+0x60/0x595 [ 2015.322880][T27332] ? do_raw_spin_unlock+0x57/0x270 [ 2015.328006][T27332] oom_kill_process.cold+0x10/0x15 [ 2015.333133][T27332] out_of_memory+0x79a/0x1280 [ 2015.337827][T27332] ? oom_killer_disable+0x280/0x280 [ 2015.343037][T27332] ? find_held_lock+0x35/0x130 [ 2015.347819][T27332] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2015.353385][T27332] ? memcg_event_wake+0x230/0x230 [ 2015.358436][T27332] ? do_raw_spin_unlock+0x57/0x270 [ 2015.363574][T27332] ? _raw_spin_unlock+0x2d/0x50 [ 2015.368458][T27332] try_charge+0x102c/0x15c0 [ 2015.372979][T27332] ? find_held_lock+0x35/0x130 [ 2015.377768][T27332] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2015.383338][T27332] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2015.388901][T27332] ? find_held_lock+0x35/0x130 [ 2015.393688][T27332] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2015.393714][T27332] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2015.393730][T27332] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2015.393752][T27332] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2015.415643][T27332] __memcg_kmem_charge+0x136/0x300 [ 2015.420796][T27332] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2015.426212][T27332] ? find_held_lock+0x35/0x130 [ 2015.431008][T27332] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2015.436754][T27332] ? kasan_check_write+0x14/0x20 [ 2015.441718][T27332] ? lock_downgrade+0x880/0x880 [ 2015.446591][T27332] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2015.452885][T27332] alloc_pages_current+0x107/0x210 [ 2015.458045][T27332] pte_alloc_one+0x1b/0x1a0 [ 2015.462571][T27332] __pte_alloc+0x20/0x310 [ 2015.466923][T27332] copy_page_range+0x1529/0x1f90 [ 2015.471886][T27332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2015.478149][T27332] ? debug_smp_processor_id+0x3c/0x280 [ 2015.483643][T27332] ? copy_process.part.0+0x3121/0x7980 [ 2015.489135][T27332] ? pmd_alloc+0x180/0x180 [ 2015.493567][T27332] ? vma_compute_subtree_gap+0x158/0x230 [ 2015.499212][T27332] ? validate_mm_rb+0xa3/0xc0 [ 2015.503903][T27332] ? __vma_link_rb+0x279/0x370 [ 2015.508693][T27332] copy_process.part.0+0x568b/0x7980 [ 2015.514015][T27332] ? __cleanup_sighand+0x60/0x60 [ 2015.518959][T27332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2015.525293][T27332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2015.531553][T27332] ? getname_flags+0x300/0x5b0 [ 2015.536337][T27332] ? getname_flags+0x300/0x5b0 [ 2015.541114][T27332] ? rcu_read_lock_sched_held+0x110/0x130 [ 2015.546858][T27332] ? kmem_cache_free+0x225/0x260 [ 2015.551808][T27332] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2015.557718][T27332] _do_fork+0x257/0xfd0 [ 2015.557740][T27332] ? fork_idle+0x1d0/0x1d0 [ 2015.557755][T27332] ? __ia32_sys_mkdir+0x80/0x80 [ 2015.557775][T27332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2015.557788][T27332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2015.557801][T27332] ? do_syscall_64+0x26/0x610 [ 2015.557816][T27332] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2015.557837][T27332] ? do_syscall_64+0x26/0x610 [ 2015.557864][T27332] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2015.566436][T27332] __ia32_sys_fork+0x1f/0x30 [ 2015.566452][T27332] do_syscall_64+0x103/0x610 [ 2015.566472][T27332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2015.566491][T27332] RIP: 0033:0x2000000a [ 2015.621983][T27332] Code: Bad RIP value. [ 2015.626052][T27332] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2015.634865][T27332] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2015.642844][T27332] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2015.650803][T27332] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2015.658773][T27332] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2015.666742][T27332] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2015.705014][T27332] memory: usage 307200kB, limit 307200kB, failcnt 12343 [ 2015.713510][T27332] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2015.722452][T27332] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2015.730514][T27332] Memory cgroup stats for /syz2: cache:48KB rss:92856KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:92924KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2015.768363][T27332] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13939,uid=0 [ 2015.785350][T27332] Memory cgroup out of memory: Killed process 13939 (syz-executor.2) total-vm:72448kB, anon-rss:2172kB, file-rss:34816kB, shmem-rss:0kB 05:05:45 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x20000, 0x0) write$P9_RFLUSH(r0, &(0x7f00000001c0)={0x7, 0x6d, 0x2}, 0x7) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ppp\x00', 0x40181, 0x0) 05:05:45 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') ioctl$ASHMEM_GET_PIN_STATUS(r2, 0x7709, 0x0) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:45 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x1, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) 05:05:45 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:45 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00004c000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:45 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf00009400c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:45 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0030a501c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2016.087051][T27736] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2016.129919][T27736] CPU: 1 PID: 27736 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2016.138136][T27736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2016.148300][T27736] Call Trace: [ 2016.151633][T27736] dump_stack+0x172/0x1f0 [ 2016.155988][T27736] dump_header+0x10f/0xb6c [ 2016.160450][T27736] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2016.166278][T27736] ? ___ratelimit+0x60/0x595 [ 2016.170892][T27736] ? do_raw_spin_unlock+0x57/0x270 [ 2016.176020][T27736] oom_kill_process.cold+0x10/0x15 [ 2016.181143][T27736] out_of_memory+0x79a/0x1280 [ 2016.185839][T27736] ? lock_downgrade+0x880/0x880 [ 2016.190790][T27736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2016.197062][T27736] ? oom_killer_disable+0x280/0x280 [ 2016.202267][T27736] ? find_held_lock+0x35/0x130 [ 2016.207063][T27736] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2016.212619][T27736] ? memcg_event_wake+0x230/0x230 [ 2016.217699][T27736] ? do_raw_spin_unlock+0x57/0x270 [ 2016.222841][T27736] ? _raw_spin_unlock+0x2d/0x50 [ 2016.227714][T27736] try_charge+0x102c/0x15c0 [ 2016.232226][T27736] ? find_held_lock+0x35/0x130 [ 2016.237029][T27736] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2016.242591][T27736] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2016.248150][T27736] ? find_held_lock+0x35/0x130 [ 2016.252922][T27736] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2016.258495][T27736] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2016.264055][T27736] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2016.269264][T27736] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2016.274819][T27736] __memcg_kmem_charge+0x136/0x300 [ 2016.279943][T27736] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2016.285332][T27736] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2016.291069][T27736] ? copy_page_range+0x125a/0x1f90 [ 2016.296187][T27736] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2016.302434][T27736] alloc_pages_current+0x107/0x210 [ 2016.307571][T27736] pte_alloc_one+0x1b/0x1a0 [ 2016.312082][T27736] __pte_alloc+0x20/0x310 [ 2016.316421][T27736] copy_page_range+0x1529/0x1f90 [ 2016.321360][T27736] ? find_held_lock+0x35/0x130 [ 2016.326125][T27736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2016.332393][T27736] ? pmd_alloc+0x180/0x180 [ 2016.336823][T27736] ? vma_compute_subtree_gap+0x158/0x230 [ 2016.342471][T27736] ? validate_mm_rb+0xa3/0xc0 [ 2016.347154][T27736] ? __vma_link_rb+0x279/0x370 [ 2016.351928][T27736] copy_process.part.0+0x568b/0x7980 [ 2016.357254][T27736] ? __cleanup_sighand+0x60/0x60 [ 2016.362201][T27736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2016.368456][T27736] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2016.374716][T27736] ? getname_flags+0x300/0x5b0 [ 2016.379514][T27736] ? getname_flags+0x300/0x5b0 [ 2016.384292][T27736] ? rcu_read_lock_sched_held+0x110/0x130 [ 2016.390040][T27736] ? kmem_cache_free+0x225/0x260 [ 2016.395012][T27736] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2016.400931][T27736] _do_fork+0x257/0xfd0 [ 2016.405123][T27736] ? fork_idle+0x1d0/0x1d0 [ 2016.409558][T27736] ? __ia32_sys_mkdir+0x80/0x80 [ 2016.414429][T27736] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2016.419898][T27736] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2016.425370][T27736] ? do_syscall_64+0x26/0x610 [ 2016.430059][T27736] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2016.436169][T27736] ? do_syscall_64+0x26/0x610 [ 2016.440869][T27736] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2016.446201][T27736] __ia32_sys_fork+0x1f/0x30 [ 2016.450811][T27736] do_syscall_64+0x103/0x610 [ 2016.455875][T27736] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2016.461955][T27736] RIP: 0033:0x2000000a [ 2016.466042][T27736] Code: Bad RIP value. [ 2016.470113][T27736] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 05:05:46 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r1 = dup3(r0, r0, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r2, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000a000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000100)="0f20e06635400000000f22e00f01c90f30baf80c66b88e8f148a66efbafc0cb83a4bef0f080f20d86635200000000f22d8660f3a0dc8003e660ff6379aed00950065ca0008"}], 0xaaaaaaaaaaaa891, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r5 = accept4$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0, 0x80000) ioctl$sock_netdev_private(r5, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x1f000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 05:05:46 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind(r1, &(0x7f0000000480)=@ethernet={0x306, @remote}, 0x80) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) getsockopt$inet_int(r0, 0x0, 0x12, &(0x7f00000003c0), &(0x7f0000000400)=0x4) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2016.478543][T27736] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2016.486544][T27736] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2016.494634][T27736] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2016.502620][T27736] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2016.510628][T27736] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:05:46 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x40a00, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000180)) open_by_handle_at(r0, &(0x7f0000000240)={0x4a, 0x7, "8d3f1eca44d4d0bb5cd1c92dafbf16ff8daebde4f56a9e230109b66d83068d001eb7d419607809ed2af63a388f7933328759c010345c0499f0aa990391221dd4e560"}, 0x4000) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2016.654914][T27736] memory: usage 307200kB, limit 307200kB, failcnt 2722 [ 2016.666987][T27736] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2016.693506][T27736] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2016.711274][T27736] Memory cgroup stats for /syz5: cache:52KB rss:210036KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:210008KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2016.743424][T27736] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=24878,uid=0 05:05:46 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") 05:05:46 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getrusage(0xffffffffffffffff, &(0x7f00000008c0)) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2016.814701][T27736] Memory cgroup out of memory: Killed process 24878 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:05:46 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2016.891348][ T1044] oom_reaper: reaped process 24878 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2016.924876][T27750] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:05:46 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000380)='/dev/hwrng\x00', 0x20002, 0x0) bind$bt_rfcomm(r0, &(0x7f00000003c0)={0x1f, {0x400, 0x0, 0x40, 0x1, 0x5, 0x5}, 0xfffffffffffffffb}, 0xa) r1 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_PVERSION(r1, 0x80045500, &(0x7f00000000c0)) r2 = socket$caif_seqpacket(0x25, 0x5, 0x1) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c06, r2) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x64, r3, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xeb}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000340)) getsockname(r2, &(0x7f0000000140)=@nfc_llcp, &(0x7f0000000000)=0x80) 05:05:46 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db007150000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2017.032821][T27750] CPU: 0 PID: 27750 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2017.040971][T27750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2017.051043][T27750] Call Trace: [ 2017.054373][T27750] dump_stack+0x172/0x1f0 [ 2017.058726][T27750] dump_header+0x10f/0xb6c [ 2017.063153][T27750] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2017.068969][T27750] ? ___ratelimit+0x60/0x595 [ 2017.073602][T27750] ? do_raw_spin_unlock+0x57/0x270 [ 2017.078737][T27750] oom_kill_process.cold+0x10/0x15 [ 2017.083872][T27750] out_of_memory+0x79a/0x1280 [ 2017.088654][T27750] ? oom_killer_disable+0x280/0x280 [ 2017.093858][T27750] ? find_held_lock+0x35/0x130 [ 2017.098652][T27750] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2017.104207][T27750] ? memcg_event_wake+0x230/0x230 [ 2017.109255][T27750] ? do_raw_spin_unlock+0x57/0x270 [ 2017.114406][T27750] ? _raw_spin_unlock+0x2d/0x50 [ 2017.119275][T27750] try_charge+0x102c/0x15c0 [ 2017.123796][T27750] ? find_held_lock+0x35/0x130 [ 2017.128584][T27750] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2017.134159][T27750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2017.140422][T27750] ? kasan_check_read+0x11/0x20 [ 2017.145302][T27750] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2017.150923][T27750] mem_cgroup_try_charge+0x24d/0x5e0 [ 2017.156226][T27750] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2017.161874][T27750] wp_page_copy+0x408/0x1740 [ 2017.166534][T27750] ? find_held_lock+0x35/0x130 [ 2017.171413][T27750] ? pmd_pfn+0x1d0/0x1d0 [ 2017.175670][T27750] ? lock_downgrade+0x880/0x880 [ 2017.180552][T27750] ? __pte_alloc_kernel+0x220/0x220 [ 2017.185759][T27750] ? kasan_check_read+0x11/0x20 [ 2017.190625][T27750] ? do_raw_spin_unlock+0x57/0x270 [ 2017.195757][T27750] do_wp_page+0x48e/0x1500 [ 2017.200187][T27750] ? do_raw_spin_lock+0x12a/0x2e0 [ 2017.205293][T27750] ? rwlock_bug.part.0+0x90/0x90 [ 2017.210256][T27750] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2017.215660][T27750] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2017.221428][T27750] __handle_mm_fault+0x22e8/0x3ec0 [ 2017.226559][T27750] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2017.232124][T27750] ? find_held_lock+0x35/0x130 [ 2017.236918][T27750] ? handle_mm_fault+0x322/0xb30 [ 2017.241875][T27750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2017.248136][T27750] ? kasan_check_read+0x11/0x20 [ 2017.252999][T27750] handle_mm_fault+0x43f/0xb30 [ 2017.257783][T27750] __do_page_fault+0x5ef/0xda0 [ 2017.262576][T27750] do_page_fault+0x71/0x581 [ 2017.267154][T27750] ? page_fault+0x8/0x30 [ 2017.271404][T27750] page_fault+0x1e/0x30 [ 2017.275572][T27750] RIP: 0033:0x40e018 [ 2017.279479][T27750] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ac e3 4b 00 31 c0 e8 03 39 ff ff 31 ff e8 4c 35 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 4e 24 64 00 [ 2017.299118][T27750] RSP: 002b:0000000000a4fb00 EFLAGS: 00010246 [ 2017.305211][T27750] RAX: 000000003556b9a6 RBX: 000000006b9ac8cd RCX: 0000001b31020000 [ 2017.313269][T27750] RDX: 0000000000000000 RSI: 00000000000019a6 RDI: ffffffff3556b9a6 [ 2017.321252][T27750] RBP: 0000000000000002 R08: 000000003556b9a6 R09: 000000003556b9aa [ 2017.329233][T27750] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 000000000073c028 [ 2017.337229][T27750] R13: 0000000080000000 R14: 00007f71db159008 R15: 0000000000000002 [ 2017.373120][T27750] memory: usage 307100kB, limit 307200kB, failcnt 9104 [ 2017.380469][T27750] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2017.389154][T27750] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2017.398944][T27750] Memory cgroup stats for /syz1: cache:108KB rss:136168KB rss_huge:73728KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:130048KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2017.422795][T27750] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=10734,uid=0 [ 2017.439585][T27750] Memory cgroup out of memory: Killed process 10734 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB 05:05:47 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000000800)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[@ANYBLOB="dd25ee24a586f5fd2916d1ba32fd6aa3608908f36c080006200400000000000000081ec79f3f3dc667ba645f5307dae005b9eab28ff4fca8e3f981a5c0e6aa03d190baa61a7eb2b86bc5b06845707ca4c1ca6020bd1081416b67f3f1fec471883a4ca0f2850772d8bbb77f91736604ef1f7b972dd6f9c43af7fd833f3cfd5ccd5cddb193a2d3f3"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000980)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f69620000000000000000000000000000000000000000000000000000ad0000000000000000000000000000000000000000000000000000000000000000000000000000006c129af5906fda89ef9145238c6a672ac8ce03418d0c8b1974db763704adb9ef757f80063bd02a11c57283be60850aa1f3876d914a6ae1c73abe32542b7542d96b13cd9910609843f04cddbb616ea540c7470bc58507e515b0340e01b7d191f8a7b6cc5f363870408f6185c6df2ee99e154a436d406aaf8f74d53cd6b3ab725a5203442a04bf169f14f92cc4be264211e839243d33162ec6af64cccc9a8ead"], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2017.538728][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2017.571212][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2017.579242][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2017.589302][ T7890] Call Trace: [ 2017.592623][ T7890] dump_stack+0x172/0x1f0 [ 2017.596974][ T7890] dump_header+0x10f/0xb6c [ 2017.601405][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2017.607256][ T7890] ? ___ratelimit+0x60/0x595 [ 2017.611860][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2017.616997][ T7890] oom_kill_process.cold+0x10/0x15 [ 2017.622132][ T7890] out_of_memory+0x79a/0x1280 [ 2017.626829][ T7890] ? oom_killer_disable+0x280/0x280 [ 2017.632036][ T7890] ? find_held_lock+0x35/0x130 [ 2017.637672][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2017.643238][ T7890] ? memcg_event_wake+0x230/0x230 [ 2017.648287][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2017.653437][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2017.658305][ T7890] try_charge+0x102c/0x15c0 [ 2017.662839][ T7890] ? find_held_lock+0x35/0x130 [ 2017.667630][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2017.673187][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2017.678745][ T7890] ? find_held_lock+0x35/0x130 [ 2017.683533][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2017.689103][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2017.694673][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2017.699910][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2017.705491][ T7890] __memcg_kmem_charge+0x136/0x300 [ 2017.710621][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2017.716011][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2017.721753][ T7890] ? copy_page_range+0x125a/0x1f90 [ 2017.726881][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2017.733160][ T7890] alloc_pages_current+0x107/0x210 [ 2017.738293][ T7890] pte_alloc_one+0x1b/0x1a0 [ 2017.742829][ T7890] __pte_alloc+0x20/0x310 [ 2017.747180][ T7890] copy_page_range+0x1529/0x1f90 [ 2017.752153][ T7890] ? find_held_lock+0x35/0x130 [ 2017.756941][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2017.763226][ T7890] ? pmd_alloc+0x180/0x180 [ 2017.767687][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 2017.773285][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 2017.777998][ T7890] ? __vma_link_rb+0x279/0x370 [ 2017.782790][ T7890] copy_process.part.0+0x568b/0x7980 [ 2017.788120][ T7890] ? __cleanup_sighand+0x60/0x60 [ 2017.793087][ T7890] _do_fork+0x257/0xfd0 [ 2017.797258][ T7890] ? fork_idle+0x1d0/0x1d0 [ 2017.801707][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2017.807194][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2017.812659][ T7890] ? do_syscall_64+0x26/0x610 [ 2017.817361][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2017.823440][ T7890] ? do_syscall_64+0x26/0x610 [ 2017.828136][ T7890] __x64_sys_clone+0xbf/0x150 [ 2017.832827][ T7890] do_syscall_64+0x103/0x610 [ 2017.837435][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2017.843365][ T7890] RIP: 0033:0x45737a [ 2017.847283][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2017.866926][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2017.875376][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a 05:05:47 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0050a701c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2017.883375][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2017.891375][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2017.899364][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2017.907367][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:05:47 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x2, 0x80000) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) mmap$perf(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0xdc43c2420e765751, r0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:47 executing program 2: syz_execute_func(&(0x7f0000000140)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:48 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) semget$private(0x0, 0x4, 0x1) r0 = semget$private(0x0, 0x3, 0x80) semtimedop(r0, &(0x7f0000000080), 0x1c8, 0x0) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x6841, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000080)={0xfffffffffffffffd, 0x6, 0x3, 0x200}) 05:05:48 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f00000008c0), 0x8, 0x1) geteuid() r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:48 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf616d6159c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2018.137330][ T7890] memory: usage 307036kB, limit 307200kB, failcnt 2779 [ 2018.226110][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2018.263597][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2018.283220][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:209896KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:209960KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2018.352925][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27736,uid=0 05:05:48 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a020000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2018.410457][ T7890] Memory cgroup out of memory: Killed process 27736 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:05:48 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) ioctl$TIOCGPTLCK(r2, 0x80045439, &(0x7f0000000600)) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:48 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00d050000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:48 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ff018000000000000000062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="a81e72c2e78beccd3fe7876c88eb68423c6609000000b0846400"/37, @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059371fc3b31f2548f94561e17d144fbb88bc9d20b9b50135bf4b5987ed754095dc5c2a6b70f0d09f68d5924bf6a58eab87b4ab25c0387e42b14b11557fbaab4fa0040db5f7dfc7acf5f3e08f52d4e447bf695c8da8462ac9448af4e32c9ef0b244b4d3e2337f4d632d841dde91a6fab0a92e3302017e27a1694d8692aefee6660cc59e8f2f9265f2a1048ee8bf938ba32a2c83a4707e3a891abd5bdb91f78e0de5180cecf58ae476040c0a61f5686fbde0ca"], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) r6 = request_key(&(0x7f0000000600)='user\x00', &(0x7f0000000840)={'syz', 0x2}, &(0x7f0000000880)='TIPC\x00', 0x0) keyctl$assume_authority(0x10, r6) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:48 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a040000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2018.883633][T28455] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2018.929753][T28455] CPU: 1 PID: 28455 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2018.937901][T28455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2018.947989][T28455] Call Trace: [ 2018.951410][T28455] dump_stack+0x172/0x1f0 [ 2018.955785][T28455] dump_header+0x10f/0xb6c [ 2018.960232][T28455] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2018.966085][T28455] ? ___ratelimit+0x60/0x595 [ 2018.970710][T28455] ? do_raw_spin_unlock+0x57/0x270 [ 2018.975854][T28455] oom_kill_process.cold+0x10/0x15 [ 2018.980996][T28455] out_of_memory+0x79a/0x1280 [ 2018.985705][T28455] ? lock_downgrade+0x880/0x880 [ 2018.990570][T28455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2018.996844][T28455] ? oom_killer_disable+0x280/0x280 [ 2018.996860][T28455] ? find_held_lock+0x35/0x130 [ 2018.996887][T28455] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2018.996905][T28455] ? memcg_event_wake+0x230/0x230 [ 2019.006884][T28455] ? do_raw_spin_unlock+0x57/0x270 [ 2019.006901][T28455] ? _raw_spin_unlock+0x2d/0x50 [ 2019.006918][T28455] try_charge+0x102c/0x15c0 [ 2019.006930][T28455] ? find_held_lock+0x35/0x130 [ 2019.006954][T28455] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2019.006973][T28455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2019.006994][T28455] ? kasan_check_read+0x11/0x20 [ 2019.053456][T28455] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2019.059024][T28455] mem_cgroup_try_charge+0x24d/0x5e0 [ 2019.064345][T28455] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2019.069997][T28455] wp_page_copy+0x408/0x1740 [ 2019.074602][T28455] ? find_held_lock+0x35/0x130 [ 2019.079390][T28455] ? pmd_pfn+0x1d0/0x1d0 [ 2019.083648][T28455] ? lock_downgrade+0x880/0x880 [ 2019.088517][T28455] ? swp_swapcount+0x540/0x540 [ 2019.093298][T28455] ? kasan_check_read+0x11/0x20 [ 2019.098172][T28455] ? do_raw_spin_unlock+0x57/0x270 [ 2019.103301][T28455] do_wp_page+0x48e/0x1500 [ 2019.107748][T28455] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2019.113137][T28455] __handle_mm_fault+0x22e8/0x3ec0 [ 2019.118267][T28455] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2019.123820][T28455] ? find_held_lock+0x35/0x130 [ 2019.128615][T28455] ? handle_mm_fault+0x322/0xb30 [ 2019.133594][T28455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2019.139872][T28455] ? kasan_check_read+0x11/0x20 [ 2019.144767][T28455] handle_mm_fault+0x43f/0xb30 [ 2019.149565][T28455] __do_page_fault+0x5ef/0xda0 [ 2019.154378][T28455] do_page_fault+0x71/0x581 [ 2019.158909][T28455] page_fault+0x1e/0x30 [ 2019.163085][T28455] RIP: 0010:__put_user_4+0x1c/0x30 [ 2019.168213][T28455] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 2019.187842][T28455] RSP: 0018:ffff888037277f30 EFLAGS: 00010293 [ 2019.193927][T28455] RAX: 0000000000002351 RBX: 00007fffffffeffd RCX: 000000000263ec10 [ 2019.201919][T28455] RDX: dffffc0000000000 RSI: 1ffff11015359170 RDI: ffff8880a9ac88a8 [ 2019.209913][T28455] RBP: ffff888037277f48 R08: ffff8880a9ac8300 R09: 0000000000000001 [ 2019.217908][T28455] R10: ffffed1015d05bc7 R11: ffff8880ae82de3b R12: 0000000000000000 [ 2019.226005][T28455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2019.234032][T28455] ? schedule_tail+0xd8/0x130 [ 2019.238736][T28455] ret_from_fork+0x8/0x50 [ 2019.243080][T28455] RIP: 0033:0x45737a [ 2019.246994][T28455] Code: Bad RIP value. [ 2019.251071][T28455] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2019.259507][T28455] RAX: 0000000000000000 RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2019.267498][T28455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 05:05:48 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) pwrite64(r0, &(0x7f0000000480)="6f28ea8e62cf46099e95672594a434ab3f4f2b8a2ac576a3d92dc098edeb41f17327f5fc45af967396a3ca75c6c891dea2ee319afc38645ca64749b84d5dfd31f23799a7e228b431ea24d7cf1568a4b832e0903a8fd6811642db2379e0301ba9f51df3ef8945ff1511dc019978278dc8527861d4352924015f2251ed0723d5d285", 0x81, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:49 executing program 2: syz_execute_func(&(0x7f0000000500)="994a2ae92c02474c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efafe766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d8e0000000000fc4634148f70000c2a0c10b00cca27a0e0f0f9f3c6436b2aac4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79cac4e17de65b4b3131b83a00a2f1fbfb766208cf") [ 2019.275495][T28455] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2019.283488][T28455] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2019.291489][T28455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2019.307425][T28455] memory: usage 307172kB, limit 307200kB, failcnt 2807 [ 2019.319936][T28455] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2019.371591][T28455] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:49 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x5, 0x1, 0x0, 0xffffffffffff8001, 0x0, 0x5, 0x4020, 0x3, 0x9, 0x6, 0x2, 0x3, 0x8, 0x1, 0x5e, 0x7fffffff, 0x0, 0x28, 0x9, 0x6f, 0x8001, 0xffff, 0x2e89, 0x200, 0x5, 0x101, 0x7, 0x100000000, 0x3, 0xfffffffffffffff8, 0xb70, 0x1, 0xffffffffffffffe0, 0x1f, 0x9, 0x8000, 0x0, 0x1000, 0x5, @perf_bp={&(0x7f0000000200), 0x4}, 0x8840, 0xff, 0x8000, 0x7, 0xd49, 0x6, 0xb3}, 0x0, 0x9, 0xffffffffffffffff, 0xa) r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0xf2e, 0x400) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@generic={0x3, 0x4, 0xfea}) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) modify_ldt$write(0x1, &(0x7f0000000180)={0x10000, 0x52a61fbb0b73bb4a, 0x2000, 0xfffffffffffffffe, 0x80000000, 0x5, 0xa672, 0x2, 0x9, 0x9}, 0x10) r1 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f00000001c0)=0x1) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@initdev}}, &(0x7f00000003c0)=0xe8) bind$packet(r0, &(0x7f0000000400)={0x11, 0xf7, r2, 0x1, 0x1ff7, 0x6, @dev={[], 0x24}}, 0x14) keyctl$setperm(0x5, r1, 0x20001) [ 2019.407386][T28455] Memory cgroup stats for /syz5: cache:52KB rss:209896KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:210036KB inactive_file:0KB active_file:0KB unevictable:0KB 05:05:49 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="38f625bd704f279d8b00062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) syz_open_dev$midi(&(0x7f0000000600)='/dev/midi#\x00', 0x7, 0x40) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2019.547246][T28455] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11917,uid=0 [ 2019.581454][T28455] Memory cgroup out of memory: Killed process 11917 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2019.613113][ T1044] oom_reaper: reaped process 11917 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 05:05:49 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r0 = semget(0x2, 0x3, 0x0) semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x7}], 0x1, 0x0) [ 2019.663167][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 05:05:49 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x100000001, 0x544fff) fcntl$setpipe(r2, 0x407, 0x2) syz_genetlink_get_family_id$tipc2(&(0x7f0000000600)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ffe32542151aba98d4d57d063a0281f200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f00000008c0)=ANY=[@ANYBLOB="0b0000408d124f79a5f8d6f97d5abf14a7f1d4c8445d1de15b0df5c8362723241eb89a57d8c9bfd628871d17d29dee09df4ea99981721124c4d60b2d17be5df16e9b08382a0a7d996c82b44d402ff26e79b8e01d7079b27a9624d388ea99440814fd9d458e488ea0446e086f55daed026ea9c04552de4c679c51a44d31ba8800ba9f911157a4edeae71df085af7ae90bea6f7e37"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0xffffffffffffffd1) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2019.752237][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2019.760326][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2019.770411][ T7890] Call Trace: [ 2019.773733][ T7890] dump_stack+0x172/0x1f0 [ 2019.778090][ T7890] dump_header+0x10f/0xb6c [ 2019.782544][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2019.788401][ T7890] ? ___ratelimit+0x60/0x595 [ 2019.793003][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2019.798127][ T7890] oom_kill_process.cold+0x10/0x15 [ 2019.803263][ T7890] out_of_memory+0x79a/0x1280 [ 2019.803285][ T7890] ? oom_killer_disable+0x280/0x280 [ 2019.803298][ T7890] ? find_held_lock+0x35/0x130 [ 2019.803331][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2019.823515][ T7890] ? memcg_event_wake+0x230/0x230 [ 2019.828555][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2019.833692][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2019.838651][ T7890] try_charge+0xa87/0x15c0 [ 2019.843089][ T7890] ? find_held_lock+0x35/0x130 [ 2019.847882][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2019.853460][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2019.859745][ T7890] ? kasan_check_read+0x11/0x20 [ 2019.864622][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2019.870195][ T7890] mem_cgroup_try_charge+0x24d/0x5e0 [ 2019.875519][ T7890] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2019.881193][ T7890] wp_page_copy+0x408/0x1740 [ 2019.885807][ T7890] ? find_held_lock+0x35/0x130 [ 2019.890596][ T7890] ? pmd_pfn+0x1d0/0x1d0 [ 2019.894849][ T7890] ? lock_downgrade+0x880/0x880 [ 2019.899735][ T7890] ? swp_swapcount+0x540/0x540 [ 2019.904516][ T7890] ? kasan_check_read+0x11/0x20 [ 2019.909390][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2019.914521][ T7890] do_wp_page+0x48e/0x1500 [ 2019.918968][ T7890] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2019.924379][ T7890] __handle_mm_fault+0x22e8/0x3ec0 [ 2019.929511][ T7890] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2019.935081][ T7890] ? find_held_lock+0x35/0x130 [ 2019.939882][ T7890] ? handle_mm_fault+0x322/0xb30 [ 2019.944845][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2019.951101][ T7890] ? kasan_check_read+0x11/0x20 [ 2019.955966][ T7890] handle_mm_fault+0x43f/0xb30 [ 2019.960748][ T7890] __do_page_fault+0x5ef/0xda0 [ 2019.965533][ T7890] do_page_fault+0x71/0x581 [ 2019.970042][ T7890] ? page_fault+0x8/0x30 [ 2019.974304][ T7890] page_fault+0x1e/0x30 [ 2019.978481][ T7890] RIP: 0033:0x45749e [ 2019.982386][ T7890] Code: 5c 41 5d 41 5e 5d c3 48 c7 c2 d4 ff ff ff f7 d8 41 bd ff ff ff ff 64 89 02 64 8b 04 25 d0 02 00 00 41 39 c4 0f 85 2f 01 00 00 <64> 44 89 04 25 d4 02 00 00 45 85 f6 0f 85 7f 00 00 00 48 85 db 74 [ 2020.002012][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00010246 [ 2020.008091][ T7890] RAX: 0000000000000001 RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2020.016074][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2020.024061][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2020.032047][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2020.040031][ T7890] R13: 0000000000002351 R14: 0000000000000000 R15: 0000000000a4fdc0 05:05:50 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') ioctl$CAPI_GET_FLAGS(r2, 0x80044323, &(0x7f0000000600)) sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB="6883f500", @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f696200"/98], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2020.074473][ T7890] memory: usage 305060kB, limit 307200kB, failcnt 2808 [ 2020.090492][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2020.099207][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:50 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2020.113332][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:207820KB rss_huge:159744KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:207964KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2020.214911][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16528,uid=0 [ 2020.232196][ T7890] Memory cgroup out of memory: Killed process 16528 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 05:05:50 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00c070000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2020.256098][ T1044] oom_reaper: reaped process 16528 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 05:05:50 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b00008d12"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2020.288940][T28458] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:05:50 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xd, 0x400, 0x0, {0x0, 0x0, 0x9, 0xfffffffffffc}}, 0xfffffffffffffe6e) [ 2020.377873][T28458] CPU: 0 PID: 28458 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2020.386014][T28458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2020.396117][T28458] Call Trace: [ 2020.399442][T28458] dump_stack+0x172/0x1f0 [ 2020.403810][T28458] dump_header+0x10f/0xb6c [ 2020.408261][T28458] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2020.414137][T28458] ? ___ratelimit+0x60/0x595 [ 2020.418761][T28458] ? do_raw_spin_unlock+0x57/0x270 [ 2020.423920][T28458] oom_kill_process.cold+0x10/0x15 [ 2020.429074][T28458] out_of_memory+0x79a/0x1280 [ 2020.433868][T28458] ? oom_killer_disable+0x280/0x280 [ 2020.439093][T28458] ? find_held_lock+0x35/0x130 [ 2020.443890][T28458] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2020.449451][T28458] ? memcg_event_wake+0x230/0x230 [ 2020.449483][T28458] ? do_raw_spin_unlock+0x57/0x270 [ 2020.459644][T28458] ? _raw_spin_unlock+0x2d/0x50 [ 2020.459671][T28458] try_charge+0x102c/0x15c0 [ 2020.459685][T28458] ? find_held_lock+0x35/0x130 [ 2020.459716][T28458] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2020.479386][T28458] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2020.484954][T28458] ? find_held_lock+0x35/0x130 [ 2020.489728][T28458] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2020.495323][T28458] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2020.500910][T28458] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2020.506239][T28458] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2020.511825][T28458] __memcg_kmem_charge+0x136/0x300 [ 2020.516978][T28458] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2020.522379][T28458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2020.528705][T28458] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2020.534457][T28458] ? copy_process.part.0+0x1d08/0x7980 [ 2020.539945][T28458] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2020.545257][T28458] ? trace_hardirqs_on+0x67/0x230 [ 2020.550330][T28458] copy_process.part.0+0x3e0/0x7980 [ 2020.555565][T28458] ? psi_memstall_leave+0x11c/0x180 [ 2020.560794][T28458] ? sched_clock+0x2e/0x50 [ 2020.565248][T28458] ? psi_memstall_leave+0x12e/0x180 [ 2020.570462][T28458] ? find_held_lock+0x35/0x130 [ 2020.575241][T28458] ? psi_memstall_leave+0x12e/0x180 [ 2020.580482][T28458] ? __cleanup_sighand+0x60/0x60 [ 2020.585445][T28458] ? __lock_acquire+0x548/0x3fb0 [ 2020.590394][T28458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2020.596652][T28458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2020.602930][T28458] ? debug_smp_processor_id+0x3c/0x280 [ 2020.608430][T28458] _do_fork+0x257/0xfd0 [ 2020.612617][T28458] ? fork_idle+0x1d0/0x1d0 [ 2020.617059][T28458] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2020.623152][T28458] ? lock_downgrade+0x880/0x880 [ 2020.628026][T28458] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2020.634320][T28458] ? blkcg_exit_queue+0x30/0x30 [ 2020.639471][T28458] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2020.644956][T28458] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2020.650441][T28458] ? do_syscall_64+0x26/0x610 [ 2020.655135][T28458] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2020.661219][T28458] ? do_syscall_64+0x26/0x610 [ 2020.666013][T28458] __x64_sys_clone+0xbf/0x150 [ 2020.670708][T28458] do_syscall_64+0x103/0x610 [ 2020.675340][T28458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2020.681254][T28458] RIP: 0033:0x45b779 [ 2020.685165][T28458] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2020.704784][T28458] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2020.713232][T28458] RAX: ffffffffffffffda RBX: 00007f71d9337700 RCX: 000000000045b779 [ 2020.726004][T28458] RDX: 00007f71d93379d0 RSI: 00007f71d9336db0 RDI: 00000000003d0f00 [ 2020.734006][T28458] RBP: 0000000000a4fcb0 R08: 00007f71d9337700 R09: 00007f71d9337700 [ 2020.742032][T28458] R10: 00007f71d93379d0 R11: 0000000000000202 R12: 0000000000000000 [ 2020.750033][T28458] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac [ 2020.759656][T28458] memory: usage 307172kB, limit 307200kB, failcnt 9119 [ 2020.781703][T28458] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2020.793752][T28458] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2020.843163][T28458] Memory cgroup stats for /syz1: cache:108KB rss:134624KB rss_huge:71680KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:128592KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2020.879067][T28458] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=10763,uid=0 [ 2020.929251][T28458] Memory cgroup out of memory: Killed process 10763 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 2020.958938][ T1044] oom_reaper: reaped process 10763 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:05:51 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a080000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:51 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000500)='/dev/full\x00', 0x800, 0x0) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r2, 0xc0105303, &(0x7f0000000540)={0xffff, 0x15, 0x6}) ioctl$KVM_S390_UCAS_MAP(r0, 0x4018ae50, &(0x7f00000003c0)={0x0, 0x0, 0x10000}) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r1, 0x0, 0x0) openat$cgroup_subtree(r0, &(0x7f00000004c0)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) getsockopt$inet6_mreq(r4, 0x29, 0x0, &(0x7f0000000400)={@initdev}, &(0x7f0000000480)=0x14) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:51 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r0 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80800) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f00000000c0)=0x5, 0x8) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x400040, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f00000001c0)={{0x5, 0x4, 0x8001, 0x7, 'syz1\x00', 0x1ff}, 0x1, [0x4, 0x0, 0x7f, 0x8, 0xcc, 0x8, 0x101, 0x9, 0x0, 0x1, 0x5, 0x2, 0x8, 0x335a7f28, 0x9116, 0x4, 0x21, 0x0, 0x2, 0x8, 0x8001, 0x1000, 0x0, 0x1351, 0x1f, 0x1f, 0x7fff, 0x7ff, 0x4, 0xa0bb, 0xa0, 0xb8c, 0x80000001, 0x8, 0x7, 0x0, 0x3, 0x8001, 0x100000001, 0xfffffffffffffff7, 0x1ff, 0x3f, 0x40, 0x3f, 0x0, 0x5, 0xd3, 0x1, 0x4, 0x3, 0xffffffffffff7fff, 0x7f, 0x2, 0x6, 0x10001, 0x10100000000000, 0x4, 0x9, 0x8b95, 0x3, 0x3, 0x7, 0x6d, 0x100000000, 0x7, 0x1, 0x100000000, 0xfffffffffffffffc, 0x100, 0x100, 0xffff, 0x4, 0x1f, 0x20, 0xfffffffffffffffc, 0x2, 0x5, 0x4, 0x5, 0x100000000, 0xfff000000000000, 0x816, 0x9, 0x200, 0x401, 0x5dcf834e, 0x7f, 0x1, 0x7, 0x94d7, 0x3ff, 0x6, 0x1, 0x1, 0x1, 0xf4, 0x10db, 0x5cb752a4, 0x9, 0x1c21, 0x0, 0xd4, 0xe315, 0x1c13, 0x6, 0x1, 0xffffffffffffffe1, 0x5, 0xffffffffffffffd5, 0x6f3, 0xffffffffffffffff, 0x1, 0xfffffffffffffffd, 0x2, 0x2, 0x100000000, 0x6, 0x9, 0xec9, 0x55, 0xe4, 0x9, 0x9, 0xffffffff80000001, 0x10000, 0x690, 0x10001, 0x7], {0x0, 0x1c9c380}}) 05:05:51 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f0000000980), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) statfs(&(0x7f0000000600)='./file0\x00', &(0x7f00000008c0)=""/159) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:51 executing program 2: syz_execute_func(&(0x7f0000000c80)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d8000041d108000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcd64460f6e80b78d0000660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1aeae766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x1, {0x0, 0x0, 0x6}}, 0x20) r0 = syz_open_dev$vbi(&(0x7f00000002c0)='/dev/vbi#\x00', 0x1, 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000240)={0x29, 0x4, 0x0, {0x6, 0x6, 0x1, 0x0, [0x0]}}, 0x29) r1 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x3}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={r2, @in6={{0xa, 0x4e24, 0x0, @remote, 0x4}}, 0xfffffffffffffffd, 0x7fffffff, 0x14bced8, 0x6, 0x4}, &(0x7f00000001c0)=0x98) 05:05:51 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db005071000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2021.241511][T29164] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2021.256291][T29164] CPU: 0 PID: 29164 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2021.264421][T29164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2021.274505][T29164] Call Trace: [ 2021.277835][T29164] dump_stack+0x172/0x1f0 [ 2021.282217][T29164] dump_header+0x10f/0xb6c [ 2021.286673][T29164] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2021.292526][T29164] ? ___ratelimit+0x60/0x595 [ 2021.297162][T29164] ? do_raw_spin_unlock+0x57/0x270 [ 2021.302322][T29164] oom_kill_process.cold+0x10/0x15 [ 2021.307481][T29164] out_of_memory+0x79a/0x1280 [ 2021.312202][T29164] ? lock_downgrade+0x880/0x880 [ 2021.317090][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2021.323430][T29164] ? oom_killer_disable+0x280/0x280 [ 2021.328672][T29164] ? find_held_lock+0x35/0x130 [ 2021.333477][T29164] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2021.339059][T29164] ? memcg_event_wake+0x230/0x230 [ 2021.344126][T29164] ? do_raw_spin_unlock+0x57/0x270 [ 2021.349275][T29164] ? _raw_spin_unlock+0x2d/0x50 [ 2021.354176][T29164] try_charge+0x102c/0x15c0 [ 2021.358717][T29164] ? find_held_lock+0x35/0x130 [ 2021.363517][T29164] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2021.369093][T29164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2021.374665][T29164] ? find_held_lock+0x35/0x130 [ 2021.379467][T29164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2021.385057][T29164] __memcg_kmem_charge_memcg+0x7c/0x130 05:05:51 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r3 = dup3(r2, r2, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) r7 = syz_genetlink_get_family_id$net_dm(&(0x7f00000008c0)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000980)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x14, r7, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4040090}, 0x20000000) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r4, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 2021.390634][T29164] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2021.395864][T29164] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2021.401439][T29164] __memcg_kmem_charge+0x136/0x300 [ 2021.406587][T29164] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2021.411991][T29164] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2021.417734][T29164] ? save_stack+0x45/0xd0 [ 2021.422093][T29164] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2021.427929][T29164] ? __lock_acquire+0x548/0x3fb0 [ 2021.432889][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2021.439164][T29164] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2021.445435][T29164] alloc_pages_current+0x107/0x210 [ 2021.445456][T29164] pte_alloc_one+0x1b/0x1a0 [ 2021.445478][T29164] __pte_alloc+0x20/0x310 [ 2021.445497][T29164] copy_page_range+0x1529/0x1f90 [ 2021.445531][T29164] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2021.445557][T29164] ? pmd_alloc+0x180/0x180 [ 2021.445575][T29164] ? validate_mm_rb+0xa3/0xc0 [ 2021.445594][T29164] ? __vma_link_rb+0x279/0x370 [ 2021.455229][T29164] copy_process.part.0+0x568b/0x7980 [ 2021.455272][T29164] ? __cleanup_sighand+0x60/0x60 [ 2021.455289][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2021.455306][T29164] ? getname_flags+0x300/0x5b0 [ 2021.455330][T29164] ? getname_flags+0x300/0x5b0 [ 2021.455348][T29164] ? getname_flags+0x300/0x5b0 [ 2021.455366][T29164] ? rcu_read_lock_sched_held+0x110/0x130 [ 2021.455382][T29164] ? kmem_cache_free+0x225/0x260 [ 2021.455402][T29164] _do_fork+0x257/0xfd0 [ 2021.455423][T29164] ? fork_idle+0x1d0/0x1d0 [ 2021.534292][T29164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2021.540594][T29164] ? path_listxattr+0xe8/0x160 [ 2021.545397][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2021.551702][T29164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2021.557200][T29164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2021.562704][T29164] ? do_syscall_64+0x26/0x610 [ 2021.567424][T29164] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2021.573540][T29164] ? do_syscall_64+0x26/0x610 [ 2021.578259][T29164] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2021.583590][T29164] __ia32_sys_fork+0x1f/0x30 [ 2021.588220][T29164] do_syscall_64+0x103/0x610 [ 2021.593028][T29164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2021.598949][T29164] RIP: 0033:0x20000c8a [ 2021.603052][T29164] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 4a 2a e9 2c 02 b6 4c 0f 05 0a 00 00 00 c4 a3 7b f0 c5 e0 41 e2 e9 c4 22 e9 aa bb 3c 00 00 [ 2021.622707][T29164] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2021.631146][T29164] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000c8a [ 2021.639966][T29164] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2021.647973][T29164] RBP: 00000000000000b2 R08: 0000000000000005 R09: 0000000000000006 [ 2021.655967][T29164] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2021.663965][T29164] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:05:51 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0a0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2021.692959][T29164] memory: usage 307200kB, limit 307200kB, failcnt 12389 [ 2021.701340][T29164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2021.728714][T29164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2021.764503][T29164] Memory cgroup stats for /syz2: cache:48KB rss:91460KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91468KB inactive_file:0KB active_file:0KB unevictable:4KB 05:05:51 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000074000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:51 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000600)={0xffffffffffffffff, 0x1, 0x1f, 0x0, 0x5}) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r4, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) [ 2021.901922][T29164] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27332,uid=0 05:05:51 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0b0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:51 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000080000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2021.981634][T29164] Memory cgroup out of memory: Killed process 27332 (syz-executor.2) total-vm:72712kB, anon-rss:2220kB, file-rss:35792kB, shmem-rss:0kB 05:05:52 executing program 4: semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000440)='./file0\x00', 0x2, 0x48) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0xffffffffffffffe1) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000400)='/proc/self\x00', 0x101, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000580)='/proc/self/net/pfkey\x00', 0x400000000200000, 0x0) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f00000003c0)=0x100000001) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000480)=0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000004c0)={[], 0x10001, 0x9, 0x9fb, 0x2, 0x7, r2}) setsockopt$inet_dccp_int(r0, 0x21, 0xf, &(0x7f0000000000)=0x100000000, 0x4) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000680)={0x18, 0x1, 0x0, {0x6c13}}, 0x18) ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc0186419, &(0x7f0000000380)={0x9f, &(0x7f00000000c0)=""/176, &(0x7f00000002c0)=[{0x7ff, 0x324, 0x3, &(0x7f0000000040)=""/12}, {0x2, 0xa0, 0x727c, &(0x7f0000000180)=""/160}, {0x0, 0x49, 0x5, &(0x7f0000000240)=""/73}]}) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f00000005c0)) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f0000000600)={{0x2, 0x0, 0x37, 0x0, 0x7}, 0x9, 0x0, 0x3}) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000540)=0xed, 0x4) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000340)) [ 2022.043699][ T1044] oom_reaper: reaped process 27332 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 05:05:52 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x14, &(0x7f00000003c0)={@local, 0x0}, &(0x7f0000000400)=0x14) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000600)={@dev={0xfe, 0x80, [], 0xb}, @remote, @mcast1, 0x100, 0x0, 0x3, 0x100, 0xfffffffffffffffc, 0x40000, r1}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0xffffffffffffff8c, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r2, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000480)={0x6, @sdr={0x35324d5f, 0x5}}) 05:05:52 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f0000000940)='/dev/loop#\x00', 0x8000000100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="000000001530cb28e8cab170029c0000"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b001cc62356af417f39e30143ab0af3be20f6775245d0581a785457c96a5ec222bbdb5bb9ce7dca9e9089573b00e800005ad50c7b36ce4d14da59f19833c1335e2114f73f68e9ad663d00"/89], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000008c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="f0feffff", @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f62726f6164636173742d6c696e6bec230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b56bb76d00000000"], 0x68}, 0x1, 0x0, 0x0, 0x20000002}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) 05:05:52 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0c0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2022.265273][T29164] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2022.360003][T29164] CPU: 0 PID: 29164 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2022.368155][T29164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2022.378233][T29164] Call Trace: [ 2022.381565][T29164] dump_stack+0x172/0x1f0 [ 2022.385930][T29164] dump_header+0x10f/0xb6c [ 2022.390374][T29164] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2022.396206][T29164] ? ___ratelimit+0x60/0x595 [ 2022.400808][T29164] ? do_raw_spin_unlock+0x57/0x270 [ 2022.405944][T29164] oom_kill_process.cold+0x10/0x15 [ 2022.411080][T29164] out_of_memory+0x79a/0x1280 [ 2022.415785][T29164] ? lock_downgrade+0x880/0x880 [ 2022.420830][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2022.427138][T29164] ? oom_killer_disable+0x280/0x280 [ 2022.432378][T29164] ? find_held_lock+0x35/0x130 [ 2022.437178][T29164] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2022.442831][T29164] ? memcg_event_wake+0x230/0x230 [ 2022.447921][T29164] ? do_raw_spin_unlock+0x57/0x270 [ 2022.453061][T29164] ? _raw_spin_unlock+0x2d/0x50 [ 2022.457933][T29164] try_charge+0x102c/0x15c0 [ 2022.462451][T29164] ? find_held_lock+0x35/0x130 [ 2022.467345][T29164] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2022.472918][T29164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2022.478491][T29164] ? find_held_lock+0x35/0x130 [ 2022.483279][T29164] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2022.488860][T29164] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2022.494465][T29164] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2022.499712][T29164] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2022.505302][T29164] __memcg_kmem_charge+0x136/0x300 [ 2022.510451][T29164] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2022.515839][T29164] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2022.521584][T29164] ? copy_page_range+0x125a/0x1f90 [ 2022.521604][T29164] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2022.521621][T29164] alloc_pages_current+0x107/0x210 [ 2022.521644][T29164] pte_alloc_one+0x1b/0x1a0 [ 2022.521664][T29164] __pte_alloc+0x20/0x310 [ 2022.533014][T29164] copy_page_range+0x1529/0x1f90 [ 2022.551973][T29164] ? find_held_lock+0x35/0x130 [ 2022.556763][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2022.563047][T29164] ? pmd_alloc+0x180/0x180 [ 2022.567478][T29164] ? vma_compute_subtree_gap+0x158/0x230 [ 2022.573138][T29164] ? validate_mm_rb+0xa3/0xc0 [ 2022.577838][T29164] ? __vma_link_rb+0x279/0x370 [ 2022.582608][T29164] copy_process.part.0+0x568b/0x7980 [ 2022.587906][T29164] ? __cleanup_sighand+0x60/0x60 [ 2022.597258][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2022.603631][T29164] ? getname_flags+0x300/0x5b0 [ 2022.608514][T29164] ? getname_flags+0x300/0x5b0 [ 2022.613296][T29164] ? getname_flags+0x300/0x5b0 [ 2022.618131][T29164] ? rcu_read_lock_sched_held+0x110/0x130 [ 2022.623870][T29164] ? kmem_cache_free+0x225/0x260 [ 2022.628821][T29164] _do_fork+0x257/0xfd0 [ 2022.632996][T29164] ? fork_idle+0x1d0/0x1d0 [ 2022.637442][T29164] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2022.643778][T29164] ? path_listxattr+0xe8/0x160 [ 2022.648561][T29164] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2022.654834][T29164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2022.660354][T29164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2022.665838][T29164] ? do_syscall_64+0x26/0x610 [ 2022.670529][T29164] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2022.676617][T29164] ? do_syscall_64+0x26/0x610 [ 2022.681322][T29164] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2022.686639][T29164] __ia32_sys_fork+0x1f/0x30 [ 2022.691269][T29164] do_syscall_64+0x103/0x610 [ 2022.695905][T29164] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2022.701800][T29164] RIP: 0033:0x20000c8a [ 2022.705869][T29164] Code: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 4a 2a e9 2c 02 b6 4c 0f 05 0a 00 00 00 c4 a3 7b f0 c5 e0 41 e2 e9 c4 22 e9 aa bb 3c 00 00 [ 2022.725840][T29164] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2022.734280][T29164] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000020000c8a [ 2022.742300][T29164] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2022.750297][T29164] RBP: 00000000000000b2 R08: 0000000000000005 R09: 0000000000000006 [ 2022.758282][T29164] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2022.767373][T29164] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2022.783668][T29164] memory: usage 307036kB, limit 307200kB, failcnt 12413 [ 2022.792057][T29164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2022.801303][T29164] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2022.809298][T29164] Memory cgroup stats for /syz2: cache:48KB rss:91460KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91400KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2022.832763][T29164] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=27601,uid=0 [ 2022.849541][T29164] Memory cgroup out of memory: Killed process 27601 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 2022.869006][ T1044] oom_reaper: reaped process 27601 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2022.883634][T29569] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2022.895325][T29569] CPU: 0 PID: 29569 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2022.903422][T29569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2022.913487][T29569] Call Trace: [ 2022.913519][T29569] dump_stack+0x172/0x1f0 [ 2022.913545][T29569] dump_header+0x10f/0xb6c [ 2022.921152][T29569] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2022.921170][T29569] ? ___ratelimit+0x60/0x595 [ 2022.921186][T29569] ? do_raw_spin_unlock+0x57/0x270 [ 2022.921211][T29569] oom_kill_process.cold+0x10/0x15 [ 2022.946261][T29569] out_of_memory+0x79a/0x1280 [ 2022.950973][T29569] ? oom_killer_disable+0x280/0x280 [ 2022.956196][T29569] ? find_held_lock+0x35/0x130 [ 2022.960988][T29569] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2022.966565][T29569] ? memcg_event_wake+0x230/0x230 [ 2022.971638][T29569] ? do_raw_spin_unlock+0x57/0x270 [ 2022.976791][T29569] ? _raw_spin_unlock+0x2d/0x50 [ 2022.981674][T29569] try_charge+0x102c/0x15c0 [ 2022.986193][T29569] ? find_held_lock+0x35/0x130 [ 2022.990993][T29569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2022.996572][T29569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2023.002832][T29569] ? kasan_check_read+0x11/0x20 05:05:52 executing program 2: getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000140)={'filter\x00'}, &(0x7f00000001c0)=0x44) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000200)) r0 = syz_open_dev$media(&(0x7f0000005180)='/dev/media#\x00', 0x100000000, 0x40) getsockopt$inet6_buf(r0, 0x29, 0x2f, &(0x7f00000051c0)=""/72, &(0x7f0000005240)=0x48) 05:05:52 executing program 4: semtimedop(0x0, &(0x7f0000000040)=[{0xfffffffffffffffe, 0xfffffffffffffffc}, {0x2, 0x800000003}], 0x0, 0x0) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r0 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000140), 0x4) r1 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) getgroups(0x1, &(0x7f0000000100)=[0x0]) ioctl$TUNSETGROUP(r1, 0x400454ce, r2) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000440)={&(0x7f0000000000), 0xc, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="f4020000", @ANYRES16=r3, @ANYBLOB="100e26bd7000ffdbdf2514000000f4000100100001007564703a73797a3000000000180001006574683a76657468305f746f5f626f6e6400000034000200080004000018000008000300a34d3729080002000000000008000300ee00000008000300003000000800010020000000100001007564703a73797a300000000014000200080002007c1fb3bb9d674839d06815000000080001000500000008000300080000003c000200080001001a000000080001000a00000008000300ffffff7f08000200090000000800040006000000080002000100000008000200010100002c000200080002000600000008000400020000000800010011000000080003000400000008000200018000008400010038000400200001000a004e2200000c94fe80000000000000000000000000000e00000000341a76363f1d4109ac1414aa00000000000000001c0002000800040000040000080002000200000008000300ff7fffff08000300f9ffffff24000200080002000400000008000200060000000800010005000000080004000000000094000100540002000800030000000000080001001d00000008006e0002000000080001001d000000080002000300000008000200010000000800020001000000080003000000000008000400800000000800020009000000100001007564703a73797a32000000001c000200080001001300000008000300b1180000080003001f000000100001007564703a73797a30000000002800060004000200040002000800010025000000040002000400020008000100070000000400020004000600a80001001400020008000200ff070000080004000900000014000200080001001000000008000200000001000c00020008000200ac0700002c0002000800040009000000080003000100000008000200800000000800010019000000080004000800000008000300040000003c00020008000400f30c000008000200000100000800020001000000080001000e0000000800030008000000080002000700000008000300050000007164af0f9bd5e151c7dc9c444888606f20fe612d498b0bad04462beaae7301a2ecfcdf3ad37d1d438c73b9e3543ce9f106eb714747651c9808ef0faf13acfdbddc3049cfe3c0a22fea7514f96758ad8317979b3e14c58137242b14650858288965df5eab8d546318badde57f62560877555102af0a069f85e32aae334b05fe5a5e8e910242ac4a30ecfabcedf51d19393307c0682c682011ed68b5f98224a24ecf7d3d3d3173454625190e67bc098e5f7099568ebc113387257f246360ff8c682e3adc83c4d1ef"], 0x2f4}, 0x1, 0x0, 0x0, 0x8000}, 0x20000000) 05:05:52 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x20004e20, 0x9, @mcast2, 0x2}, 0x1c) r1 = dup3(r0, r0, 0x80000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") r3 = socket$inet6(0xa, 0x80001, 0x0) getsockopt$inet6_buf(r3, 0x6, 0x3, &(0x7f0000c86000), &(0x7f0000000000)=0xfffffd62) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000800)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ffe3b15b9fe1d662372bb8f0b279ff264acddae287e980e2c425fd"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000600)={0x7, 'syz1\x00'}) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) 05:05:52 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) ioctl$KIOCSOUND(r0, 0x4b2f, 0x133800000) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000440)='/dev/vsock\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0xffffffffffff8001, 0x0, 0x0, 0x0, 0x7f, 0x2, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x9e, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000680)="36bff01b4b6d921dfd4dfaad6cbf4cd0c68f14b13af97c20a95c39cf5636eaa7b794a2b980a5e69f596195cf807aa9fd097d6602e561ecdf88ede13f03b8a79e5fbe7f3fcbde87c90a3a79507c141fa49110cec3957c3ca52e636274bba83118be380000", 0x64) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) clock_gettime(0x0, &(0x7f00000003c0)) clock_gettime(0x1, &(0x7f0000000540)={0x0, 0x0}) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000600)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000740)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x4002004}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x18, r5, 0x304, 0x70bd26, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x801}, 0x4001) r6 = semget(0x0, 0x5, 0x10) semtimedop(r6, &(0x7f0000000380)=[{0x3, 0x60, 0x1800}], 0x1, &(0x7f0000000400)) arch_prctl$ARCH_SET_CPUID(0x1012, 0x1) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f00000004c0)={@empty, 0x5f, r2}) setitimer(0xfffffffffffffffe, &(0x7f0000000480)={{0x0, 0x2710}, {r3, r4/1000+30000}}, &(0x7f0000000500)) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f0000000780)={0x0, "03327414d7133ee275e24024f33867dc93cf2ba8a63f2296d21c4f268512bc52", 0x2, 0xe9c508dd0801d5f9}) r7 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r7, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:52 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0d0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2023.007735][T29569] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2023.013369][T29569] mem_cgroup_try_charge+0x24d/0x5e0 [ 2023.018707][T29569] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2023.024393][T29569] wp_page_copy+0x408/0x1740 [ 2023.029023][T29569] ? find_held_lock+0x35/0x130 [ 2023.033837][T29569] ? pmd_pfn+0x1d0/0x1d0 [ 2023.038122][T29569] ? lock_downgrade+0x880/0x880 [ 2023.043005][T29569] ? swp_swapcount+0x540/0x540 [ 2023.047813][T29569] ? kasan_check_read+0x11/0x20 [ 2023.052711][T29569] ? do_raw_spin_unlock+0x57/0x270 [ 2023.057859][T29569] do_wp_page+0x48e/0x1500 [ 2023.057889][T29569] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2023.057914][T29569] __handle_mm_fault+0x22e8/0x3ec0 [ 2023.067795][T29569] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2023.067811][T29569] ? find_held_lock+0x35/0x130 [ 2023.067825][T29569] ? handle_mm_fault+0x322/0xb30 [ 2023.067847][T29569] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2023.067864][T29569] ? kasan_check_read+0x11/0x20 [ 2023.067881][T29569] handle_mm_fault+0x43f/0xb30 [ 2023.067898][T29569] __do_page_fault+0x5ef/0xda0 [ 2023.067919][T29569] do_page_fault+0x71/0x581 [ 2023.067939][T29569] page_fault+0x1e/0x30 [ 2023.067954][T29569] RIP: 0010:__clear_user+0x3e/0x70 [ 2023.067969][T29569] Code: 00 00 00 48 c7 c7 00 24 1a 88 e8 dd f8 8b fa 0f 1f 00 48 89 d8 48 89 da 4c 89 e7 48 c1 e8 03 83 e2 07 48 89 c1 48 85 c9 74 0f <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 d1 85 c9 74 0a [ 2023.067990][T29569] RSP: 0000:ffff88804829fc40 EFLAGS: 00010202 [ 2023.148452][T29569] RAX: 0000000000000008 RBX: 0000000000000040 RCX: 0000000000000008 [ 2023.156447][T29569] RDX: 0000000000000000 RSI: ffffffff819acec3 RDI: 00007fec78bdfa00 [ 2023.164431][T29569] RBP: ffff88804829fc50 R08: ffff8880440006c0 R09: 0000000000000001 [ 2023.172419][T29569] R10: ffff888044000f40 R11: ffff8880440006c0 R12: 00007fec78bdfa00 [ 2023.180409][T29569] R13: 00007fec78bdf800 R14: ffff8880440006c0 R15: 00007ffffffff000 [ 2023.188432][T29569] ? __might_fault+0x1a3/0x1e0 [ 2023.193226][T29569] copy_fpstate_to_sigframe+0x28b/0x560 [ 2023.198795][T29569] get_sigframe.isra.0.constprop.0+0x4c8/0x8c0 [ 2023.204960][T29569] ? get_signal+0x177e/0x1d50 [ 2023.209649][T29569] ? restore_sigcontext+0x790/0x790 [ 2023.214871][T29569] do_signal+0xb4e/0x1940 [ 2023.219221][T29569] ? setup_sigcontext+0x7d0/0x7d0 [ 2023.224258][T29569] ? __bad_area_nosemaphore+0xb3/0x420 [ 2023.229747][T29569] ? exit_to_usermode_loop+0x43/0x2c0 [ 2023.235138][T29569] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2023.240432][T29569] ? trace_hardirqs_on+0x67/0x230 [ 2023.245475][T29569] exit_to_usermode_loop+0x244/0x2c0 [ 2023.250773][T29569] prepare_exit_to_usermode+0x279/0x2e0 [ 2023.256349][T29569] ? page_fault+0x8/0x30 [ 2023.260605][T29569] retint_user+0x8/0x18 [ 2023.264769][T29569] RIP: 0033:0x2000000a [ 2023.268852][T29569] Code: Bad RIP value. [ 2023.272918][T29569] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00010206 [ 2023.278995][T29569] RAX: 0000000000002361 RBX: 0000000000000009 RCX: 000000002000000a [ 2023.286983][T29569] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2023.294970][T29569] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2023.302969][T29569] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2023.310965][T29569] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2023.338113][T29569] memory: usage 307200kB, limit 307200kB, failcnt 2858 [ 2023.364139][T29569] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:53 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f00000004c0)=""/28) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) r2 = getpgrp(0x0) ptrace$setregset(0x4205, r2, 0x201, &(0x7f0000000480)={&(0x7f00000003c0)="79125002ef440349ce842bd66ec5177ea379bd16a70a0e679e19c4bd4e328e362eb50347a29b11b8c4a25e93a13c4ab5a9043c69e42af948504acbef3d911ef95ed30c2d795f258790448517207f2b4fa5220f56bbbb08", 0x57}) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2023.396725][T29569] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2023.416948][T29569] Memory cgroup stats for /syz5: cache:52KB rss:209880KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:209972KB inactive_file:0KB active_file:0KB unevictable:0KB 05:05:53 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) syz_execute_func(&(0x7f0000000500)="994a2ae92c0c964c0f05bf03000000c4a37bf0c5fec48229ddb4219953d9b9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa10c42255030b2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b0aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f28346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb7662") r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x1f, 0x4000) getsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f0000000640)=""/240, &(0x7f0000000100)=0xf0) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x40000) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r3 = semget(0x2, 0x0, 0x11) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x80000, 0x0) ioctl$NBD_DISCONNECT(r4, 0xab08) semctl$GETNCNT(r3, 0x2, 0xe, &(0x7f00000001c0)=""/72) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, 0x0, 0x1f, 0x0, "8cfd17683eaf86caa36a56085a0e7148d422d0640e3963d1486416f1f01f50592a57034a447368bfbb99a752f5ba76006d52250bc1b8f0d67ae5f887887601f072bf19cf2919390ff98b54962a74c39c"}, 0xd8) socket$can_raw(0x1d, 0x3, 0x1) [ 2023.439522][T29569] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29448,uid=0 [ 2023.469611][T29569] Memory cgroup out of memory: Killed process 29448 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB [ 2023.543173][T29500] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2023.577358][T29500] CPU: 0 PID: 29500 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2023.585479][T29500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2023.595549][T29500] Call Trace: [ 2023.598864][T29500] dump_stack+0x172/0x1f0 [ 2023.603214][T29500] dump_header+0x10f/0xb6c [ 2023.607657][T29500] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2023.613484][T29500] ? ___ratelimit+0x60/0x595 [ 2023.618097][T29500] ? do_raw_spin_unlock+0x57/0x270 [ 2023.623232][T29500] oom_kill_process.cold+0x10/0x15 [ 2023.628383][T29500] out_of_memory+0x79a/0x1280 [ 2023.632719][T29855] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 2023.632719][T29855] The task syz-executor.4 (29855) triggered the difference, watch for misbehavior. [ 2023.633086][T29500] ? oom_killer_disable+0x280/0x280 [ 2023.633100][T29500] ? find_held_lock+0x35/0x130 [ 2023.633128][T29500] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2023.633148][T29500] ? memcg_event_wake+0x230/0x230 [ 2023.633170][T29500] ? do_raw_spin_unlock+0x57/0x270 [ 2023.633187][T29500] ? _raw_spin_unlock+0x2d/0x50 [ 2023.633211][T29500] try_charge+0xa87/0x15c0 [ 2023.687541][T29500] ? find_held_lock+0x35/0x130 [ 2023.692368][T29500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2023.697951][T29500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2023.704222][T29500] ? kasan_check_read+0x11/0x20 [ 2023.709097][T29500] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2023.714664][T29500] mem_cgroup_try_charge+0x24d/0x5e0 [ 2023.719978][T29500] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2023.725654][T29500] wp_page_copy+0x408/0x1740 [ 2023.730397][T29500] ? find_held_lock+0x35/0x130 [ 2023.735222][T29500] ? pmd_pfn+0x1d0/0x1d0 [ 2023.739517][T29500] ? lock_downgrade+0x880/0x880 [ 2023.744405][T29500] ? swp_swapcount+0x540/0x540 [ 2023.749220][T29500] ? kasan_check_read+0x11/0x20 [ 2023.754112][T29500] ? do_raw_spin_unlock+0x57/0x270 [ 2023.759302][T29500] do_wp_page+0x48e/0x1500 [ 2023.763786][T29500] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2023.769220][T29500] __handle_mm_fault+0x22e8/0x3ec0 [ 2023.774400][T29500] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2023.779987][T29500] ? find_held_lock+0x35/0x130 [ 2023.784798][T29500] ? handle_mm_fault+0x322/0xb30 [ 2023.789780][T29500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2023.796061][T29500] ? kasan_check_read+0x11/0x20 [ 2023.800944][T29500] handle_mm_fault+0x43f/0xb30 [ 2023.805739][T29500] __do_page_fault+0x5ef/0xda0 [ 2023.810540][T29500] do_page_fault+0x71/0x581 [ 2023.815108][T29500] ? page_fault+0x8/0x30 [ 2023.819391][T29500] page_fault+0x1e/0x30 [ 2023.823575][T29500] RIP: 0033:0x41088c [ 2023.827503][T29500] Code: 89 b5 38 ff ff ff 48 83 c8 01 48 89 05 3d fc 63 00 48 8b 05 16 26 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 <4c> 89 70 08 4c 89 35 f9 25 30 00 48 c7 05 0e fc 63 00 00 00 00 00 [ 2023.847137][T29500] RSP: 002b:0000000000a4fae0 EFLAGS: 00010202 [ 2023.853238][T29500] RAX: 00007fec78be09c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 2023.862626][T29500] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007fec78bbf6a0 [ 2023.870626][T29500] RBP: 0000000000a4fbc0 R08: 0000000000714800 R09: 0000000000714800 [ 2023.878632][T29500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fcb0 [ 2023.886759][T29500] R13: 00007fec78bbf700 R14: 00007fec78bbf9c0 R15: 000000000073bfac [ 2023.897389][T29500] memory: usage 305008kB, limit 307200kB, failcnt 2858 [ 2023.904970][T29500] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2023.912831][T29500] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2023.920356][T29500] Memory cgroup stats for /syz5: cache:52KB rss:207784KB rss_huge:159744KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:207824KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2023.942753][T29500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10694,uid=0 [ 2023.958746][T29500] Memory cgroup out of memory: Killed process 10694 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2024.003434][T29713] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2024.035711][T29713] CPU: 1 PID: 29713 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2024.043845][T29713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2024.053930][T29713] Call Trace: [ 2024.057252][T29713] dump_stack+0x172/0x1f0 [ 2024.061611][T29713] dump_header+0x10f/0xb6c [ 2024.066053][T29713] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2024.071889][T29713] ? ___ratelimit+0x60/0x595 [ 2024.076506][T29713] ? do_raw_spin_unlock+0x57/0x270 [ 2024.081683][T29713] oom_kill_process.cold+0x10/0x15 [ 2024.086921][T29713] out_of_memory+0x79a/0x1280 [ 2024.091642][T29713] ? oom_killer_disable+0x280/0x280 [ 2024.096880][T29713] ? find_held_lock+0x35/0x130 [ 2024.101772][T29713] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2024.107364][T29713] ? memcg_event_wake+0x230/0x230 [ 2024.112431][T29713] ? do_raw_spin_unlock+0x57/0x270 [ 2024.117571][T29713] ? _raw_spin_unlock+0x2d/0x50 [ 2024.122451][T29713] try_charge+0x102c/0x15c0 [ 2024.127006][T29713] ? find_held_lock+0x35/0x130 [ 2024.131806][T29713] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2024.137383][T29713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2024.143655][T29713] ? kasan_check_read+0x11/0x20 [ 2024.148552][T29713] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2024.154210][T29713] mem_cgroup_try_charge+0x24d/0x5e0 [ 2024.159536][T29713] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2024.165197][T29713] wp_page_copy+0x408/0x1740 [ 2024.169818][T29713] ? find_held_lock+0x35/0x130 [ 2024.174623][T29713] ? pmd_pfn+0x1d0/0x1d0 [ 2024.174641][T29713] ? lock_downgrade+0x880/0x880 [ 2024.174655][T29713] ? swp_swapcount+0x540/0x540 [ 2024.174674][T29713] ? kasan_check_read+0x11/0x20 [ 2024.174688][T29713] ? do_raw_spin_unlock+0x57/0x270 [ 2024.174707][T29713] do_wp_page+0x48e/0x1500 [ 2024.174736][T29713] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2024.183857][T29713] __handle_mm_fault+0x22e8/0x3ec0 [ 2024.183881][T29713] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2024.183897][T29713] ? find_held_lock+0x35/0x130 [ 2024.183916][T29713] ? handle_mm_fault+0x322/0xb30 [ 2024.228808][T29713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2024.235091][T29713] ? kasan_check_read+0x11/0x20 [ 2024.240057][T29713] handle_mm_fault+0x43f/0xb30 [ 2024.244859][T29713] __do_page_fault+0x5ef/0xda0 [ 2024.249649][T29713] do_page_fault+0x71/0x581 [ 2024.249674][T29713] ? page_fault+0x8/0x30 [ 2024.258422][T29713] page_fault+0x1e/0x30 [ 2024.262581][T29713] RIP: 0033:0x40e018 [ 2024.262598][T29713] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ac e3 4b 00 31 c0 e8 03 39 ff ff 31 ff e8 4c 35 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 4e 24 64 00 [ 2024.262606][T29713] RSP: 002b:0000000000a4fb00 EFLAGS: 00010246 [ 2024.262618][T29713] RAX: 00000000930b7b4b RBX: 00000000aa9e1f0e RCX: 0000001b31220000 05:05:54 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000094000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:54 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a100000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:54 executing program 0: socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0x1c) r2 = dup3(r1, r1, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r2, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r4, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r5 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00002abd7000fcdbdf25010000000000000007410000004c00180000007f6962000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000"], 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000600)=0x172) getsockopt$sock_buf(r3, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r5, 0x1275, 0x0) 05:05:54 executing program 3: syz_genetlink_get_family_id$team(&(0x7f0000000480)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2024.262627][T29713] RDX: 0000000000000000 RSI: 0000000000001b4b RDI: ffffffff930b7b4b [ 2024.262635][T29713] RBP: 0000000000000001 R08: 00000000930b7b4b R09: 00000000930b7b4f [ 2024.262650][T29713] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 000000000073c028 [ 2024.324424][T29713] R13: 0000000080000000 R14: 00007ff7708ad008 R15: 0000000000000010 [ 2024.340300][T29713] memory: usage 307200kB, limit 307200kB, failcnt 12443 05:05:54 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a1a0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2024.379557][T29713] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2024.452695][T29713] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2024.514093][T29713] Memory cgroup stats for /syz2: cache:48KB rss:91508KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91484KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2024.675429][T29713] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29713,uid=0 [ 2024.720826][T29713] Memory cgroup out of memory: Killed process 29713 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:35716kB, shmem-rss:0kB [ 2024.752270][ T1044] oom_reaper: reaped process 29713 (syz-executor.2), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 05:05:54 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x4, 0x400000) mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8, 0x50, r0, 0x10000000) 05:05:54 executing program 4: r0 = syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x4, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f00000001c0)=0x5, 0x4) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r1 = semget$private(0x0, 0x0, 0x4) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x406, r0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000140)={0x7aab, 0x1, 0x95, 0xa0, 0x0, 0x8, 0xe}) semtimedop(r1, &(0x7f0000000000)=[{0x3, 0x7ff}, {0x7, 0x2, 0x1000}, {0x2, 0x10000, 0x1000}], 0x3, &(0x7f00000000c0)={0x0, 0x1c9c380}) r3 = socket$inet6(0xa, 0x2, 0x8000) ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, &(0x7f0000000200)={0x5, 0x1}) ioctl$sock_inet6_tcp_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) 05:05:54 executing program 0: ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700) ioctl$sock_inet_SIOCGIFADDR(0xffffffffffffffff, 0x8915, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x7a05, 0x1700) getsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000140), &(0x7f0000000500)=0xb) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x7}) pwrite64(r1, &(0x7f0000000200)="4ebefa1e923f1e018b6e53bf4815b78e1f2ef9212b93090c1ff6b35c208d50aef3fd759f995b53dd37c58cf8332b8a6b66575478e02ef0145bf122ba2e2c53a7ec45e375683475a6495f8d7b7a088f5e32dc266569074319bf8c8d3d8007cc92e2ba0d9082c41b63e330f353a3f675a98d2e74a08e38400f7f5eb113a0e25fd90115d57a7acdcab1128cf4f9c719f3f29d460c507f8a2a6594d259217d32eae9be93c6ed17a67ae2e7e689a31fa8449da12fd62bf423cff702b09e6ee1ff0e698b8bb517819eb712ba2b34b54b28b79d9399d920d5a5507e8a85f37060dfe3051f06f8d7cc9b068495ee5d5fcce85410bcd9f91d1f198353ce94b2e03370e43875c1a035bb88fd26fbb5b1252e2056d6b67e2b2f424051a40ad9170e76a81a6ca4f149ff643db76f8f2c1aa8024a6279952027489bbad6479e47ea5ba9e47d8136df398665f6cdfd15e93cfbf2ce1151afe9321ed63fe7100e704b232646fc1e0e936b90cceaaa70225ce71640e10316d2cc637355eddb3c4e16ff1635fa4e65a66eb5ab2cbf9d6f063e05f0e46fcc14bf31eedfb9f33c215fc14946cc6f7493924442e939f71ac4bd3e35e78857f9624c663f3669a47a7146e3249ee3eaaf681f371d515af5b934f9252c7ac2a164bf318fc2b194ee087b2b28ed5e4618c0906fc3f32c43a3b9e08a2e0d509f65a7de909e8c3c535f1d8cb9c236716e5ad709", 0x200, 0x3200) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x2, 0x0, 0x7, 0x9}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfffffcbe) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000008c0)='memory.events\x00', 0xb00000000000000, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000680)="0af51f023c123f3188a070") ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r2}) 05:05:54 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0070c0000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:54 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a4c0000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2024.888079][ T7877] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2024.927011][ T7877] CPU: 1 PID: 7877 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2024.935071][ T7877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2024.945152][ T7877] Call Trace: [ 2024.948475][ T7877] dump_stack+0x172/0x1f0 [ 2024.952854][ T7877] dump_header+0x10f/0xb6c [ 2024.957301][ T7877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2024.963151][ T7877] ? ___ratelimit+0x60/0x595 [ 2024.967771][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2024.972915][ T7877] oom_kill_process.cold+0x10/0x15 [ 2024.978067][ T7877] out_of_memory+0x79a/0x1280 [ 2024.982769][ T7877] ? lock_downgrade+0x880/0x880 [ 2024.987634][ T7877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2024.993896][ T7877] ? oom_killer_disable+0x280/0x280 [ 2024.999104][ T7877] ? find_held_lock+0x35/0x130 [ 2025.003873][ T7877] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2025.009414][ T7877] ? memcg_event_wake+0x230/0x230 [ 2025.014505][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2025.019800][ T7877] ? _raw_spin_unlock+0x2d/0x50 [ 2025.024643][ T7877] try_charge+0x102c/0x15c0 [ 2025.029137][ T7877] ? find_held_lock+0x35/0x130 [ 2025.033893][ T7877] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2025.039424][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2025.044980][ T7877] ? find_held_lock+0x35/0x130 [ 2025.049759][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2025.055342][ T7877] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2025.060896][ T7877] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2025.066095][ T7877] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2025.071635][ T7877] __memcg_kmem_charge+0x136/0x300 [ 2025.076754][ T7877] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2025.082141][ T7877] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2025.087883][ T7877] ? copy_page_range+0x125a/0x1f90 [ 2025.092987][ T7877] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2025.099228][ T7877] alloc_pages_current+0x107/0x210 [ 2025.104355][ T7877] pte_alloc_one+0x1b/0x1a0 [ 2025.108888][ T7877] __pte_alloc+0x20/0x310 [ 2025.113206][ T7877] copy_page_range+0x1529/0x1f90 [ 2025.118135][ T7877] ? find_held_lock+0x35/0x130 [ 2025.122906][ T7877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2025.129164][ T7877] ? pmd_alloc+0x180/0x180 [ 2025.133606][ T7877] ? __rb_insert_augmented+0x231/0xdf0 [ 2025.139069][ T7877] ? validate_mm_rb+0xa3/0xc0 [ 2025.143758][ T7877] ? __vma_link_rb+0x279/0x370 [ 2025.148533][ T7877] copy_process.part.0+0x568b/0x7980 [ 2025.153872][ T7877] ? __cleanup_sighand+0x60/0x60 [ 2025.158826][ T7877] _do_fork+0x257/0xfd0 [ 2025.162982][ T7877] ? fork_idle+0x1d0/0x1d0 [ 2025.167395][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2025.172853][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2025.178323][ T7877] ? do_syscall_64+0x26/0x610 [ 2025.182990][ T7877] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2025.189046][ T7877] ? do_syscall_64+0x26/0x610 [ 2025.193726][ T7877] __x64_sys_clone+0xbf/0x150 [ 2025.198403][ T7877] do_syscall_64+0x103/0x610 [ 2025.203070][ T7877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2025.208972][ T7877] RIP: 0033:0x45737a [ 2025.212867][ T7877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2025.232477][ T7877] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2025.240886][ T7877] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2025.248862][ T7877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2025.256831][ T7877] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 0000000001a53940 [ 2025.264798][ T7877] R10: 0000000001a53c10 R11: 0000000000000246 R12: 0000000000000001 [ 2025.272768][ T7877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2025.299021][ T7877] memory: usage 307200kB, limit 307200kB, failcnt 9189 [ 2025.308184][ T7877] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:55 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='dummy0\x00', 0xa) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) 05:05:55 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0050d0000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2025.354525][ T7877] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2025.375040][ T7877] Memory cgroup stats for /syz1: cache:108KB rss:133256KB rss_huge:69632KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:127164KB inactive_file:0KB active_file:0KB unevictable:4KB 05:05:55 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f00000003c0)={0x1, 0x0, [{0xd, 0x7, 0x7, 0x3f, 0x24}]}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2025.403761][ T7877] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19554,uid=0 [ 2025.444571][ T7877] Memory cgroup out of memory: Killed process 19554 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 2025.582699][T30031] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2025.602071][T30031] CPU: 1 PID: 30031 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2025.610183][T30031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2025.620259][T30031] Call Trace: [ 2025.623574][T30031] dump_stack+0x172/0x1f0 [ 2025.627931][T30031] dump_header+0x10f/0xb6c [ 2025.632373][T30031] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2025.638698][T30031] ? ___ratelimit+0x60/0x595 [ 2025.643308][T30031] ? do_raw_spin_unlock+0x57/0x270 [ 2025.648452][T30031] oom_kill_process.cold+0x10/0x15 [ 2025.653583][T30031] out_of_memory+0x79a/0x1280 [ 2025.658285][T30031] ? oom_killer_disable+0x280/0x280 [ 2025.663504][T30031] ? find_held_lock+0x35/0x130 [ 2025.669001][T30031] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2025.674563][T30031] ? memcg_event_wake+0x230/0x230 [ 2025.679604][T30031] ? do_raw_spin_unlock+0x57/0x270 [ 2025.684729][T30031] ? _raw_spin_unlock+0x2d/0x50 [ 2025.689595][T30031] try_charge+0x102c/0x15c0 [ 2025.694112][T30031] ? find_held_lock+0x35/0x130 [ 2025.698901][T30031] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2025.704466][T30031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2025.710727][T30031] ? kasan_check_read+0x11/0x20 [ 2025.715603][T30031] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2025.721168][T30031] mem_cgroup_try_charge+0x24d/0x5e0 [ 2025.726479][T30031] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2025.732130][T30031] wp_page_copy+0x408/0x1740 [ 2025.736736][T30031] ? find_held_lock+0x35/0x130 [ 2025.741521][T30031] ? pmd_pfn+0x1d0/0x1d0 [ 2025.745776][T30031] ? lock_downgrade+0x880/0x880 [ 2025.750639][T30031] ? swp_swapcount+0x540/0x540 [ 2025.755420][T30031] ? kasan_check_read+0x11/0x20 [ 2025.760287][T30031] ? do_raw_spin_unlock+0x57/0x270 [ 2025.765907][T30031] do_wp_page+0x48e/0x1500 [ 2025.770351][T30031] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2025.775750][T30031] __handle_mm_fault+0x22e8/0x3ec0 [ 2025.780882][T30031] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2025.786439][T30031] ? find_held_lock+0x35/0x130 [ 2025.791214][T30031] ? handle_mm_fault+0x322/0xb30 [ 2025.796177][T30031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2025.802435][T30031] ? kasan_check_read+0x11/0x20 [ 2025.807305][T30031] handle_mm_fault+0x43f/0xb30 [ 2025.812097][T30031] __do_page_fault+0x5ef/0xda0 [ 2025.816885][T30031] do_page_fault+0x71/0x581 [ 2025.821400][T30031] ? page_fault+0x8/0x30 [ 2025.825658][T30031] page_fault+0x1e/0x30 [ 2025.829816][T30031] RIP: 0033:0x40b828 [ 2025.833725][T30031] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 38 2c 00 00 8b 05 e2 c7 32 00 48 8b 15 73 4c 64 00 83 c0 01 <89> 05 d2 c7 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 2025.853353][T30031] RSP: 002b:0000000000a4fb60 EFLAGS: 00010202 [ 2025.859435][T30031] RAX: 0000000000000001 RBX: 0000001b30220014 RCX: 0000001b31220000 [ 2025.867454][T30031] RDX: 0000001b30220000 RSI: 0000000000000a14 RDI: ffffffff7573aa14 [ 2025.875446][T30031] RBP: 0000001b30220018 R08: 000000007573aa14 R09: 000000007573aa18 05:05:55 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0263e0000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2025.883464][T30031] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 0000001b3022001c [ 2025.891539][T30031] R13: 00000000001ee5ea R14: 000000000073bfa0 R15: 000000000073bfac [ 2025.905802][T30031] memory: usage 307200kB, limit 307200kB, failcnt 12459 [ 2025.913142][T30031] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2025.922137][T30031] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2025.933805][T30031] Memory cgroup stats for /syz2: cache:48KB rss:91508KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91512KB inactive_file:0KB active_file:0KB unevictable:4KB 05:05:55 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a880000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:56 executing program 4: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)={'exec ', '=\t&'}, 0x8) [ 2026.008090][T30031] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=29839,uid=0 [ 2026.095610][ T26] audit: type=1400 audit(1556946356.055:44): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=3D0926 pid=30153 comm="syz-executor.4" 05:05:56 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) sync_file_range(r0, 0x78, 0x8000, 0x5) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e20, 0xff, @mcast1, 0xc82}}, 0x4, 0x5}, &(0x7f00000001c0)=0x90) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000400)={0x5, 0xc, 0x7, 0x0, r2}, &(0x7f0000000540)=0x10) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0xffffffffffffffe9) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r3, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2026.160609][T30031] Memory cgroup out of memory: Killed process 29839 (syz-executor.2) total-vm:72448kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB 05:05:56 executing program 2: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x10000, 0x99247a19eadab127) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, &(0x7f0000000300)=@sack_info={0x0, 0x100, 0x7ff}, &(0x7f0000000380)=0xc) clock_gettime(0x0, &(0x7f00000004c0)={0x0, 0x0}) sendmsg$can_bcm(r0, &(0x7f00000005c0)={&(0x7f00000002c0), 0x10, &(0x7f0000000580)={&(0x7f00000007c0)=ANY=[@ANYBLOB="0600000021000000000000000000000033acb1c8baefe314039fac3528f0a2c02529636553200000009062bbf8f6737d93ab251f27858d72021964828c8e409829aa6cb9fde6968f5b8e70d258083a", @ANYRES64=r2, @ANYRES64=r3/1000+30000, @ANYRES64=0x0, @ANYRES64=0x7530, @ANYBLOB="0300002001000000109ec8ec330a704df2686a0000006008020000010b1c4923ccc971"], 0x48}, 0x1, 0x0, 0x0, 0x8014}, 0x4000000) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000440)={r1, 0x78, &(0x7f00000003c0)=[@in6={0xa, 0x4e21, 0x3, @remote, 0x80}, @in={0x2, 0x4e24, @remote}, @in6={0xa, 0x4e21, 0x56e2, @mcast1, 0x2}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e24, @local}]}, &(0x7f0000000480)=0x10) syz_execute_func(&(0x7f0000000140)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f1843cc38fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r4 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) clock_gettime(0x7, &(0x7f0000000600)) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000640), &(0x7f00000006c0)=0x68) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000280)=0x88f) accept$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000340)={'team0\x00', r5}) accept4$vsock_stream(r4, &(0x7f0000000080)={0x28, 0x0, 0x2710, @my=0x1}, 0x10, 0x800) 05:05:56 executing program 4: clone(0x1000000048121, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xdd) r1 = dup(r0) read$alg(r1, &(0x7f0000000100)=""/174, 0xae) 05:05:56 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbffffff000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:56 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1ac00000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:56 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x9, 0x3, 0x2c0, 0x0, 0x0, 0x108, 0x0, 0x108, 0x228, 0x228, 0x228, 0x228, 0x228, 0x3, &(0x7f0000000400), {[{{@uncond, 0x0, 0x98, 0x108}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x2, 0x3, 0x4064, 0x1, 0x0, "58e5bb096922e288a9db77ef4d57f3f8fbdec44e16d30c69316970914c6e81aa2d49a751f79b2092df7ecf4fd18e7ce1fec377673b6d4ae0076deb751aea2809"}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, 0xffffffff, 0xff, 'rose0\x00', 'batadv0\x00', {}, {0xff}, 0x2, 0x3, 0x20}, 0x0, 0xc0, 0x120, 0x0, {}, [@inet=@rpfilter={0x28, 'rpfilter\x00'}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x8, 0xb, [0x31, 0x22, 0x3c, 0x2, 0x3e, 0x25, 0x2e, 0x31, 0x17, 0x3a, 0x1d, 0x35, 0x28, 0x33, 0x21, 0x21], 0x1, 0xffffffff, 0x4}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x320) ioctl$PERF_EVENT_IOC_ID(r0, 0x80082407, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:56 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x400000000005, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)=""/22, 0x16}, {&(0x7f0000000500)=""/9, 0x9}, {&(0x7f00000003c0)=""/169, 0xa9}, {&(0x7f0000000480)=""/78, 0x4e}], 0x4, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000200)=""/255, 0x443}], 0x1000000000000060) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x2) dup3(r2, r1, 0x0) write(r1, &(0x7f0000c34fff), 0xffffff0b) 05:05:56 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0xdb, 0xc0) ioctl$TCSBRK(r0, 0x5409, 0x6) syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x10001, 0x1) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180), 0x10) 05:05:56 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000010f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2026.613418][ T1044] oom_reaper: reaped process 30275 (syz-executor.1), now anon-rss:0kB, file-rss:34772kB, shmem-rss:0kB 05:05:56 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a040200c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:56 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbc00000010f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, 0x0, 0x100000009b4b62b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) r2 = syz_open_dev$vcsn(0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', 0x0, 0x0, &(0x7f0000000240)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r3 = syz_open_procfs(0x0, &(0x7f0000000400)='mountinfo\x00') ioctl$TIOCGETD(r3, 0x5424, 0x0) mount(&(0x7f0000000700)=ANY=[@ANYRESOCT, @ANYRESDEC=r2, @ANYRESOCT, @ANYRES64], 0x0, 0x0, 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x80006, 0x0) mount(0x0, &(0x7f0000000540)='./file0\x00', &(0x7f0000000800)='devtmpfs\x00', 0x847, &(0x7f0000000780)) [ 2026.957078][T30430] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2026.984268][T30430] CPU: 0 PID: 30430 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2026.992408][T30430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2027.002495][T30430] Call Trace: [ 2027.005806][T30430] dump_stack+0x172/0x1f0 [ 2027.010165][T30430] dump_header+0x10f/0xb6c [ 2027.014597][T30430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2027.020415][T30430] ? ___ratelimit+0x60/0x595 [ 2027.025013][T30430] ? do_raw_spin_unlock+0x57/0x270 [ 2027.030146][T30430] oom_kill_process.cold+0x10/0x15 [ 2027.035444][T30430] out_of_memory+0x79a/0x1280 [ 2027.040165][T30430] ? lock_downgrade+0x880/0x880 [ 2027.045067][T30430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.051326][T30430] ? oom_killer_disable+0x280/0x280 [ 2027.056542][T30430] ? find_held_lock+0x35/0x130 [ 2027.061335][T30430] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2027.066899][T30430] ? memcg_event_wake+0x230/0x230 [ 2027.071944][T30430] ? do_raw_spin_unlock+0x57/0x270 [ 2027.077068][T30430] ? _raw_spin_unlock+0x2d/0x50 [ 2027.081938][T30430] try_charge+0x102c/0x15c0 [ 2027.086462][T30430] ? find_held_lock+0x35/0x130 [ 2027.091248][T30430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2027.096803][T30430] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2027.102374][T30430] ? find_held_lock+0x35/0x130 [ 2027.107153][T30430] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2027.112722][T30430] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2027.118291][T30430] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2027.123521][T30430] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2027.129092][T30430] __memcg_kmem_charge+0x136/0x300 [ 2027.134253][T30430] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2027.139642][T30430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.145899][T30430] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2027.151630][T30430] ? copy_process.part.0+0x1d08/0x7980 [ 2027.157101][T30430] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2027.162410][T30430] ? trace_hardirqs_on+0x67/0x230 [ 2027.167708][T30430] copy_process.part.0+0x3e0/0x7980 [ 2027.172929][T30430] ? debug_check_no_obj_freed+0x200/0x464 [ 2027.178665][T30430] ? find_held_lock+0x35/0x130 [ 2027.183441][T30430] ? debug_check_no_obj_freed+0x200/0x464 [ 2027.189181][T30430] ? kasan_check_write+0x14/0x20 [ 2027.194154][T30430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2027.200406][T30430] ? filename_parentat.isra.0+0x2d5/0x410 [ 2027.206136][T30430] ? getname+0x20/0x20 [ 2027.210227][T30430] ? __cleanup_sighand+0x60/0x60 [ 2027.215177][T30430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.221486][T30430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.227743][T30430] ? getname_flags+0x300/0x5b0 [ 2027.232524][T30430] ? getname_flags+0x300/0x5b0 [ 2027.237306][T30430] ? rcu_read_lock_sched_held+0x110/0x130 [ 2027.243057][T30430] ? kmem_cache_free+0x225/0x260 [ 2027.248003][T30430] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2027.253913][T30430] _do_fork+0x257/0xfd0 [ 2027.258084][T30430] ? fork_idle+0x1d0/0x1d0 [ 2027.262510][T30430] ? __ia32_sys_mkdir+0x80/0x80 [ 2027.267381][T30430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2027.272847][T30430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2027.278330][T30430] ? do_syscall_64+0x26/0x610 [ 2027.283030][T30430] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2027.289103][T30430] ? do_syscall_64+0x26/0x610 [ 2027.293789][T30430] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2027.299087][T30430] __ia32_sys_fork+0x1f/0x30 [ 2027.303689][T30430] do_syscall_64+0x103/0x610 [ 2027.308399][T30430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2027.314309][T30430] RIP: 0033:0x2000000a [ 2027.318410][T30430] Code: Bad RIP value. [ 2027.322481][T30430] RSP: 002b:00007f71d9357bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2027.330903][T30430] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2027.338877][T30430] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000002041a [ 2027.346864][T30430] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2027.354852][T30430] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b 05:05:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000009c0)=ANY=[@ANYBLOB="00000000000000000000000000000000c200", @ANYPTR=&(0x7f00000008c0)=ANY=[]]) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000300)) [ 2027.362826][T30430] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:05:57 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) ioctl$ION_IOC_HEAP_QUERY(r1, 0xc0184908, &(0x7f0000000400)={0x34, 0x0, &(0x7f00000003c0)}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2027.443143][T30430] memory: usage 307188kB, limit 307200kB, failcnt 9276 [ 2027.459690][T30430] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2027.478183][T30430] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:57 executing program 0: sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff02c}, {0x80000016}]}, 0x10) [ 2027.518133][T30430] Memory cgroup stats for /syz1: cache:108KB rss:133232KB rss_huge:69632KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:127152KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2027.581378][T30430] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19573,uid=0 [ 2027.622173][T30430] Memory cgroup out of memory: Killed process 19573 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB 05:05:57 executing program 4: futex(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000e80)="47f715a38200004a2be91ca9980f05f7a6aae28920aec4a37bf0c52141e2e951eb9163c4217970d3d1c4e225079d00000000420f0d7a0066450f66e7f4f47449d1bdc4f43536660fae770f44eda893660f5b5f06ef71787979530505dec4613f2e40c265b2c4e2010d32c2befaf346e1408f29009625fc7f0000dae6c462c990a4c1418ad1ee66400f65801274000064748f2870b68f09089b781ce2e7e0000f0220def3260f8cfeffffffc4a2a5aa2153c455fc94e790c32e00a10fae2e0f2cfafc64f20f1bf0310f2ef44480fdbd647168c19dfb96f98e00000f3a16288836f72f8bf8f345c7f8050000006bd1ac0f1a77dd994124f6eefc8fc978e2620bc4e2fd23abd92b46d6ef764179278ad9420f38ca920e00000026f23e360fab342ff3400f5824e7c4e3a95da70caead86fd41decfc4e299abd6244c5c300d0d028f6a78106f66400f7f31f20f1ae340cc74b1430f577a4f8692aeea6d892e3e66430f383bdb30ca46e9c5fc08efc4c4c481d37d97bd97bde50f1863f14e726c1971f2f6fe66400f0ffb440c0f5fb89a67cb0000660fe5a2f1427d8c7fa2c4a15c142e647c7d668282f04e0fc78a00088041263ef30fbc1ae1f184c7d081008194d800000d84776750d4f2420f7cd207c462f9252bdf90fbffffffa8000036f3450fc737cccc83b9087000000dc4e22704cedb800036430fa33b993e460f608b00800000a5e52125db1e4c59c4a18c5749ff00a85847ca0d46ffa50100003cb0656426ade595660f6be421fb5a17c4a17d2eb557000000f2400f468b7b000000f20fe6430047d9fd2917fa21c4e2792f166e0e8f8878c30df8aa4111fcb6450f56ab61a15747f804040f3834ab00000000880045006bf3f30f59238f6968010df0ffffffc481f8595b00470f0f41f790c44109f89700008020") [ 2027.742191][T30345] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2027.777115][T30345] CPU: 1 PID: 30345 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2027.785247][T30345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2027.795327][T30345] Call Trace: [ 2027.798648][T30345] dump_stack+0x172/0x1f0 [ 2027.803004][T30345] dump_header+0x10f/0xb6c [ 2027.807436][T30345] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2027.813264][T30345] ? ___ratelimit+0x60/0x595 [ 2027.817878][T30345] ? do_raw_spin_unlock+0x57/0x270 [ 2027.823014][T30345] oom_kill_process.cold+0x10/0x15 [ 2027.828144][T30345] out_of_memory+0x79a/0x1280 [ 2027.832860][T30345] ? oom_killer_disable+0x280/0x280 [ 2027.838074][T30345] ? find_held_lock+0x35/0x130 [ 2027.842869][T30345] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2027.848424][T30345] ? memcg_event_wake+0x230/0x230 [ 2027.853471][T30345] ? do_raw_spin_unlock+0x57/0x270 [ 2027.858596][T30345] ? _raw_spin_unlock+0x2d/0x50 [ 2027.863458][T30345] try_charge+0xa87/0x15c0 [ 2027.867880][T30345] ? find_held_lock+0x35/0x130 [ 2027.872670][T30345] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2027.878248][T30345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.884522][T30345] ? kasan_check_read+0x11/0x20 [ 2027.889403][T30345] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2027.894980][T30345] mem_cgroup_try_charge+0x24d/0x5e0 [ 2027.900299][T30345] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2027.905979][T30345] __handle_mm_fault+0x1e1f/0x3ec0 [ 2027.911134][T30345] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2027.916709][T30345] ? find_held_lock+0x35/0x130 [ 2027.921507][T30345] ? handle_mm_fault+0x322/0xb30 [ 2027.926653][T30345] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2027.932932][T30345] ? kasan_check_read+0x11/0x20 [ 2027.937811][T30345] handle_mm_fault+0x43f/0xb30 [ 2027.942644][T30345] __do_page_fault+0x5ef/0xda0 [ 2027.947434][T30345] do_page_fault+0x71/0x581 [ 2027.951954][T30345] ? page_fault+0x8/0x30 [ 2027.956217][T30345] page_fault+0x1e/0x30 [ 2027.960381][T30345] RIP: 0033:0x45b75d [ 2027.964285][T30345] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2027.983937][T30345] RSP: 002b:0000000000a4fa98 EFLAGS: 00010202 [ 2027.990020][T30345] RAX: ffffffffffffffea RBX: 00007f71d9337700 RCX: 00007f71d9337700 [ 2027.998094][T30345] RDX: 00000000003d0f00 RSI: 00007f71d9336db0 RDI: 000000000040fbb0 [ 2028.006083][T30345] RBP: 0000000000a4fcb0 R08: 00007f71d93379d0 R09: 00007f71d9337700 [ 2028.014068][T30345] R10: 00007f71d9336dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2028.022053][T30345] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac [ 2028.046621][T30345] memory: usage 304956kB, limit 307200kB, failcnt 9276 [ 2028.063809][T30345] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:05:58 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r3, 0x800442d3, &(0x7f00000003c0)={0x6, 0x3, 0xc84, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'veth1\x00'}) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2028.100906][T30345] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2028.117728][T30345] Memory cgroup stats for /syz1: cache:108KB rss:131152KB rss_huge:67584KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:125040KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2028.142393][T30345] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=19700,uid=0 [ 2028.165369][T30345] Memory cgroup out of memory: Killed process 19700 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 2028.212275][ T1044] oom_reaper: reaped process 19700 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2028.213716][T30438] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2028.261503][T30625] Unknown ioctl -2147204397 05:05:58 executing program 0: futex(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000001b80)="47f715a38200004a2be91ca9980f05f7a6aae28920aec4a37bf0c52141e2e951eb9163c4217970d3d1c4e225079d00000000420f0d7a0066450f66e7f4017449d169c4f43536660fae770f44eda8939bef93787979530505dec4613fc4e2010d32c2befa2e813a0f0000008f29009625fc7f0000c4c21da75c8c0bc462c990a4c1418ad1ee66400f65801274000064748f2870b68f09089b781ce2e7e0000f0220def3420f5d3ac4a2a5aa2153c455c48269ba3894e790c32e00a10fae2e0f0fcafafa64f20f1bf0310f2ef44480fdbd647168c19dfb96f98e00000f3a16288836f72f8bf8f345c7f80500000000006bd1ac0f1a77dd994124f6eefc8fc978e2620bc4e2fd23abd92b46d6ef764179278ad9420f38ca920e00000026f23e360fab342ff3400f5824e7c4e3a95d2ca70caead86fdfddecfc4e299abd6244c5c300d0d028f6a78106f66400f7f31f20f1ae340cc74b1430f577a4fa80f2e3e66430f383bdb30ca46e9c5fc08efc4c4c481d37d97bd97bde50f1863f14e726c1971f2f6fe66400f0ffb440c0f5fb89a67cb0000660fe5a2f10f0f64dd6d967fa2c4a15c142e647c7d668282f04e0fc78a00088041263ef30fbc1a41cf84c7d081008194d800000d84776750d4f2420f7cd207c462f9252bdf90fbffffff0f955d690036f3450fc737cccc83b9087000000dc4e22704cedb800036430fa33b993e460f608b00800000a5e52125db1e4c59c4a18c5749ff00a85847ca0d46ffa50100003cb0656426ade5953640e40e21fb5a17c4a17d2eb557000000f2400f468b7b000000c4216f5a0cda47d9fd2917fa21c4e2792f166e0e8f8878c30de8aa4111fcb6450f56ab61a15747f804040f3834ab00000000c85500006bf3460f59238f6968010df0ffffffc481f8595b00470f0f41f790c44109f8970000802067640fd930") [ 2028.310042][T30438] CPU: 0 PID: 30438 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2028.318163][T30438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2028.328227][T30438] Call Trace: [ 2028.331545][T30438] dump_stack+0x172/0x1f0 [ 2028.335894][T30438] dump_header+0x10f/0xb6c [ 2028.340420][T30438] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2028.346246][T30438] ? ___ratelimit+0x60/0x595 [ 2028.350846][T30438] ? do_raw_spin_unlock+0x57/0x270 [ 2028.355983][T30438] oom_kill_process.cold+0x10/0x15 [ 2028.361116][T30438] out_of_memory+0x79a/0x1280 [ 2028.365812][T30438] ? oom_killer_disable+0x280/0x280 [ 2028.371019][T30438] ? find_held_lock+0x35/0x130 [ 2028.375816][T30438] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2028.381382][T30438] ? memcg_event_wake+0x230/0x230 [ 2028.386424][T30438] ? do_raw_spin_unlock+0x57/0x270 [ 2028.391550][T30438] ? _raw_spin_unlock+0x2d/0x50 [ 2028.396427][T30438] try_charge+0x102c/0x15c0 [ 2028.400939][T30438] ? find_held_lock+0x35/0x130 [ 2028.405720][T30438] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2028.411283][T30438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2028.417566][T30438] ? kasan_check_read+0x11/0x20 [ 2028.422436][T30438] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2028.428005][T30438] mem_cgroup_try_charge+0x24d/0x5e0 [ 2028.433314][T30438] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2028.438989][T30438] __handle_mm_fault+0x1e1f/0x3ec0 [ 2028.444125][T30438] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2028.449686][T30438] ? find_held_lock+0x35/0x130 [ 2028.454466][T30438] ? handle_mm_fault+0x322/0xb30 [ 2028.459423][T30438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2028.465943][T30438] ? kasan_check_read+0x11/0x20 [ 2028.470809][T30438] handle_mm_fault+0x43f/0xb30 [ 2028.475589][T30438] __do_page_fault+0x5ef/0xda0 [ 2028.480382][T30438] do_page_fault+0x71/0x581 [ 2028.484903][T30438] ? page_fault+0x8/0x30 [ 2028.489152][T30438] page_fault+0x1e/0x30 [ 2028.493329][T30438] RIP: 0033:0x4107bf [ 2028.497246][T30438] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 2028.497255][T30438] RSP: 002b:0000000000a4fae0 EFLAGS: 00010206 [ 2028.497268][T30438] RAX: 00007fec78b9f000 RBX: 0000000000020000 RCX: 0000000000458dfa [ 2028.497277][T30438] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 2028.497287][T30438] RBP: 0000000000a4fbc0 R08: ffffffffffffffff R09: 0000000000000000 [ 2028.497295][T30438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fcb0 05:05:58 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a230200c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2028.497311][T30438] R13: 00007fec78bbf700 R14: 0000000000000001 R15: 000000000073bfac [ 2028.596154][T30438] memory: usage 307076kB, limit 307200kB, failcnt 2884 [ 2028.623713][T30438] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2028.686934][T30438] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2028.693872][T30438] Memory cgroup stats for /syz5: cache:52KB rss:208400KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:208452KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2028.760761][T30438] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=30121,uid=0 [ 2028.823196][T30438] Memory cgroup out of memory: Killed process 30121 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35796kB, shmem-rss:0kB [ 2028.863045][ T1044] oom_reaper: reaped process 30121 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2028.914927][T30300] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2028.940997][T30300] CPU: 0 PID: 30300 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2028.949152][T30300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2028.959228][T30300] Call Trace: [ 2028.962549][T30300] dump_stack+0x172/0x1f0 [ 2028.966900][T30300] dump_header+0x10f/0xb6c [ 2028.971955][T30300] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2028.977782][T30300] ? ___ratelimit+0x60/0x595 [ 2028.982389][T30300] ? do_raw_spin_unlock+0x57/0x270 [ 2028.987536][T30300] oom_kill_process.cold+0x10/0x15 [ 2028.992810][T30300] out_of_memory+0x79a/0x1280 [ 2028.997532][T30300] ? oom_killer_disable+0x280/0x280 [ 2029.002753][T30300] ? find_held_lock+0x35/0x130 [ 2029.007559][T30300] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2029.013162][T30300] ? memcg_event_wake+0x230/0x230 [ 2029.018233][T30300] ? do_raw_spin_unlock+0x57/0x270 [ 2029.023387][T30300] ? _raw_spin_unlock+0x2d/0x50 [ 2029.028261][T30300] try_charge+0x102c/0x15c0 [ 2029.032781][T30300] ? find_held_lock+0x35/0x130 [ 2029.032806][T30300] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2029.032828][T30300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.043154][T30300] ? kasan_check_read+0x11/0x20 [ 2029.043175][T30300] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2029.043195][T30300] mem_cgroup_try_charge+0x24d/0x5e0 [ 2029.043218][T30300] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2029.043235][T30300] wp_page_copy+0x408/0x1740 [ 2029.043248][T30300] ? find_held_lock+0x35/0x130 [ 2029.043267][T30300] ? pmd_pfn+0x1d0/0x1d0 [ 2029.043283][T30300] ? lock_downgrade+0x880/0x880 [ 2029.043297][T30300] ? swp_swapcount+0x540/0x540 [ 2029.043328][T30300] ? kasan_check_read+0x11/0x20 [ 2029.066038][T30731] Unknown ioctl -2147204397 [ 2029.071042][T30300] ? do_raw_spin_unlock+0x57/0x270 [ 2029.071064][T30300] do_wp_page+0x48e/0x1500 [ 2029.071087][T30300] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2029.071112][T30300] __handle_mm_fault+0x22e8/0x3ec0 [ 2029.123673][T30300] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2029.129236][T30300] ? find_held_lock+0x35/0x130 [ 2029.134017][T30300] ? handle_mm_fault+0x322/0xb30 [ 2029.138972][T30300] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.145225][T30300] ? kasan_check_read+0x11/0x20 [ 2029.145252][T30300] handle_mm_fault+0x43f/0xb30 [ 2029.145271][T30300] __do_page_fault+0x5ef/0xda0 [ 2029.145294][T30300] do_page_fault+0x71/0x581 [ 2029.145314][T30300] ? page_fault+0x8/0x30 [ 2029.145350][T30300] page_fault+0x1e/0x30 [ 2029.154973][T30300] RIP: 0033:0x410890 [ 2029.154988][T30300] Code: ff ff 48 83 c8 01 48 89 05 3d fc 63 00 48 8b 05 16 26 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 f9 25 30 00 48 c7 05 0e fc 63 00 00 00 00 00 f0 ff 0d 0f [ 2029.154996][T30300] RSP: 002b:0000000000a4fae0 EFLAGS: 00010202 [ 2029.155007][T30300] RAX: 00007ff76ea8b9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 2029.155014][T30300] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007ff76ea6a6a0 [ 2029.155021][T30300] RBP: 0000000000a4fbc0 R08: 0000000000714800 R09: 0000000000714800 [ 2029.155029][T30300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fcb0 [ 2029.155037][T30300] R13: 00007ff76ea6a700 R14: 00007ff76ea6a9c0 R15: 000000000073c04c [ 2029.168535][T30300] memory: usage 307200kB, limit 307200kB, failcnt 12496 [ 2029.258470][T30300] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2029.266161][T30300] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2029.273051][T30300] Memory cgroup stats for /syz2: cache:48KB rss:91564KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91504KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2029.294754][T30300] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30300,uid=0 [ 2029.310350][T30300] Memory cgroup out of memory: Killed process 30300 (syz-executor.2) total-vm:72712kB, anon-rss:2212kB, file-rss:35724kB, shmem-rss:0kB [ 2029.327345][ T1044] oom_reaper: reaped process 30300 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 2029.329528][T30438] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2029.349090][T30438] CPU: 0 PID: 30438 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2029.357176][T30438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2029.367237][T30438] Call Trace: [ 2029.370552][T30438] dump_stack+0x172/0x1f0 [ 2029.374900][T30438] dump_header+0x10f/0xb6c [ 2029.379345][T30438] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2029.385173][T30438] ? ___ratelimit+0x60/0x595 [ 2029.389777][T30438] ? do_raw_spin_unlock+0x57/0x270 [ 2029.394902][T30438] oom_kill_process.cold+0x10/0x15 [ 2029.400028][T30438] out_of_memory+0x79a/0x1280 [ 2029.404724][T30438] ? oom_killer_disable+0x280/0x280 [ 2029.409924][T30438] ? find_held_lock+0x35/0x130 05:05:59 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) link(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='./file0\x00') 05:05:59 executing program 4: futex(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0) syz_execute_func(&(0x7f0000000e80)="47f715a38200004a2be91ca9980f05f7a6aae28920aec4a37bf0c52141e2e951eb9163c4217970d3d1c4e225079d00000000420f0d7a0066450f66e7f4f47449d1bdc4f43536660fae770f44eda893660f5b5f06ef71787979530505dec4613f2e40c265b2c4e2010d32c2befaf346e1408f29009625fc7f0000dae6c462c990a4c1418ad1ee66400f65801274000064748f2870b68f09089b781ce2e7e0000f0220def3260f8cfeffffffc4a2a5aa2153c455fc94e790c32e00a10fae2e0f2cfafc64f20f1bf0310f2ef44480fdbd647168c19dfb96f98e00000f3a16288836f72f8bf8f345c7f8050000006bd1ac0f1a77dd994124f6eefc8fc978e2620bc4e2fd23abd92b46d6ef764179278ad9420f38ca920e00000026f23e360fab342ff3400f5824e7c4e3a95da70caead86fd41decfc4e299abd6244c5c300d0d028f6a78106f66400f7f31f20f1ae340cc74b1430f577a4f8692aeea6d892e3e66430f383bdb30ca46e9c5fc08efc4c4c481d37d97bd97bde50f1863f14e726c1971f2f6fe66400f0ffb440c0f5fb89a67cb0000660fe5a2f1427d8c7fa2c4a15c142e647c7d668282f04e0fc78a00088041263ef30fbc1ae1f184c7d081008194d800000d84776750d4f2420f7cd207c462f9252bdf90fbffffffa8000036f3450fc737cccc83b9087000000dc4e22704cedb800036430fa33b993e460f608b00800000a5e52125db1e4c59c4a18c5749ff00a85847ca0d46ffa50100003cb0656426ade595660f6be421fb5a17c4a17d2eb557000000f2400f468b7b000000f20fe6430047d9fd2917fa21c4e2792f166e0e8f8878c30df8aa4111fcb6450f56ab61a15747f804040f3834ab00000000880045006bf3f30f59238f6968010df0ffffffc481f8595b00470f0f41f790c44109f89700008020") 05:05:59 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a020400c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2029.414706][T30438] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2029.420254][T30438] ? memcg_event_wake+0x230/0x230 [ 2029.425290][T30438] ? do_raw_spin_unlock+0x57/0x270 [ 2029.430432][T30438] ? _raw_spin_unlock+0x2d/0x50 [ 2029.435295][T30438] try_charge+0x102c/0x15c0 [ 2029.439817][T30438] ? find_held_lock+0x35/0x130 [ 2029.444614][T30438] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2029.450176][T30438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.450198][T30438] ? kasan_check_read+0x11/0x20 [ 2029.450218][T30438] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2029.466897][T30438] mem_cgroup_try_charge+0x24d/0x5e0 [ 2029.472197][T30438] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2029.472218][T30438] wp_page_copy+0x408/0x1740 [ 2029.472233][T30438] ? find_held_lock+0x35/0x130 [ 2029.472257][T30438] ? pmd_pfn+0x1d0/0x1d0 [ 2029.491463][T30438] ? lock_downgrade+0x880/0x880 [ 2029.496336][T30438] ? swp_swapcount+0x540/0x540 [ 2029.501120][T30438] ? kasan_check_read+0x11/0x20 [ 2029.505999][T30438] ? do_raw_spin_unlock+0x57/0x270 [ 2029.511133][T30438] do_wp_page+0x48e/0x1500 [ 2029.515572][T30438] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2029.520965][T30438] __handle_mm_fault+0x22e8/0x3ec0 [ 2029.526105][T30438] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2029.531661][T30438] ? find_held_lock+0x35/0x130 [ 2029.536454][T30438] ? handle_mm_fault+0x322/0xb30 [ 2029.541417][T30438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.547674][T30438] ? kasan_check_read+0x11/0x20 [ 2029.552538][T30438] handle_mm_fault+0x43f/0xb30 [ 2029.557328][T30438] __do_page_fault+0x5ef/0xda0 [ 2029.562118][T30438] do_page_fault+0x71/0x581 [ 2029.566630][T30438] ? page_fault+0x8/0x30 [ 2029.570884][T30438] page_fault+0x1e/0x30 [ 2029.575038][T30438] RIP: 0033:0x414633 [ 2029.578933][T30438] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 2029.598537][T30438] RSP: 002b:0000000000a4fbc8 EFLAGS: 00010213 [ 2029.604618][T30438] RAX: 000000000000006e RBX: 000000000000002d RCX: 0000000000458da9 [ 2029.612586][T30438] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000073bf0c [ 2029.620910][T30438] RBP: 00000000000003e8 R08: ffffffffffffffff R09: ffffffffffffffff [ 2029.628877][T30438] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 000000000073bf00 [ 2029.637364][T30438] R13: 00000000001ef569 R14: 00000000001ef596 R15: 000000000073bf0c [ 2029.654115][T30438] memory: usage 307192kB, limit 307200kB, failcnt 2906 [ 2029.664227][T30438] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2029.678635][T30438] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2029.693160][T30438] Memory cgroup stats for /syz5: cache:52KB rss:208400KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:208492KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2029.720031][T30438] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10811,uid=0 [ 2029.736273][T30438] Memory cgroup out of memory: Killed process 10811 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2029.752639][ T1044] oom_reaper: reaped process 10811 (syz-executor.5), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 05:05:59 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000020f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:05:59 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) openat$md(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/md0\x00', 0x101000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:05:59 executing program 0: syz_execute_func(&(0x7f0000001c40)="47f715a38200004a2be91ca9980f05f7a6aae28920aec4a37bf0c52141e2e951eb916361c4e225079d00000000f29e66450f66e7f4f47449d169c4cdc7f43536660fae770fc4a1786b77772289a9b4b2fae300009bef93787179530505dec4613f2e40c265b23acaf346e14095dae6c462c990a4c1418ad1ee66400f65801274000064748f2870b68f09089b781ce2efe0000f0220def3420f5d3ac4a2a5aa2153c4a155fc94e7190000000eae2e0f2cfafc310fd9c12e264080fdbd647168c19dfbd0f98e00000f3a16288836f72f8b262e66410feeccf345c7f80500000000006bd1ac0f1a77cd99360f380b0766410f380a4b75eefc8fc978e2620bc4e2fd23abd92b46d6ef764179278ad9420f38ca920e000000c483d140be0f000000eff3400f5824e7c4e3a95da70caead86fd41decf336279244c5c300d0d028f6a78106f650300f20f1ae340cc74b1430f577a4f41df8184fd163c0fb245fe46e9c5fc08efc4c4c481d37d97bd97bde50f1863f14e726c1971f2f666400f6f77440c0f5fb89a67cb003667c0eb0be5a2f1ffff7fa2c4a15c142e647c7d668282f04e0fc78a00088041263ef30fbc1ae1f1a0dec3c381008194d800000d84776750d4f2420f7cd207c462f9252bdf90fbffffffa8000036f3450fc737cccc83b9087000000dc4e22704cedb800036430fa33b993e460f608b00800000a5e52125db1e4c59c4a18c5749ff00a85847da0d46ffa50100003cbeb0616126ade5953640e40e21fb5a17c4a17ddcb557000000f2400f468b7b000000c4216f5a0cda47d9fd2917fa21c4e2792f166e0ef30f587200b6450f56ab61a1575ef804040f3834ab000000008800006bf3460f59238f6968010df0ffffffc481f8595b00470f0f41f790c44109f8970000802067640fd930") 05:05:59 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000a00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2029.760055][T30852] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2029.776748][T30852] CPU: 0 PID: 30852 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2029.784830][T30852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2029.794902][T30852] Call Trace: [ 2029.798214][T30852] dump_stack+0x172/0x1f0 [ 2029.802570][T30852] dump_header+0x10f/0xb6c [ 2029.807004][T30852] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2029.812819][T30852] ? ___ratelimit+0x60/0x595 [ 2029.817420][T30852] ? do_raw_spin_unlock+0x57/0x270 [ 2029.822537][T30852] oom_kill_process.cold+0x10/0x15 [ 2029.827657][T30852] out_of_memory+0x79a/0x1280 [ 2029.832370][T30852] ? oom_killer_disable+0x280/0x280 [ 2029.837574][T30852] ? find_held_lock+0x35/0x130 [ 2029.842378][T30852] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2029.847934][T30852] ? memcg_event_wake+0x230/0x230 [ 2029.852973][T30852] ? do_raw_spin_unlock+0x57/0x270 [ 2029.858093][T30852] ? _raw_spin_unlock+0x2d/0x50 [ 2029.862961][T30852] try_charge+0x102c/0x15c0 [ 2029.867488][T30852] ? find_held_lock+0x35/0x130 [ 2029.872276][T30852] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2029.877854][T30852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.884169][T30852] ? kasan_check_read+0x11/0x20 [ 2029.889206][T30852] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2029.894762][T30852] mem_cgroup_try_charge+0x24d/0x5e0 [ 2029.900060][T30852] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2029.905708][T30852] wp_page_copy+0x408/0x1740 [ 2029.910297][T30852] ? find_held_lock+0x35/0x130 [ 2029.915084][T30852] ? pmd_pfn+0x1d0/0x1d0 [ 2029.919338][T30852] ? lock_downgrade+0x880/0x880 [ 2029.924200][T30852] ? __pte_alloc_kernel+0x220/0x220 [ 2029.929411][T30852] ? kasan_check_read+0x11/0x20 [ 2029.934264][T30852] ? do_raw_spin_unlock+0x57/0x270 [ 2029.939394][T30852] do_wp_page+0x48e/0x1500 [ 2029.943819][T30852] ? do_raw_spin_lock+0x12a/0x2e0 [ 2029.948855][T30852] ? rwlock_bug.part.0+0x90/0x90 [ 2029.953793][T30852] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2029.959166][T30852] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2029.964897][T30852] __handle_mm_fault+0x22e8/0x3ec0 [ 2029.970020][T30852] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2029.975576][T30852] ? find_held_lock+0x35/0x130 [ 2029.980369][T30852] ? handle_mm_fault+0x322/0xb30 [ 2029.985315][T30852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2029.991585][T30852] ? kasan_check_read+0x11/0x20 [ 2029.996444][T30852] handle_mm_fault+0x43f/0xb30 [ 2030.001216][T30852] __do_page_fault+0x5ef/0xda0 [ 2030.005991][T30852] do_page_fault+0x71/0x581 [ 2030.010500][T30852] ? page_fault+0x8/0x30 [ 2030.014742][T30852] page_fault+0x1e/0x30 [ 2030.018895][T30852] RIP: 0033:0x40e018 [ 2030.022787][T30852] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ac e3 4b 00 31 c0 e8 03 39 ff ff 31 ff e8 4c 35 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 4e 24 64 00 [ 2030.042402][T30852] RSP: 002b:0000000000a4fb00 EFLAGS: 00010246 [ 2030.048482][T30852] RAX: 0000000031e3bc2d RBX: 00000000cff4ebcc RCX: 0000001b31220000 [ 2030.056543][T30852] RDX: 0000000000000000 RSI: 0000000000001c2d RDI: ffffffff31e3bc2d [ 2030.064519][T30852] RBP: 0000000000000005 R08: 0000000031e3bc2d R09: 0000000031e3bc31 [ 2030.072505][T30852] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 000000000073c028 [ 2030.080483][T30852] R13: 0000000080000000 R14: 00007ff7708ad008 R15: 0000000000000005 [ 2030.111840][T30852] memory: usage 307172kB, limit 307200kB, failcnt 12513 [ 2030.129371][T30852] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2030.154679][T30852] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2030.181424][T30852] Memory cgroup stats for /syz2: cache:48KB rss:91428KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91512KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2030.208888][T30852] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30390,uid=0 [ 2030.229412][T30852] Memory cgroup out of memory: Killed process 30390 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 2030.248693][ T1044] oom_reaper: reaped process 30390 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:06:00 executing program 4: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1825) 05:06:00 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000b00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000004020f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e66450f7df7c62865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x7, 0x100) write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20}, 0x20) 05:06:00 executing program 4: syz_execute_func(&(0x7f0000000e00)="4a2be966420f72f0f50f0578f3aec4a37bf0c50341e2e926b5c9f34a0f38f60128218d00a30000262ff342906646da4e3292221322131dd919dec4366545e399dc55b1e617c980008080e2859ed23c788fe97c810f69e08f4cbec5c441eb5e038fc4a1c573d1f6c4613fc21d9053c7ab86c4213e537700c4e13ddadf497dbf8259438f34b20f68803000000056f20fbd63c3670f01d8168728ea0ff341ab00fe8f08e4a25600b10f820c08000000000081660fdf53098f49609a56c402795837c4027d78d3dee450c1f041fe02d134e146dec43b7d0fe4e4f4c462fd982c7bca30cabb3cbb3c0209912af3430f47bb00000000000045dc0f84507899994781ae00100000f10000002e470fae8012000008c8003a3a10dd4805dfdf63a5b76e0b0ba17ae64295589cffff9f367a367a7197a8820000004577cb0c0ce42e00400d000800007c1002020606b274c4410ff9720d838f09e89a5b00ddfafa485cc44105f630c44281a806c44115638b0c0000002c738374fb0a07c40155f64e0666460fddc7eced36660f38058b97619236c421c96b82e26263209797c7910002c1045c0b47cc47cc66420f1a436e2ef246e16d44800170bb00004242fbc9880c00c461b016a7df6900003422") syz_execute_func(&(0x7f0000000300)="c4e379614832074a2be91cb9980f053ef3aec4a37bf0c50041e2e92e2e66460fd40c999a070000dfce386300262fed80660f38463da1637963790600000f4edadad2dec49edc57b1e67d0be825259551fa0040dbe1f3470f6f8b248a00000f41fe66430fe22c3b4cbec5c55de10f2c718f5656c475298dbc1146deb1090000005670b6de3fc401f9e6950800000081f0430f40b267f34cb4baf281f999899999a8270f014700664105ba16f2ae66410f3aaf288842f72bfd660fdf536b450ff7ed8e99e1430faec4a27921f97cd8edf7d8a1a12ad764c4643a5f4066bd0ffe383bd4d467460f330002f4c4e250f396f1ffffff3a01390f30ca20cac4627d1df1f20fc70e00dd6fc4c2801d9c96c9e8e9362e36f2a796d0818194d800092ddd8f0b00c4a17ae64295007b1cffd0c422b59aa9a7a400002e36646466264683b9080000000d5df698b90000002e440fdd0636b2aad9c741af0fd97b8bc104c0414c598374fb0a070f001e66400fe3d357000026dbe3edc4037d092101f20f1dbe00100000660f3835f1cd65970d22045c0b07d56e474cf92f5c65c4002d08000000009b42a7a728f356564401a9bb40cb4245dbd7c4a2fd2a953ce70000d53131fbc4a2750831c44109f89700008020") 05:06:00 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00e063020f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000c00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 2: remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x5fc, 0x4000) r0 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x400, 0x200000) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000180)=0x5) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f00000001c0)) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000600)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_pts(r0, 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[], 0x35b) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x100000009b4b62b}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) accept(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f0000000580)) 05:06:00 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000066020f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:00 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) signalfd4(r2, &(0x7f00000003c0)={0x4}, 0x8, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x2, &(0x7f0000000380)={{0x0, 0x7530}, {0x77359400}}, &(0x7f0000000400)) r3 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2030.985512][T30920] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 05:06:01 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000d00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2031.091305][T30920] CPU: 1 PID: 30920 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2031.099444][T30920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2031.109512][T30920] Call Trace: [ 2031.112819][T30920] dump_stack+0x172/0x1f0 [ 2031.117175][T30920] dump_header+0x10f/0xb6c [ 2031.121604][T30920] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2031.127420][T30920] ? ___ratelimit+0x60/0x595 [ 2031.132011][T30920] ? do_raw_spin_unlock+0x57/0x270 [ 2031.137110][T30920] oom_kill_process.cold+0x10/0x15 [ 2031.142208][T30920] out_of_memory+0x79a/0x1280 [ 2031.146887][T30920] ? lock_downgrade+0x880/0x880 [ 2031.151741][T30920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.157992][T30920] ? oom_killer_disable+0x280/0x280 [ 2031.163196][T30920] ? find_held_lock+0x35/0x130 [ 2031.167974][T30920] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2031.173530][T30920] ? memcg_event_wake+0x230/0x230 [ 2031.178564][T30920] ? do_raw_spin_unlock+0x57/0x270 [ 2031.183684][T30920] ? _raw_spin_unlock+0x2d/0x50 [ 2031.188556][T30920] try_charge+0x102c/0x15c0 [ 2031.193062][T30920] ? find_held_lock+0x35/0x130 [ 2031.197839][T30920] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2031.203396][T30920] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2031.208953][T30920] ? find_held_lock+0x35/0x130 [ 2031.213723][T30920] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2031.219286][T30920] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2031.224853][T30920] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2031.230063][T30920] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2031.235614][T30920] __memcg_kmem_charge+0x136/0x300 [ 2031.240740][T30920] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2031.246127][T30920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.252379][T30920] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2031.258105][T30920] ? copy_process.part.0+0x1d08/0x7980 [ 2031.263574][T30920] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2031.268869][T30920] ? trace_hardirqs_on+0x67/0x230 [ 2031.273896][T30920] ? kasan_check_read+0x11/0x20 [ 2031.278759][T30920] copy_process.part.0+0x3e0/0x7980 [ 2031.283967][T30920] ? psi_memstall_leave+0x11c/0x180 [ 2031.289183][T30920] ? sched_clock+0x2e/0x50 [ 2031.293606][T30920] ? psi_memstall_leave+0x12e/0x180 [ 2031.298908][T30920] ? find_held_lock+0x35/0x130 [ 2031.303676][T30920] ? psi_memstall_leave+0x12e/0x180 [ 2031.308899][T30920] ? __cleanup_sighand+0x60/0x60 [ 2031.313852][T30920] ? __lock_acquire+0x548/0x3fb0 [ 2031.318793][T30920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.325046][T30920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.331291][T30920] ? debug_smp_processor_id+0x3c/0x280 [ 2031.336788][T30920] _do_fork+0x257/0xfd0 [ 2031.340965][T30920] ? fork_idle+0x1d0/0x1d0 [ 2031.345392][T30920] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2031.351634][T30920] ? lock_downgrade+0x880/0x880 [ 2031.356490][T30920] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2031.362738][T30920] ? blkcg_exit_queue+0x30/0x30 [ 2031.367599][T30920] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2031.373060][T30920] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2031.378523][T30920] ? do_syscall_64+0x26/0x610 [ 2031.383208][T30920] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2031.389279][T30920] ? do_syscall_64+0x26/0x610 [ 2031.393965][T30920] __x64_sys_clone+0xbf/0x150 [ 2031.398915][T30920] do_syscall_64+0x103/0x610 [ 2031.403519][T30920] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2031.409409][T30920] RIP: 0033:0x45b779 [ 2031.413307][T30920] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2031.432931][T30920] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 05:06:01 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1c) ioctl(r0, 0x81000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000000)="120000001a00e5ff017b00000000008000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003300), 0x43b, 0x0, 0x0) 05:06:01 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000030f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2031.441360][T30920] RAX: ffffffffffffffda RBX: 00007ff76ea8b700 RCX: 000000000045b779 [ 2031.449345][T30920] RDX: 00007ff76ea8b9d0 RSI: 00007ff76ea8adb0 RDI: 00000000003d0f00 [ 2031.457330][T30920] RBP: 0000000000a4fcb0 R08: 00007ff76ea8b700 R09: 00007ff76ea8b700 [ 2031.465305][T30920] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2031.473636][T30920] R13: 0000000000a4fb4f R14: 00007ff76ea8b9c0 R15: 000000000073bfac 05:06:01 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a460d00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:01 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') prctl$PR_SET_ENDIAN(0x14, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x0}, &(0x7f0000000480)="85b25ed14548dac4baa42c287cd32ce80853a69fa59e341eef363388bee9a3bb73fe12cd54bc5fb92e9826aac93538682e", 0x31, 0xfffffffffffffff8) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000580)=0x3ff, &(0x7f0000000800)=0x2) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f00000004c0)={r1, 0x628c, 0x5}, &(0x7f0000000780)=ANY=[@ANYBLOB="656e633d706b33e682cbf61c6373312065c1d733bf9dfe42c4a9acd66861f3683d6b7263743130ac696600000000000000000000000000001000"/85], &(0x7f0000000600)="a9974b18cde88a026b47e234180b31898adb8907aba77dcaadf293ea0df99c0377ed308f8c17564842da1eb168633db5f4f97eadd463367530a61b54be7cee7f4cc5bb4470a80a15f172d06d5f471586c344fe04e830a7d95710a2648f1bdddeaa92db0a5bda5d628d0e5fb4453a2178defb6e58edf8fd4eb8ebe81a9472aa0c1eda7e3b0cf9279a00f58f2300e63a5c0d9d44255788e6564099690acdde06d128d291497cc1db38136fcaa10da84aab9c74b8c9e4977b6167b3724a3b1bfce811fc1e33866802c9b34de36db4137a5c6e9671d804d03e96257a17ee51aa", &(0x7f0000000700)="e2a762367531c88fe5c793c59e48306573fa4e2eb5f2a43faee1f8ee2e20f2ab0e5be0c8bf162d553501dcd6d4424ee9f450cea432cfcf8860e71d694fa477de5df94ef51362fabc00d7719588e9b9a6812928e99d55026b5d657dc220fe97275a84e03689d0a5488662610a9071e7b8") ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000880)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000a00)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x4209000}, 0xc, &(0x7f00000009c0)={&(0x7f00000008c0)={0xd0, r2, 0x20, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0x34, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_LINK={0x34, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x448f3bab}]}]}, @TIPC_NLA_MEDIA={0x20, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MEDIA={0x18, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000000}, 0x20004010) r3 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000a40)={0x0, 0x2}, &(0x7f0000000a80)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000ac0)={r5, 0x505b}, &(0x7f0000000b00)=0x8) bind$alg(r4, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r4, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380)={{}, {0x0, 0x2710}}, &(0x7f0000000440)) r6 = accept$alg(r4, 0x0, 0x0) r7 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) fchmod(r3, 0x6) creat(&(0x7f0000000540)='./file0\x00', 0x43) recvmmsg(r6, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) setsockopt(r7, 0x5, 0xfffffffffffffff8, &(0x7f0000000500)="09583f42d934297a7bdf0759c4c995b86a70ed2d0f1ff0dfb40de64f69fea4f5963290efe8c02358aed992", 0x2b) 05:06:01 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000009c0)={0x5, 0x0, [{0x0, 0x1a, &(0x7f0000000040)=""/26}, {0x0, 0x0, 0x0}, {0xf000, 0x9, &(0x7f0000000080)=""/9}, {0xd000, 0x86, &(0x7f0000000640)=""/134}, {0xd000, 0xf8, &(0x7f00000007c0)=""/248}]}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000300)) 05:06:01 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) write(r1, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) perf_event_open(&(0x7f00004e7000)={0x200000002, 0x70, 0xe1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x10000) 05:06:01 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000040f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2031.715661][T30920] memory: usage 307168kB, limit 307200kB, failcnt 12543 [ 2031.729726][T30920] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2031.819253][T30920] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2031.832864][T30920] Memory cgroup stats for /syz2: cache:48KB rss:91484KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91532KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2031.907248][T30920] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=30901,uid=0 [ 2031.949167][T30920] Memory cgroup out of memory: Killed process 30901 (syz-executor.2) total-vm:72712kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB [ 2032.013384][ T1044] oom_reaper: reaped process 30901 (syz-executor.2), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2032.078129][T30921] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2032.140643][T30921] CPU: 0 PID: 30921 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2032.148746][T30921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2032.158804][T30921] Call Trace: [ 2032.162107][T30921] dump_stack+0x172/0x1f0 [ 2032.166454][T30921] dump_header+0x10f/0xb6c [ 2032.170886][T30921] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2032.176707][T30921] ? ___ratelimit+0x60/0x595 [ 2032.181305][T30921] ? do_raw_spin_unlock+0x57/0x270 [ 2032.186445][T30921] oom_kill_process.cold+0x10/0x15 [ 2032.192360][T30921] out_of_memory+0x79a/0x1280 [ 2032.197054][T30921] ? oom_killer_disable+0x280/0x280 [ 2032.202254][T30921] ? find_held_lock+0x35/0x130 [ 2032.207037][T30921] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2032.212586][T30921] ? memcg_event_wake+0x230/0x230 [ 2032.217627][T30921] ? do_raw_spin_unlock+0x57/0x270 [ 2032.222762][T30921] ? _raw_spin_unlock+0x2d/0x50 [ 2032.227622][T30921] try_charge+0xa87/0x15c0 [ 2032.232048][T30921] ? find_held_lock+0x35/0x130 [ 2032.236834][T30921] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2032.242382][T30921] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2032.247932][T30921] ? find_held_lock+0x35/0x130 [ 2032.252705][T30921] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2032.258278][T30921] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2032.263835][T30921] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2032.269047][T30921] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2032.274614][T30921] __memcg_kmem_charge+0x136/0x300 [ 2032.279740][T30921] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2032.285122][T30921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.291380][T30921] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2032.297114][T30921] ? copy_process.part.0+0x1d08/0x7980 [ 2032.302584][T30921] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2032.307880][T30921] ? trace_hardirqs_on+0x67/0x230 [ 2032.312911][T30921] ? kasan_check_read+0x11/0x20 [ 2032.317775][T30921] copy_process.part.0+0x3e0/0x7980 [ 2032.322983][T30921] ? debug_check_no_obj_freed+0x200/0x464 [ 2032.328710][T30921] ? find_held_lock+0x35/0x130 [ 2032.333488][T30921] ? debug_check_no_obj_freed+0x200/0x464 [ 2032.339223][T30921] ? kasan_check_write+0x14/0x20 [ 2032.344171][T30921] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2032.350412][T30921] ? filename_lookup+0x294/0x410 [ 2032.355350][T30921] ? __cleanup_sighand+0x60/0x60 [ 2032.360274][T30921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.366515][T30921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.372750][T30921] ? getname_flags+0x300/0x5b0 [ 2032.377499][T30921] ? getname_flags+0x300/0x5b0 [ 2032.382245][T30921] ? rcu_read_lock_sched_held+0x110/0x130 [ 2032.387965][T30921] _do_fork+0x257/0xfd0 [ 2032.392119][T30921] ? fork_idle+0x1d0/0x1d0 [ 2032.396527][T30921] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.402760][T30921] ? do_sys_truncate.part.0+0xbc/0x150 [ 2032.408219][T30921] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2032.413672][T30921] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2032.419111][T30921] ? do_syscall_64+0x26/0x610 [ 2032.423774][T30921] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2032.429828][T30921] ? do_syscall_64+0x26/0x610 [ 2032.434500][T30921] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2032.439767][T30921] __ia32_sys_vfork+0x1f/0x30 [ 2032.444439][T30921] do_syscall_64+0x103/0x610 [ 2032.449037][T30921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2032.454920][T30921] RIP: 0033:0x2000000a [ 2032.458977][T30921] Code: Bad RIP value. [ 2032.463021][T30921] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a [ 2032.471412][T30921] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2032.479367][T30921] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2032.487339][T30921] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 2032.495311][T30921] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2032.503288][T30921] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2032.544798][T30921] memory: usage 305004kB, limit 307200kB, failcnt 12543 [ 2032.566100][T30921] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2032.573785][T30921] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2032.581162][T30921] Memory cgroup stats for /syz2: cache:48KB rss:89400KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:89380KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2032.602914][T30921] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14528,uid=0 [ 2032.618412][T30921] Memory cgroup out of memory: Killed process 14528 (syz-executor.2) total-vm:72448kB, anon-rss:2172kB, file-rss:34816kB, shmem-rss:0kB 05:06:02 executing program 2: syz_execute_func(&(0x7f0000000500)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53ef65450f3803a3000000006766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2c4e1fa7ed3c4e3295d4c3dc8a3c4c1045cccc4426507af0f00000042df84383e0000005cf3460f2ad0f30f5ea5a9a50000ffff660f79ca55c442294627b83a00a2f1fbfb766208cf") r0 = fanotify_init(0x52, 0x101000) fchdir(r0) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={0x0, 0x0, 0xffffffffffffff9c}) r3 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x8, 0x1) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000100)={r2, 0x80000, r3}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x0, 0x4, {0x0, 0x0, 0x0, 0xfffffffffffffffd}}, 0xb3) 05:06:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") socket$inet6_sctp(0xa, 0x5, 0x84) fcntl$dupfd(r0, 0x0, r0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0) syz_execute_func(&(0x7f00000001c0)="984a2ae92cb8b64c0f05bf06000000c4a37bf0c5c041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fdee51bc421045f4607f2f0fe4900c426f2f045f61964620f38fd52262e2e66450f7d64c608c4a3bd4877f88a0383397fd3ff3a00efa1a12ad764d3cf53afaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000f2d8f0b000000c2a0c10b00cca27a0e0f414e53d2c40f0f9f3c6436b2aa66450fc4650000c4e39978c104c441c05983f9070bb3ddcdcda284635e4c3fcaa3c4c1045ccc7d7526802d08000000170f5fd25c450f91f3f30f5ea5a9a50000ffffbedc4e61c9553131b83a00a2f1fbfb3b62") perf_event_open$cgroup(&(0x7f0000000180)={0x0, 0xfffffffffffffdcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:06:02 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a001a00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:02 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000c00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:02 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) ioctl$RTC_WIE_ON(r0, 0x700f) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:02 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000060f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2032.634940][ T1044] oom_reaper: reaped process 14528 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2032.649743][T31322] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2032.718823][T31322] CPU: 1 PID: 31322 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2032.726946][T31322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2032.737004][T31322] Call Trace: [ 2032.740512][T31322] dump_stack+0x172/0x1f0 [ 2032.744867][T31322] dump_header+0x10f/0xb6c [ 2032.749298][T31322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2032.755123][T31322] ? ___ratelimit+0x60/0x595 [ 2032.759728][T31322] ? do_raw_spin_unlock+0x57/0x270 [ 2032.764858][T31322] oom_kill_process.cold+0x10/0x15 [ 2032.770450][T31322] out_of_memory+0x79a/0x1280 [ 2032.775149][T31322] ? oom_killer_disable+0x280/0x280 [ 2032.780363][T31322] ? find_held_lock+0x35/0x130 [ 2032.785148][T31322] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2032.790708][T31322] ? memcg_event_wake+0x230/0x230 [ 2032.795751][T31322] ? do_raw_spin_unlock+0x57/0x270 [ 2032.800963][T31322] ? _raw_spin_unlock+0x2d/0x50 [ 2032.805829][T31322] try_charge+0x102c/0x15c0 [ 2032.810370][T31322] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2032.815931][T31322] ? rcu_read_lock_sched_held+0x110/0x130 [ 2032.821662][T31322] ? __alloc_pages_nodemask+0x61d/0x8d0 [ 2032.827216][T31322] ? find_held_lock+0x35/0x130 [ 2032.831997][T31322] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2032.837551][T31322] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2032.842759][T31322] ? cache_grow_begin+0x594/0x860 [ 2032.847791][T31322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2032.853091][T31322] ? trace_hardirqs_on+0x67/0x230 [ 2032.858134][T31322] cache_grow_begin+0x5c0/0x860 [ 2032.863000][T31322] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2032.868816][T31322] ? __cpuset_node_allowed+0x136/0x540 [ 2032.874300][T31322] fallback_alloc+0x1fd/0x2d0 [ 2032.879009][T31322] ____cache_alloc_node+0x1be/0x1e0 [ 2032.884219][T31322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2032.890477][T31322] kmem_cache_alloc_node_trace+0xec/0x720 [ 2032.896222][T31322] __kmalloc_node+0x3d/0x70 [ 2032.900737][T31322] kvmalloc_node+0x68/0x100 [ 2032.905254][T31322] alloc_fdtable+0xd6/0x290 [ 2032.909769][T31322] dup_fd+0x743/0xb30 [ 2032.913774][T31322] copy_process.part.0+0x1e92/0x7980 [ 2032.919071][T31322] ? debug_check_no_obj_freed+0x200/0x464 [ 2032.924803][T31322] ? find_held_lock+0x35/0x130 [ 2032.929587][T31322] ? debug_check_no_obj_freed+0x200/0x464 [ 2032.935339][T31322] ? kasan_check_write+0x14/0x20 [ 2032.940288][T31322] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2032.946564][T31322] ? __cleanup_sighand+0x60/0x60 [ 2032.951513][T31322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.957769][T31322] ? getname_flags+0x300/0x5b0 [ 2032.962545][T31322] ? getname_flags+0x300/0x5b0 [ 2032.967330][T31322] ? rcu_read_lock_sched_held+0x110/0x130 [ 2032.973067][T31322] _do_fork+0x257/0xfd0 [ 2032.977245][T31322] ? fork_idle+0x1d0/0x1d0 [ 2032.981674][T31322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2032.987927][T31322] ? do_sys_truncate.part.0+0xbc/0x150 [ 2032.993402][T31322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2032.998876][T31322] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2033.004354][T31322] ? do_syscall_64+0x26/0x610 [ 2033.009040][T31322] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2033.015115][T31322] ? do_syscall_64+0x26/0x610 [ 2033.019802][T31322] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2033.025109][T31322] __ia32_sys_vfork+0x1f/0x30 [ 2033.029797][T31322] do_syscall_64+0x103/0x610 [ 2033.034414][T31322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2033.040421][T31322] RIP: 0033:0x2000000a [ 2033.044512][T31322] Code: Bad RIP value. [ 2033.048578][T31322] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a [ 2033.056997][T31322] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2033.064974][T31322] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2033.072954][T31322] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 2033.080931][T31322] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2033.088911][T31322] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2033.100552][T31322] memory: usage 307200kB, limit 307200kB, failcnt 2963 [ 2033.108308][T31322] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2033.116572][T31322] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2033.124287][T31322] Memory cgroup stats for /syz5: cache:52KB rss:207032KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:207116KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2033.158098][T31322] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=27925,uid=0 [ 2033.177469][T31322] Memory cgroup out of memory: Killed process 27925 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB 05:06:03 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1afb2200c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:03 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) syz_execute_func(&(0x7f0000000500)="994a2ae92c0c964c0f05bf03000000c4a37bf0c5fec48229ddb4219953d9b9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa10c42255030b2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b0aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f28346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb7662") r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x1f, 0x4000) getsockopt$inet6_opts(r1, 0x29, 0x3f, &(0x7f0000000640)=""/240, &(0x7f0000000100)=0xf0) semtimedop(0x0, &(0x7f0000000040)=[{}, {}], 0x2, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x40000) ioctl$SCSI_IOCTL_DOORLOCK(r2, 0x5380) semtimedop(0x0, &(0x7f0000000080)=[{0x0, 0xa0008000}], 0x1, 0x0) r3 = semget(0x2, 0x0, 0x11) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-control\x00', 0x80000, 0x0) ioctl$NBD_DISCONNECT(r4, 0xab08) semctl$GETNCNT(r3, 0x2, 0xe, &(0x7f00000001c0)=""/72) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, 0x0, 0x1f, 0x0, "8cfd17683eaf86caa36a56085a0e7148d422d0640e3963d1486416f1f01f50592a57034a447368bfbb99a752f5ba76006d52250bc1b8f0d67ae5f887887601f072bf19cf2919390ff98b54962a74c39c"}, 0xd8) socket$can_raw(0x1d, 0x3, 0x1) 05:06:03 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x6, 0x480) ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000180)={0x4a15, 0x583}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:03 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfff000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2033.359224][T31348] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2033.411463][T31348] CPU: 0 PID: 31348 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2033.419558][T31348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2033.429620][T31348] Call Trace: [ 2033.432923][T31348] dump_stack+0x172/0x1f0 [ 2033.437273][T31348] dump_header+0x10f/0xb6c [ 2033.441726][T31348] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2033.447542][T31348] ? ___ratelimit+0x60/0x595 [ 2033.452146][T31348] ? do_raw_spin_unlock+0x57/0x270 [ 2033.457290][T31348] oom_kill_process.cold+0x10/0x15 [ 2033.462451][T31348] out_of_memory+0x79a/0x1280 [ 2033.467171][T31348] ? oom_killer_disable+0x280/0x280 [ 2033.472397][T31348] ? find_held_lock+0x35/0x130 [ 2033.477196][T31348] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2033.482782][T31348] ? memcg_event_wake+0x230/0x230 [ 2033.487840][T31348] ? do_raw_spin_unlock+0x57/0x270 [ 2033.492966][T31348] ? _raw_spin_unlock+0x2d/0x50 [ 2033.497837][T31348] try_charge+0xa87/0x15c0 [ 2033.502260][T31348] ? find_held_lock+0x35/0x130 [ 2033.507054][T31348] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2033.512614][T31348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2033.518884][T31348] ? kasan_check_read+0x11/0x20 [ 2033.523757][T31348] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2033.529351][T31348] mem_cgroup_try_charge+0x24d/0x5e0 [ 2033.534662][T31348] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2033.540308][T31348] wp_page_copy+0x408/0x1740 [ 2033.544929][T31348] ? find_held_lock+0x35/0x130 [ 2033.549705][T31348] ? pmd_pfn+0x1d0/0x1d0 [ 2033.553967][T31348] ? lock_downgrade+0x880/0x880 [ 2033.558835][T31348] ? swp_swapcount+0x540/0x540 [ 2033.563625][T31348] ? kasan_check_read+0x11/0x20 [ 2033.568491][T31348] ? do_raw_spin_unlock+0x57/0x270 [ 2033.573627][T31348] do_wp_page+0x48e/0x1500 [ 2033.578064][T31348] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2033.583472][T31348] __handle_mm_fault+0x22e8/0x3ec0 [ 2033.588619][T31348] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2033.594212][T31348] ? find_held_lock+0x35/0x130 [ 2033.599024][T31348] ? handle_mm_fault+0x322/0xb30 [ 2033.604008][T31348] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2033.610302][T31348] ? kasan_check_read+0x11/0x20 [ 2033.615213][T31348] handle_mm_fault+0x43f/0xb30 [ 2033.620006][T31348] __do_page_fault+0x5ef/0xda0 [ 2033.624813][T31348] do_page_fault+0x71/0x581 [ 2033.629366][T31348] ? page_fault+0x8/0x30 [ 2033.633646][T31348] page_fault+0x1e/0x30 [ 2033.638615][T31348] RIP: 0033:0x4573fb [ 2033.642527][T31348] Code: 25 20 06 00 00 b8 20 39 41 00 48 89 15 ce f3 5f 00 48 85 c0 74 08 4c 89 cf e8 31 c5 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 8a cb 2b 00 00 00 00 00 48 c7 05 6f cb 2b 00 00 00 00 00 05:06:03 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfff000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:03 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a022300c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2033.662151][T31348] RSP: 002b:0000000000a4fd30 EFLAGS: 00010206 [ 2033.668226][T31348] RAX: 0000000000000000 RBX: 0000000000a4fd30 RCX: 0000000000413933 [ 2033.676209][T31348] RDX: 00000443851a5b11 RSI: 0000000000000018 RDI: 000000000263ec20 [ 2033.684198][T31348] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2033.692184][T31348] R10: 000000000263ec10 R11: 0000000000000202 R12: 0000000000000001 [ 2033.700170][T31348] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:06:03 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_procfs(0x0, &(0x7f0000000140)='nr\v\xda\xd4rotocols\x00') ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000180)) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000240)={0xea, 0x401, 0x9, "d4ceaf89585561fdef8777c107581ed76a4e2055a412bf44b82eda04c214ce400c6d334b40d61ff16cbd4bbced729f7e55bdcdcbd9b200e58b9329fe56f79374bbb3f6c299dd19096b412432b5e72d03a8e961d123b2bb769f474397d43078edb1494f7395a3cef354f054b1756983b5009cf8397c6323c086114d264eb869320f3c16fda330ea0c639288eff49ef346ab604c51515c0e9b47b828de924634f400ec9f5620368fb19ed6419e993e9b2ae6caa6673a6abfc06ac3dcf1dd787fef75132a436ba83f91a33b20e1ce53ff753ef7c5211b5baf87a7ef48cd4388b881eb94fe0386515d8adea5"}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:03 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000600)='/dev/cec#\x00', 0x3, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f00000003c0)={0x1, 0x0, {0x4, 0x1, 0x6, 0x81}}) ioctl$sock_inet6_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000480)) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000500)={0x0, @bt={0x6, 0x8, 0x1, 0x3, 0x0, 0x7, 0x0, 0xffffffffffff0001, 0x1, 0x8001, 0x7, 0x2, 0x0, 0x3611, 0x14, 0x20}}) r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000000)=0x6, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000800), &(0x7f0000000840)=0x4) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f00000004c0)={r0}) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) connect$bt_rfcomm(r0, &(0x7f00000007c0)={0x1f, {0x7, 0x1000, 0x0, 0xffffffff, 0x80, 0x7}, 0x1}, 0xa) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) fstat(r1, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ATTR(r0, &(0x7f0000000740)={0x78, 0x0, 0x8, {0x0, 0x8, 0x0, {0x2, 0x4e3a24c7, 0x1000, 0x13, 0x8b2, 0x1, 0x28, 0x3, 0x20, 0x10000, 0x87, r3, r4, 0x1, 0x80000000}}}, 0x78) r5 = accept$alg(r2, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f0000000400), 0x4) recvmmsg(r5, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2033.752154][T31348] memory: usage 307008kB, limit 307200kB, failcnt 2963 [ 2033.759481][T31348] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2033.769854][T31348] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2033.779033][T31348] Memory cgroup stats for /syz5: cache:52KB rss:207032KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:207084KB inactive_file:0KB active_file:0KB unevictable:0KB 05:06:03 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, 0x0, 0x1c8) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) io_uring_register$IORING_UNREGISTER_BUFFERS(r0, 0x1, 0x0, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0xa0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) connect$netlink(r0, &(0x7f00000003c0)=@kern={0x10, 0x0, 0x0, 0x5000}, 0xc) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2033.894715][T31348] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29569,uid=0 [ 2033.922454][T31348] Memory cgroup out of memory: Killed process 29569 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35784kB, shmem-rss:0kB 05:06:03 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfff000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:04 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = dup(0xffffffffffffff9c) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000280)=0x4) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x18000, 0x0) syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x10001, 0x400640) writev(r1, &(0x7f0000000200)=[{&(0x7f0000000180)="22ced3e6e4124ff4197c595d9c6c8b93c95bc25e8a6d8e96557ae378d2903caeb3f09490f083a95636426d2d1b079124ef891502fa62eb7abd42438d899bf1f5561177ddb1fd89cf71cd05bb8b5c4d8096b5969d6e671f5ee13e6878c8292b7aa6f211a789402f6b286a99919c0daa65b8a7296e30ce80b21127add3ad1e", 0x7e}], 0x1) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2034.353315][T31897] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2034.402038][T31897] CPU: 1 PID: 31897 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2034.410152][T31897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2034.420213][T31897] Call Trace: [ 2034.423517][T31897] dump_stack+0x172/0x1f0 [ 2034.427872][T31897] dump_header+0x10f/0xb6c [ 2034.432301][T31897] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2034.438125][T31897] ? ___ratelimit+0x60/0x595 [ 2034.442726][T31897] ? do_raw_spin_unlock+0x57/0x270 [ 2034.447862][T31897] oom_kill_process.cold+0x10/0x15 [ 2034.452996][T31897] out_of_memory+0x79a/0x1280 [ 2034.457698][T31897] ? lock_downgrade+0x880/0x880 [ 2034.462553][T31897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2034.468805][T31897] ? oom_killer_disable+0x280/0x280 [ 2034.474018][T31897] ? find_held_lock+0x35/0x130 [ 2034.478801][T31897] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2034.484365][T31897] ? memcg_event_wake+0x230/0x230 [ 2034.489408][T31897] ? do_raw_spin_unlock+0x57/0x270 [ 2034.494535][T31897] ? _raw_spin_unlock+0x2d/0x50 [ 2034.499399][T31897] try_charge+0x102c/0x15c0 [ 2034.503913][T31897] ? find_held_lock+0x35/0x130 [ 2034.508706][T31897] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2034.514272][T31897] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2034.519833][T31897] ? find_held_lock+0x35/0x130 [ 2034.524621][T31897] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2034.530191][T31897] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2034.535752][T31897] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2034.540971][T31897] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2034.546548][T31897] __memcg_kmem_charge+0x136/0x300 [ 2034.551695][T31897] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2034.557087][T31897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2034.563365][T31897] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2034.569123][T31897] ? copy_process.part.0+0x1d08/0x7980 [ 2034.574616][T31897] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2034.579918][T31897] ? trace_hardirqs_on+0x67/0x230 [ 2034.584933][T31897] ? kasan_check_read+0x11/0x20 [ 2034.589793][T31897] copy_process.part.0+0x3e0/0x7980 [ 2034.595014][T31897] ? debug_check_no_obj_freed+0x200/0x464 [ 2034.600732][T31897] ? find_held_lock+0x35/0x130 [ 2034.605491][T31897] ? debug_check_no_obj_freed+0x200/0x464 [ 2034.611207][T31897] ? kasan_check_write+0x14/0x20 [ 2034.616140][T31897] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2034.622377][T31897] ? filename_parentat.isra.0+0x2d5/0x410 [ 2034.628089][T31897] ? getname+0x20/0x20 [ 2034.632194][T31897] ? __cleanup_sighand+0x60/0x60 [ 2034.637139][T31897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2034.643394][T31897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2034.649645][T31897] ? getname_flags+0x300/0x5b0 [ 2034.654426][T31897] ? getname_flags+0x300/0x5b0 [ 2034.659217][T31897] ? rcu_read_lock_sched_held+0x110/0x130 [ 2034.664942][T31897] ? kmem_cache_free+0x225/0x260 [ 2034.669879][T31897] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2034.675780][T31897] _do_fork+0x257/0xfd0 [ 2034.679941][T31897] ? fork_idle+0x1d0/0x1d0 [ 2034.684365][T31897] ? __ia32_sys_mkdir+0x80/0x80 [ 2034.689336][T31897] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2034.694814][T31897] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2034.700293][T31897] ? do_syscall_64+0x26/0x610 [ 2034.705001][T31897] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2034.711073][T31897] ? do_syscall_64+0x26/0x610 [ 2034.721657][T31897] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2034.726983][T31897] __ia32_sys_fork+0x1f/0x30 [ 2034.731584][T31897] do_syscall_64+0x103/0x610 [ 2034.736201][T31897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2034.742090][T31897] RIP: 0033:0x2000000a [ 2034.746161][T31897] Code: Bad RIP value. 05:06:04 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000080f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:04 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a003f00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:04 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:04 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf28000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:04 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x2, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2034.750210][T31897] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2034.758624][T31897] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2034.766592][T31897] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2034.775651][T31897] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2034.783789][T31897] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2034.791957][T31897] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2034.846763][T31897] memory: usage 307108kB, limit 307200kB, failcnt 2990 [ 2034.853785][T31897] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2034.874630][T31897] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2034.895461][T31897] Memory cgroup stats for /syz5: cache:52KB rss:207032KB rss_huge:161792KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:207136KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2034.925258][T31897] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=10224,uid=0 [ 2034.945655][T31897] Memory cgroup out of memory: Killed process 10224 (syz-executor.5) total-vm:72448kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB 05:06:04 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:05 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf28000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2035.030595][T31864] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 05:06:05 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a004000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2035.119932][T31864] CPU: 0 PID: 31864 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2035.128050][T31864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2035.138118][T31864] Call Trace: [ 2035.141440][T31864] dump_stack+0x172/0x1f0 [ 2035.145837][T31864] dump_header+0x10f/0xb6c [ 2035.150450][T31864] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2035.156276][T31864] ? ___ratelimit+0x60/0x595 [ 2035.160885][T31864] ? do_raw_spin_unlock+0x57/0x270 [ 2035.166025][T31864] oom_kill_process.cold+0x10/0x15 [ 2035.171158][T31864] out_of_memory+0x79a/0x1280 [ 2035.175855][T31864] ? oom_killer_disable+0x280/0x280 [ 2035.181063][T31864] ? find_held_lock+0x35/0x130 [ 2035.185845][T31864] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2035.191400][T31864] ? memcg_event_wake+0x230/0x230 [ 2035.196446][T31864] ? do_raw_spin_unlock+0x57/0x270 [ 2035.201582][T31864] ? _raw_spin_unlock+0x2d/0x50 [ 2035.206451][T31864] try_charge+0x102c/0x15c0 [ 2035.210970][T31864] ? find_held_lock+0x35/0x130 [ 2035.215767][T31864] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2035.221334][T31864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2035.227606][T31864] ? kasan_check_read+0x11/0x20 [ 2035.232487][T31864] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2035.238137][T31864] mem_cgroup_try_charge+0x24d/0x5e0 [ 2035.243453][T31864] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2035.249121][T31864] wp_page_copy+0x408/0x1740 [ 2035.253728][T31864] ? find_held_lock+0x35/0x130 [ 2035.258530][T31864] ? pmd_pfn+0x1d0/0x1d0 [ 2035.262800][T31864] ? lock_downgrade+0x880/0x880 05:06:05 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf28000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2035.267669][T31864] ? swp_swapcount+0x540/0x540 [ 2035.272466][T31864] ? kasan_check_read+0x11/0x20 [ 2035.277361][T31864] ? do_raw_spin_unlock+0x57/0x270 [ 2035.282506][T31864] do_wp_page+0x48e/0x1500 [ 2035.286941][T31864] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2035.292356][T31864] __handle_mm_fault+0x22e8/0x3ec0 [ 2035.297508][T31864] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2035.303069][T31864] ? find_held_lock+0x35/0x130 [ 2035.307850][T31864] ? handle_mm_fault+0x322/0xb30 [ 2035.312809][T31864] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 05:06:05 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) uselib(&(0x7f00000003c0)='./file0\x00') ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) socketpair(0xa, 0x801, 0x2, &(0x7f0000000400)) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000480)="3f9f63a296481ec20ff92b8e4e5accaea2de7ec63e04220b98f8ab661c8352d60b286914750a6a2fd22ba74894b3df03091a2ee958dbc35c8a9c9400"/70, 0xfffffffffffffff2) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2035.319058][T31864] ? kasan_check_read+0x11/0x20 [ 2035.319080][T31864] handle_mm_fault+0x43f/0xb30 [ 2035.319101][T31864] __do_page_fault+0x5ef/0xda0 [ 2035.319122][T31864] do_page_fault+0x71/0x581 [ 2035.319137][T31864] ? page_fault+0x8/0x30 [ 2035.319152][T31864] page_fault+0x1e/0x30 [ 2035.319165][T31864] RIP: 0033:0x41088c [ 2035.319180][T31864] Code: 89 b5 38 ff ff ff 48 83 c8 01 48 89 05 3d fc 63 00 48 8b 05 16 26 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 <4c> 89 70 08 4c 89 35 f9 25 30 00 48 c7 05 0e fc 63 00 00 00 00 00 [ 2035.319194][T31864] RSP: 002b:0000000000a4fae0 EFLAGS: 00010202 [ 2035.342283][T31864] RAX: 00007ff76eaac9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 2035.370074][T31864] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007ff76ea8b6a0 [ 2035.370085][T31864] RBP: 0000000000a4fbc0 R08: 0000000000714800 R09: 0000000000714800 [ 2035.370093][T31864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fcb0 [ 2035.370103][T31864] R13: 00007ff76ea8b700 R14: 00007ff76ea8b9c0 R15: 000000000073bfac [ 2035.390616][T31864] memory: usage 307124kB, limit 307200kB, failcnt 12573 [ 2035.413576][T31864] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2035.442138][T31864] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:05 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0d4600c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2035.453519][T31864] Memory cgroup stats for /syz2: cache:48KB rss:91516KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91452KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2035.490004][T31864] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31487,uid=0 [ 2035.536819][T31864] Memory cgroup out of memory: Killed process 31487 (syz-executor.2) total-vm:72712kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB [ 2035.650828][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2035.672165][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2035.680185][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2035.690358][ T7890] Call Trace: [ 2035.693701][ T7890] dump_stack+0x172/0x1f0 [ 2035.698049][ T7890] dump_header+0x10f/0xb6c [ 2035.702482][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2035.702499][ T7890] ? ___ratelimit+0x60/0x595 [ 2035.702515][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2035.702534][ T7890] oom_kill_process.cold+0x10/0x15 [ 2035.723197][ T7890] out_of_memory+0x79a/0x1280 [ 2035.727905][ T7890] ? oom_killer_disable+0x280/0x280 [ 2035.733142][ T7890] ? find_held_lock+0x35/0x130 [ 2035.733182][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2035.733196][ T7890] ? memcg_event_wake+0x230/0x230 [ 2035.733217][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2035.748593][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2035.748615][ T7890] try_charge+0xa87/0x15c0 [ 2035.748629][ T7890] ? find_held_lock+0x35/0x130 [ 2035.748651][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2035.748670][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2035.778957][ T7890] ? find_held_lock+0x35/0x130 [ 2035.783839][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2035.789445][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2035.795041][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2035.800283][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2035.805879][ T7890] __memcg_kmem_charge+0x136/0x300 [ 2035.811031][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2035.816543][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2035.822412][ T7890] ? copy_page_range+0x125a/0x1f90 [ 2035.827566][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2035.833881][ T7890] alloc_pages_current+0x107/0x210 [ 2035.839000][ T7890] pte_alloc_one+0x1b/0x1a0 [ 2035.843504][ T7890] __pte_alloc+0x20/0x310 [ 2035.847827][ T7890] copy_page_range+0x1529/0x1f90 [ 2035.852768][ T7890] ? find_held_lock+0x35/0x130 [ 2035.857556][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2035.863838][ T7890] ? pmd_alloc+0x180/0x180 [ 2035.868258][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 2035.873716][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 2035.878397][ T7890] ? __vma_link_rb+0x279/0x370 [ 2035.883163][ T7890] copy_process.part.0+0x568b/0x7980 [ 2035.888464][ T7890] ? __cleanup_sighand+0x60/0x60 [ 2035.893406][ T7890] _do_fork+0x257/0xfd0 [ 2035.897576][ T7890] ? fork_idle+0x1d0/0x1d0 [ 2035.902017][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2035.907513][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2035.913168][ T7890] ? do_syscall_64+0x26/0x610 [ 2035.917878][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2035.924063][ T7890] ? do_syscall_64+0x26/0x610 [ 2035.928795][ T7890] __x64_sys_clone+0xbf/0x150 [ 2035.933597][ T7890] do_syscall_64+0x103/0x610 [ 2035.938468][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2035.944493][ T7890] RIP: 0033:0x45737a [ 2035.948391][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2035.968160][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2035.976566][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2035.984568][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2035.992550][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2036.000517][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2036.008479][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2036.023645][ T7890] memory: usage 305012kB, limit 307200kB, failcnt 3014 [ 2036.031006][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.040370][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.048153][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:204880KB rss_huge:159744KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204980KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2036.074960][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19786,uid=0 05:06:06 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cachefiles\x00', 0x200, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000200)={0x2b, 0x4, 0x0, {0x2, 0x1a, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x200080, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r1, 0xae04) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video1\x00', 0x2, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2036.090797][ T7890] Memory cgroup out of memory: Killed process 19786 (syz-executor.5) total-vm:72448kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2036.117986][ T1044] oom_reaper: reaped process 19786 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2036.173030][T32307] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2036.186908][T32307] CPU: 1 PID: 32307 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2036.194998][T32307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2036.205079][T32307] Call Trace: [ 2036.208398][T32307] dump_stack+0x172/0x1f0 [ 2036.212739][T32307] dump_header+0x10f/0xb6c [ 2036.217149][T32307] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2036.222957][T32307] ? ___ratelimit+0x60/0x595 [ 2036.227560][T32307] ? do_raw_spin_unlock+0x57/0x270 [ 2036.232687][T32307] oom_kill_process.cold+0x10/0x15 [ 2036.237803][T32307] out_of_memory+0x79a/0x1280 [ 2036.242496][T32307] ? lock_downgrade+0x880/0x880 [ 2036.247353][T32307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.253604][T32307] ? oom_killer_disable+0x280/0x280 [ 2036.258791][T32307] ? find_held_lock+0x35/0x130 [ 2036.263547][T32307] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2036.269093][T32307] ? memcg_event_wake+0x230/0x230 [ 2036.274111][T32307] ? do_raw_spin_unlock+0x57/0x270 [ 2036.279228][T32307] ? _raw_spin_unlock+0x2d/0x50 [ 2036.284246][T32307] try_charge+0x102c/0x15c0 [ 2036.288747][T32307] ? find_held_lock+0x35/0x130 [ 2036.293603][T32307] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2036.299182][T32307] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2036.304734][T32307] ? find_held_lock+0x35/0x130 [ 2036.309488][T32307] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2036.315047][T32307] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2036.320583][T32307] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2036.325776][T32307] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2036.331350][T32307] __memcg_kmem_charge+0x136/0x300 [ 2036.336483][T32307] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2036.341890][T32307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.348148][T32307] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2036.353898][T32307] ? copy_process.part.0+0x1d08/0x7980 [ 2036.359386][T32307] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2036.364684][T32307] ? trace_hardirqs_on+0x67/0x230 [ 2036.369739][T32307] ? kasan_check_read+0x11/0x20 [ 2036.374616][T32307] copy_process.part.0+0x3e0/0x7980 [ 2036.379824][T32307] ? debug_check_no_obj_freed+0x200/0x464 [ 2036.385548][T32307] ? find_held_lock+0x35/0x130 [ 2036.390321][T32307] ? debug_check_no_obj_freed+0x200/0x464 [ 2036.396313][T32307] ? kasan_check_write+0x14/0x20 [ 2036.401260][T32307] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2036.407508][T32307] ? filename_parentat.isra.0+0x2d5/0x410 [ 2036.413238][T32307] ? getname+0x20/0x20 [ 2036.417308][T32307] ? __cleanup_sighand+0x60/0x60 [ 2036.422244][T32307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.428481][T32307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.434735][T32307] ? getname_flags+0x300/0x5b0 [ 2036.439510][T32307] ? getname_flags+0x300/0x5b0 [ 2036.444280][T32307] ? rcu_read_lock_sched_held+0x110/0x130 [ 2036.449996][T32307] ? kmem_cache_free+0x225/0x260 [ 2036.454944][T32307] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2036.460842][T32307] _do_fork+0x257/0xfd0 [ 2036.465009][T32307] ? fork_idle+0x1d0/0x1d0 [ 2036.469423][T32307] ? __ia32_sys_mkdir+0x80/0x80 [ 2036.474267][T32307] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.479732][T32307] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.485225][T32307] ? do_syscall_64+0x26/0x610 [ 2036.489913][T32307] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2036.495993][T32307] ? do_syscall_64+0x26/0x610 [ 2036.500675][T32307] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2036.505971][T32307] __ia32_sys_fork+0x1f/0x30 [ 2036.510560][T32307] do_syscall_64+0x103/0x610 [ 2036.515148][T32307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2036.521029][T32307] RIP: 0033:0x2000000a [ 2036.525103][T32307] Code: Bad RIP value. [ 2036.529174][T32307] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2036.537607][T32307] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2036.545570][T32307] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2036.553541][T32307] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2036.561530][T32307] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2036.569521][T32307] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2036.581808][T32307] memory: usage 307196kB, limit 307200kB, failcnt 12594 [ 2036.593254][T32307] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.601061][T32307] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2036.608042][T32307] Memory cgroup stats for /syz2: cache:48KB rss:91380KB rss_huge:12288KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:91484KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2036.629424][T32307] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=31895,uid=0 [ 2036.644949][T32307] Memory cgroup out of memory: Killed process 31895 (syz-executor.2) total-vm:72976kB, anon-rss:2236kB, file-rss:35800kB, shmem-rss:0kB [ 2036.661976][ T1044] oom_reaper: reaped process 31895 (syz-executor.2), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 2036.687418][T32303] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2036.700126][T32303] CPU: 1 PID: 32303 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2036.708221][T32303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2036.718290][T32303] Call Trace: [ 2036.721634][T32303] dump_stack+0x172/0x1f0 [ 2036.725968][T32303] dump_header+0x10f/0xb6c [ 2036.730381][T32303] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2036.736183][T32303] ? ___ratelimit+0x60/0x595 [ 2036.740774][T32303] ? do_raw_spin_unlock+0x57/0x270 [ 2036.745927][T32303] oom_kill_process.cold+0x10/0x15 [ 2036.751038][T32303] out_of_memory+0x79a/0x1280 [ 2036.755711][T32303] ? oom_killer_disable+0x280/0x280 [ 2036.760916][T32303] ? find_held_lock+0x35/0x130 [ 2036.765692][T32303] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2036.771235][T32303] ? memcg_event_wake+0x230/0x230 [ 2036.776361][T32303] ? do_raw_spin_unlock+0x57/0x270 [ 2036.781491][T32303] ? _raw_spin_unlock+0x2d/0x50 [ 2036.786364][T32303] try_charge+0xa87/0x15c0 [ 2036.790773][T32303] ? find_held_lock+0x35/0x130 [ 2036.795529][T32303] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2036.801060][T32303] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2036.806596][T32303] ? find_held_lock+0x35/0x130 [ 2036.811363][T32303] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2036.816908][T32303] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2036.822446][T32303] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2036.827735][T32303] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2036.833311][T32303] __memcg_kmem_charge+0x136/0x300 [ 2036.838428][T32303] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2036.843787][T32303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.850020][T32303] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2036.855730][T32303] ? copy_process.part.0+0x1d08/0x7980 [ 2036.861200][T32303] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2036.866470][T32303] ? trace_hardirqs_on+0x67/0x230 [ 2036.871481][T32303] ? kasan_check_read+0x11/0x20 [ 2036.876321][T32303] copy_process.part.0+0x3e0/0x7980 [ 2036.881526][T32303] ? psi_memstall_leave+0x11c/0x180 [ 2036.886747][T32303] ? sched_clock+0x2e/0x50 [ 2036.891156][T32303] ? psi_memstall_leave+0x12e/0x180 [ 2036.896368][T32303] ? find_held_lock+0x35/0x130 [ 2036.901138][T32303] ? psi_memstall_leave+0x12e/0x180 [ 2036.906349][T32303] ? __cleanup_sighand+0x60/0x60 [ 2036.911278][T32303] ? __lock_acquire+0x548/0x3fb0 [ 2036.916294][T32303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.922542][T32303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.928813][T32303] ? debug_smp_processor_id+0x3c/0x280 [ 2036.934303][T32303] _do_fork+0x257/0xfd0 [ 2036.938460][T32303] ? fork_idle+0x1d0/0x1d0 [ 2036.942874][T32303] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2036.948949][T32303] ? lock_downgrade+0x880/0x880 [ 2036.953876][T32303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2036.960122][T32303] ? blkcg_exit_queue+0x30/0x30 [ 2036.964986][T32303] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.970434][T32303] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2036.975981][T32303] ? do_syscall_64+0x26/0x610 [ 2036.980645][T32303] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2036.986702][T32303] ? do_syscall_64+0x26/0x610 [ 2036.991371][T32303] __x64_sys_clone+0xbf/0x150 [ 2036.996048][T32303] do_syscall_64+0x103/0x610 [ 2037.000655][T32303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2037.006545][T32303] RIP: 0033:0x45b779 [ 2037.010470][T32303] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2037.030099][T32303] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2037.038542][T32303] RAX: ffffffffffffffda RBX: 00007ff76ea8b700 RCX: 000000000045b779 [ 2037.046528][T32303] RDX: 00007ff76ea8b9d0 RSI: 00007ff76ea8adb0 RDI: 00000000003d0f00 [ 2037.054502][T32303] RBP: 0000000000a4fcb0 R08: 00007ff76ea8b700 R09: 00007ff76ea8b700 [ 2037.062569][T32303] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2037.070538][T32303] R13: 0000000000a4fb4f R14: 00007ff76ea8b9c0 R15: 000000000073bfac [ 2037.080590][T32303] memory: usage 305032kB, limit 307200kB, failcnt 12594 05:06:07 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000090f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:07 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf27000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:07 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000004000000, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r1 = accept$alg(r0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r1, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:07 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a004c00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:07 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2037.087705][T32303] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2037.095369][T32303] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2037.102441][T32303] Memory cgroup stats for /syz2: cache:48KB rss:89280KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:89332KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:07 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a008800c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2037.237882][T32303] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18205,uid=0 [ 2037.320660][T32303] Memory cgroup out of memory: Killed process 18205 (syz-executor.2) total-vm:72448kB, anon-rss:2172kB, file-rss:34816kB, shmem-rss:0kB 05:06:07 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) getpeername$netlink(r0, &(0x7f00000003c0), &(0x7f0000000400)=0xc) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:07 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000000a0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2037.365676][ T1044] oom_reaper: reaped process 18205 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2037.386629][T32370] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2037.463450][T32370] CPU: 1 PID: 32370 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2037.471580][T32370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2037.481652][T32370] Call Trace: [ 2037.484967][T32370] dump_stack+0x172/0x1f0 [ 2037.489318][T32370] dump_header+0x10f/0xb6c [ 2037.493764][T32370] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2037.499587][T32370] ? ___ratelimit+0x60/0x595 [ 2037.504195][T32370] ? do_raw_spin_unlock+0x57/0x270 [ 2037.509332][T32370] oom_kill_process.cold+0x10/0x15 [ 2037.514557][T32370] out_of_memory+0x79a/0x1280 [ 2037.519254][T32370] ? oom_killer_disable+0x280/0x280 [ 2037.524465][T32370] ? find_held_lock+0x35/0x130 [ 2037.529249][T32370] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2037.534804][T32370] ? memcg_event_wake+0x230/0x230 [ 2037.539862][T32370] ? do_raw_spin_unlock+0x57/0x270 [ 2037.544990][T32370] ? _raw_spin_unlock+0x2d/0x50 [ 2037.549868][T32370] try_charge+0x102c/0x15c0 [ 2037.554388][T32370] ? find_held_lock+0x35/0x130 [ 2037.559182][T32370] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2037.564752][T32370] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2037.570320][T32370] ? find_held_lock+0x35/0x130 [ 2037.575113][T32370] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2037.581817][T32370] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2037.587385][T32370] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2037.592609][T32370] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2037.598185][T32370] __memcg_kmem_charge+0x136/0x300 [ 2037.603368][T32370] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2037.608762][T32370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2037.615029][T32370] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2037.620774][T32370] ? copy_process.part.0+0x1d08/0x7980 [ 2037.626255][T32370] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2037.631560][T32370] ? trace_hardirqs_on+0x67/0x230 [ 2037.637009][T32370] ? kasan_check_read+0x11/0x20 [ 2037.641889][T32370] copy_process.part.0+0x3e0/0x7980 [ 2037.647113][T32370] ? psi_memstall_leave+0x11c/0x180 [ 2037.652386][T32370] ? sched_clock+0x2e/0x50 [ 2037.656820][T32370] ? psi_memstall_leave+0x12e/0x180 [ 2037.662045][T32370] ? find_held_lock+0x35/0x130 [ 2037.666825][T32370] ? psi_memstall_leave+0x12e/0x180 [ 2037.672071][T32370] ? __cleanup_sighand+0x60/0x60 [ 2037.677047][T32370] ? __lock_acquire+0x548/0x3fb0 [ 2037.682014][T32370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2037.688287][T32370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2037.694571][T32370] ? debug_smp_processor_id+0x3c/0x280 [ 2037.700082][T32370] _do_fork+0x257/0xfd0 [ 2037.704277][T32370] ? fork_idle+0x1d0/0x1d0 [ 2037.708739][T32370] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2037.714852][T32370] ? lock_downgrade+0x880/0x880 [ 2037.719826][T32370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2037.726198][T32370] ? blkcg_exit_queue+0x30/0x30 [ 2037.731084][T32370] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2037.736579][T32370] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2037.742074][T32370] ? do_syscall_64+0x26/0x610 [ 2037.746785][T32370] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2037.752892][T32370] ? do_syscall_64+0x26/0x610 [ 2037.757611][T32370] __x64_sys_clone+0xbf/0x150 [ 2037.762336][T32370] do_syscall_64+0x103/0x610 [ 2037.767423][T32370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2037.773352][T32370] RIP: 0033:0x45b779 [ 2037.777454][T32370] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2037.797087][T32370] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2037.805529][T32370] RAX: ffffffffffffffda RBX: 00007f71d9337700 RCX: 000000000045b779 05:06:07 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf27000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:07 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x0, 0x0, 0x3}}, 0x20) r0 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x9, 0x80) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100004}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r1, 0x10, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x80) [ 2037.813529][T32370] RDX: 00007f71d93379d0 RSI: 00007f71d9336db0 RDI: 00000000003d0f00 [ 2037.821523][T32370] RBP: 0000000000a4fcb0 R08: 00007f71d9337700 R09: 00007f71d9337700 [ 2037.829520][T32370] R10: 00007f71d93379d0 R11: 0000000000000202 R12: 0000000000000000 [ 2037.837518][T32370] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac 05:06:07 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") [ 2037.915757][T32370] memory: usage 307184kB, limit 307200kB, failcnt 9312 [ 2037.923231][T32370] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2037.932522][T32370] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2037.940937][T32370] Memory cgroup stats for /syz1: cache:108KB rss:131752KB rss_huge:67584KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:125736KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:07 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000000b0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2038.054181][T32370] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30430,uid=0 [ 2038.132963][T32370] Memory cgroup out of memory: Killed process 30430 (syz-executor.1) total-vm:72580kB, anon-rss:2216kB, file-rss:35796kB, shmem-rss:0kB 05:06:08 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf27000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2038.175973][ T1044] oom_reaper: reaped process 30430 (syz-executor.1), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 05:06:08 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000000c0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:08 executing program 3: syz_genetlink_get_family_id$team(&(0x7f0000000600)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) syz_open_dev$vbi(&(0x7f00000003c0)='/dev/vbi#\x00', 0x0, 0x2) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r0, 0x4008af23, &(0x7f0000000400)={0xb0a5a5792dd82108, 0x3f}) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:08 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000000d0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:08 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf25000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:08 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00c000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:08 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") 05:06:08 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") io_setup(0x4, &(0x7f0000000040)) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000007c0)={&(0x7f0000000180)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000640), 0x1d0, &(0x7f0000000240)=[@init={0x18, 0x84, 0x0, {0x0, 0x2}}], 0x18}, 0x0) dup3(0xffffffffffffff9c, 0xffffffffffffffff, 0x80000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x802, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = accept4$packet(r1, 0x0, 0x0, 0x80800) getsockname$packet(r1, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'ip6erspan0\x00', r3}) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x22, &(0x7f0000000140)=0x9, 0x4) recvmmsg(r1, &(0x7f0000002a00), 0x0, 0x0, 0x0) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x0, 0x0) write$FUSE_IOCTL(r4, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x4, 0x8000000000000000, 0x4, 0x1}}, 0xfffffffffffffe8f) creat(&(0x7f0000000180)='./file0\x00', 0x0) syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x20, 0x80080) 05:06:08 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:09 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000000f0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2038.999395][T32728] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2039.040632][T32728] CPU: 0 PID: 32728 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2039.048768][T32728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2039.048774][T32728] Call Trace: [ 2039.048801][T32728] dump_stack+0x172/0x1f0 [ 2039.048820][T32728] dump_header+0x10f/0xb6c [ 2039.048836][T32728] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2039.048851][T32728] ? ___ratelimit+0x60/0x595 [ 2039.048865][T32728] ? do_raw_spin_unlock+0x57/0x270 [ 2039.048882][T32728] oom_kill_process.cold+0x10/0x15 [ 2039.048897][T32728] out_of_memory+0x79a/0x1280 [ 2039.048913][T32728] ? lock_downgrade+0x880/0x880 [ 2039.048927][T32728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.048943][T32728] ? oom_killer_disable+0x280/0x280 [ 2039.048962][T32728] ? find_held_lock+0x35/0x130 [ 2039.096315][T32728] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2039.096344][T32728] ? memcg_event_wake+0x230/0x230 [ 2039.128052][T32728] ? do_raw_spin_unlock+0x57/0x270 [ 2039.133177][T32728] ? _raw_spin_unlock+0x2d/0x50 [ 2039.138046][T32728] try_charge+0x102c/0x15c0 [ 2039.142557][T32728] ? find_held_lock+0x35/0x130 [ 2039.147360][T32728] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2039.152936][T32728] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2039.158494][T32728] ? find_held_lock+0x35/0x130 [ 2039.163274][T32728] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2039.168858][T32728] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2039.174424][T32728] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2039.179653][T32728] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2039.185239][T32728] __memcg_kmem_charge+0x136/0x300 [ 2039.190385][T32728] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2039.195770][T32728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.202033][T32728] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2039.207771][T32728] ? copy_process.part.0+0x1d08/0x7980 [ 2039.213514][T32728] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2039.218825][T32728] ? trace_hardirqs_on+0x67/0x230 [ 2039.223861][T32728] ? kasan_check_read+0x11/0x20 [ 2039.228744][T32728] copy_process.part.0+0x3e0/0x7980 [ 2039.233954][T32728] ? psi_memstall_leave+0x11c/0x180 [ 2039.239194][T32728] ? sched_clock+0x2e/0x50 [ 2039.243620][T32728] ? psi_memstall_leave+0x12e/0x180 [ 2039.248831][T32728] ? find_held_lock+0x35/0x130 [ 2039.253615][T32728] ? psi_memstall_leave+0x12e/0x180 [ 2039.258875][T32728] ? __cleanup_sighand+0x60/0x60 [ 2039.263870][T32728] ? __lock_acquire+0x548/0x3fb0 [ 2039.268825][T32728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.275099][T32728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.281376][T32728] ? debug_smp_processor_id+0x3c/0x280 [ 2039.286878][T32728] _do_fork+0x257/0xfd0 [ 2039.291062][T32728] ? fork_idle+0x1d0/0x1d0 [ 2039.295506][T32728] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2039.301590][T32728] ? lock_downgrade+0x880/0x880 [ 2039.306464][T32728] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.312734][T32728] ? blkcg_exit_queue+0x30/0x30 [ 2039.317601][T32728] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2039.323080][T32728] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2039.328558][T32728] ? do_syscall_64+0x26/0x610 [ 2039.333276][T32728] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2039.339381][T32728] ? do_syscall_64+0x26/0x610 [ 2039.344082][T32728] __x64_sys_clone+0xbf/0x150 [ 2039.348803][T32728] do_syscall_64+0x103/0x610 [ 2039.353412][T32728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2039.359311][T32728] RIP: 0033:0x45b779 [ 2039.363229][T32728] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2039.382962][T32728] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 05:06:09 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf25000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:09 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x8000, 0x0) [ 2039.391405][T32728] RAX: ffffffffffffffda RBX: 00007f71d9337700 RCX: 000000000045b779 [ 2039.399395][T32728] RDX: 00007f71d93379d0 RSI: 00007f71d9336db0 RDI: 00000000003d0f00 [ 2039.407389][T32728] RBP: 0000000000a4fcb0 R08: 00007f71d9337700 R09: 00007f71d9337700 [ 2039.415379][T32728] R10: 00007f71d93379d0 R11: 0000000000000202 R12: 0000000000000000 [ 2039.423384][T32728] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac [ 2039.552610][T32728] memory: usage 307180kB, limit 307200kB, failcnt 9347 [ 2039.577452][T32728] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:09 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") [ 2039.635289][T32728] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2039.670487][T32728] Memory cgroup stats for /syz1: cache:108KB rss:131788KB rss_huge:67584KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:125700KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:09 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf25000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2039.767613][T32728] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=30707,uid=0 [ 2039.802417][T32728] Memory cgroup out of memory: Killed process 30707 (syz-executor.1) total-vm:72580kB, anon-rss:2184kB, file-rss:34816kB, shmem-rss:0kB [ 2039.827303][ T1044] oom_reaper: reaped process 30707 (syz-executor.1), now anon-rss:0kB, file-rss:34624kB, shmem-rss:0kB [ 2039.842834][ T412] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2039.872982][ T412] CPU: 1 PID: 412 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2039.880935][ T412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2039.880943][ T412] Call Trace: [ 2039.880971][ T412] dump_stack+0x172/0x1f0 [ 2039.880991][ T412] dump_header+0x10f/0xb6c [ 2039.881007][ T412] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2039.881022][ T412] ? ___ratelimit+0x60/0x595 [ 2039.881036][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2039.881053][ T412] oom_kill_process.cold+0x10/0x15 [ 2039.881069][ T412] out_of_memory+0x79a/0x1280 [ 2039.881090][ T412] ? oom_killer_disable+0x280/0x280 [ 2039.881110][ T412] ? find_held_lock+0x35/0x130 [ 2039.918703][ T412] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2039.943986][ T412] ? memcg_event_wake+0x230/0x230 [ 2039.949053][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2039.954200][ T412] ? _raw_spin_unlock+0x2d/0x50 [ 2039.959098][ T412] try_charge+0x102c/0x15c0 [ 2039.963626][ T412] ? find_held_lock+0x35/0x130 [ 2039.968433][ T412] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2039.974013][ T412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2039.980293][ T412] ? kasan_check_read+0x11/0x20 [ 2039.985187][ T412] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2039.990769][ T412] mem_cgroup_try_charge+0x24d/0x5e0 [ 2039.996108][ T412] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2040.001785][ T412] wp_page_copy+0x408/0x1740 [ 2040.006419][ T412] ? find_held_lock+0x35/0x130 [ 2040.011224][ T412] ? pmd_pfn+0x1d0/0x1d0 [ 2040.015502][ T412] ? lock_downgrade+0x880/0x880 05:06:09 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_pts(0xffffffffffffff9c, 0x200000) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000140)={0xfaf9, 0x100000001, 0x78f}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2040.020392][ T412] ? swp_swapcount+0x540/0x540 [ 2040.025194][ T412] ? kasan_check_read+0x11/0x20 [ 2040.030077][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2040.035227][ T412] do_wp_page+0x48e/0x1500 [ 2040.039875][ T412] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2040.045292][ T412] __handle_mm_fault+0x22e8/0x3ec0 [ 2040.050453][ T412] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2040.056029][ T412] ? find_held_lock+0x35/0x130 [ 2040.060826][ T412] ? handle_mm_fault+0x322/0xb30 [ 2040.065816][ T412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 05:06:10 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f00000003c0)={0x100000000}, 0x4) [ 2040.072095][ T412] ? kasan_check_read+0x11/0x20 [ 2040.076983][ T412] handle_mm_fault+0x43f/0xb30 [ 2040.081797][ T412] __do_page_fault+0x5ef/0xda0 [ 2040.086595][ T412] do_page_fault+0x71/0x581 [ 2040.091124][ T412] ? page_fault+0x8/0x30 [ 2040.095390][ T412] page_fault+0x1e/0x30 [ 2040.095404][ T412] RIP: 0033:0x40efd8 [ 2040.095418][ T412] Code: 48 8b 05 e3 3e 30 00 48 89 08 48 8b 15 e1 3e 30 00 48 89 42 08 48 8b 05 c6 3e 30 00 48 89 05 cf 3e 30 00 49 8d 81 c0 02 00 00 <48> 89 05 d1 14 64 00 49 8b 89 c8 02 00 00 49 8b 91 c0 02 00 00 48 05:06:10 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a22fb00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:10 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf24000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2040.095425][ T412] RSP: 002b:0000000000a4fd28 EFLAGS: 00010246 [ 2040.095436][ T412] RAX: 000000000263ec00 RBX: 0000000000a4fd30 RCX: 0000000000712ea0 [ 2040.095444][ T412] RDX: 000000000040ee10 RSI: 0000000000712e90 RDI: 000000000263ec20 [ 2040.095452][ T412] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2040.095460][ T412] R10: 000000000263ec10 R11: 0000000000000202 R12: 0000000000000001 [ 2040.095468][ T412] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2040.100026][ T412] memory: usage 307168kB, limit 307200kB, failcnt 3047 [ 2040.128840][ T412] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2040.213524][ T412] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2040.242178][ T412] Memory cgroup stats for /syz5: cache:52KB rss:205456KB rss_huge:159744KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:205584KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2040.288722][ T412] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=32306,uid=0 [ 2040.315777][ T412] Memory cgroup out of memory: Killed process 32306 (syz-executor.5) total-vm:72712kB, anon-rss:2220kB, file-rss:35796kB, shmem-rss:0kB 05:06:10 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = request_key(&(0x7f0000000140)='syzkaller\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000640)='rxrpc_s\x00', 0xfffffffffffffffe) r1 = request_key(&(0x7f0000000200)='rxrpc_s\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280)=',/\\-\x00', 0xfffffffffffffff9) r2 = add_key(&(0x7f00000002c0)='dns_resolver\x00', &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000340)="b27679373b9ae738133916b362966cc85cd6612bb725c5a6b2235c041d7a95e6f8996ff86d62757e8eb13e19755bb5afb00ece68be34065422c042648a13910a0075809fb2525f98abd6163a9c7b8151ba8732dd167ae5b4b228bfd3440eac2104fd9922026f0aba97fe22b8f82f0bf614f9f76391ece4a524965cc1142cba7f36a8142cd8004a90c1796249aa2d09f9502e334ed967b2900cbb8a33fb4d5e7e189980f6", 0xa4, 0xfffffffffffffff8) keyctl$dh_compute(0x17, &(0x7f0000000400)={r0, r1, r2}, &(0x7f0000000440)=""/253, 0xfd, &(0x7f0000000600)={&(0x7f0000000540)={'sha1-avx\x00'}, &(0x7f0000000580)="48afe0e78e33b51896aaf0874d73d586625083715f83ffdc6ea77ff8fd1ba4dac4282cdc07d947c7e5e0cfa6810523ee3673d3077936ee8b24862a11c7b54b24711128e97d082f2178c1047bf8c85f8f85cd710f6400eb1a109ecd0b1372da4eb206599a1dac4356e28216bcc9ceed1854d72d30", 0x74}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2040.385438][ T1044] oom_reaper: reaped process 32306 (syz-executor.5), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 05:06:10 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0fff00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:10 executing program 4: syz_execute_func(0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2040.635322][ T412] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2040.698741][ T412] CPU: 1 PID: 412 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2040.706709][ T412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2040.716792][ T412] Call Trace: [ 2040.720127][ T412] dump_stack+0x172/0x1f0 [ 2040.724502][ T412] dump_header+0x10f/0xb6c [ 2040.728964][ T412] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2040.734813][ T412] ? ___ratelimit+0x60/0x595 [ 2040.739449][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2040.744602][ T412] oom_kill_process.cold+0x10/0x15 [ 2040.749751][ T412] out_of_memory+0x79a/0x1280 [ 2040.754498][ T412] ? lock_downgrade+0x880/0x880 [ 2040.759392][ T412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2040.766609][ T412] ? oom_killer_disable+0x280/0x280 [ 2040.771844][ T412] ? find_held_lock+0x35/0x130 [ 2040.776665][ T412] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2040.782251][ T412] ? memcg_event_wake+0x230/0x230 [ 2040.787320][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2040.792474][ T412] ? _raw_spin_unlock+0x2d/0x50 [ 2040.797371][ T412] try_charge+0x102c/0x15c0 [ 2040.801900][ T412] ? find_held_lock+0x35/0x130 [ 2040.806705][ T412] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2040.812281][ T412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2040.818565][ T412] ? kasan_check_read+0x11/0x20 [ 2040.823445][ T412] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2040.829024][ T412] mem_cgroup_try_charge+0x24d/0x5e0 [ 2040.834355][ T412] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2040.840022][ T412] wp_page_copy+0x408/0x1740 [ 2040.844644][ T412] ? find_held_lock+0x35/0x130 [ 2040.849446][ T412] ? pmd_pfn+0x1d0/0x1d0 [ 2040.853722][ T412] ? lock_downgrade+0x880/0x880 [ 2040.858609][ T412] ? __pte_alloc_kernel+0x220/0x220 [ 2040.863842][ T412] ? kasan_check_read+0x11/0x20 [ 2040.868732][ T412] ? do_raw_spin_unlock+0x57/0x270 [ 2040.873894][ T412] do_wp_page+0x48e/0x1500 [ 2040.878521][ T412] ? do_raw_spin_lock+0x12a/0x2e0 [ 2040.883581][ T412] ? rwlock_bug.part.0+0x90/0x90 [ 2040.888554][ T412] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2040.893962][ T412] ? add_mm_counter_fast.part.0+0x40/0x40 [ 2040.899725][ T412] __handle_mm_fault+0x22e8/0x3ec0 [ 2040.904879][ T412] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2040.910480][ T412] ? find_held_lock+0x35/0x130 [ 2040.915274][ T412] ? handle_mm_fault+0x322/0xb30 [ 2040.920246][ T412] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2040.926524][ T412] ? kasan_check_read+0x11/0x20 [ 2040.931418][ T412] handle_mm_fault+0x43f/0xb30 [ 2040.936216][ T412] __do_page_fault+0x5ef/0xda0 [ 2040.941016][ T412] do_page_fault+0x71/0x581 [ 2040.941034][ T412] ? page_fault+0x8/0x30 [ 2040.941054][ T412] page_fault+0x1e/0x30 [ 2040.949822][ T412] RIP: 0033:0x40e018 [ 2040.949838][ T412] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf ac e3 4b 00 31 c0 e8 03 39 ff ff 31 ff e8 4c 35 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 4e 24 64 00 [ 2040.949846][ T412] RSP: 002b:0000000000a4fb00 EFLAGS: 00010246 [ 2040.949866][ T412] RAX: 000000003556b9a6 RBX: 000000006b9ac8cd RCX: 0000001b31c20000 [ 2040.949875][ T412] RDX: 0000000000000000 RSI: 00000000000019a6 RDI: ffffffff3556b9a6 [ 2040.949883][ T412] RBP: 0000000000000002 R08: 000000003556b9a6 R09: 000000003556b9aa [ 2040.949891][ T412] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 000000000073c028 [ 2040.949900][ T412] R13: 0000000080000000 R14: 00007fec7a9e1008 R15: 0000000000000002 [ 2040.987188][ T412] memory: usage 307036kB, limit 307200kB, failcnt 3073 [ 2041.019316][ T412] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2041.048214][ T412] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2041.056528][ T412] Memory cgroup stats for /syz5: cache:52KB rss:205456KB rss_huge:159744KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:205536KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2041.079937][ T412] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12447,uid=0 [ 2041.095452][ T412] Memory cgroup out of memory: Killed process 12447 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35780kB, shmem-rss:0kB [ 2041.112890][ T1044] oom_reaper: reaped process 12447 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 05:06:11 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000100f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf24000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 4: syz_execute_func(0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000540)={0x5, 0x7, 0x2, 0x0, 0x8, 0x90000, 0x8f7, 0x3f, 0x0}, &(0x7f0000000580)=0x20) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000600)={r1}, 0x8) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) recvfrom$rxrpc(r0, &(0x7f0000000640)=""/150, 0x96, 0x102, &(0x7f0000000700)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e23, 0xbc1e, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x1a}}, 0x4f5}}, 0x24) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockopt$sock_buf(r2, 0x1, 0x1c, &(0x7f0000000480)=""/93, &(0x7f0000000500)=0x5d) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) connect$pppoe(r0, &(0x7f00000003c0)={0x18, 0x0, {0x1, @random="f7db212f6629", 'hwsim0\x00'}}, 0x1e) r3 = accept$alg(r2, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000400)='rng\x00', 0x4) 05:06:11 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000200c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$sndpcmc(&(0x7f0000000400)='/dev/snd/pcmC#D#c\x00', 0x6000000000000000, 0x163001) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000480)={0x0, 0x1}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000500)=@assoc_value={r1, 0x100}, 0x8) r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r2, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r2, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r2, 0xc004aea7, &(0x7f00000003c0)=0x3) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r3, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000540)={0x4, 0x7, 0x3}) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:11 executing program 4: syz_execute_func(0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000110f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) 05:06:11 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae99502b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000001c0)={0x101ff, 0x2, 0x3000, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) syz_genetlink_get_family_id$fou(&(0x7f0000000180)='fou\x00') 05:06:11 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf24000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:11 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x40000001, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vsock\x00', 0x1, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:11 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000400c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2041.761080][ T909] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2041.780843][ T909] CPU: 1 PID: 909 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2041.788817][ T909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2041.798910][ T909] Call Trace: [ 2041.802248][ T909] dump_stack+0x172/0x1f0 [ 2041.806633][ T909] dump_header+0x10f/0xb6c [ 2041.811101][ T909] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2041.816952][ T909] ? ___ratelimit+0x60/0x595 [ 2041.821581][ T909] ? do_raw_spin_unlock+0x57/0x270 [ 2041.826745][ T909] oom_kill_process.cold+0x10/0x15 [ 2041.831912][ T909] out_of_memory+0x79a/0x1280 [ 2041.836641][ T909] ? lock_downgrade+0x880/0x880 [ 2041.841531][ T909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2041.847812][ T909] ? oom_killer_disable+0x280/0x280 [ 2041.853051][ T909] ? find_held_lock+0x35/0x130 [ 2041.857870][ T909] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2041.863548][ T909] ? memcg_event_wake+0x230/0x230 [ 2041.868618][ T909] ? do_raw_spin_unlock+0x57/0x270 [ 2041.873768][ T909] ? _raw_spin_unlock+0x2d/0x50 [ 2041.878660][ T909] try_charge+0x102c/0x15c0 [ 2041.883200][ T909] ? find_held_lock+0x35/0x130 [ 2041.888010][ T909] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2041.893594][ T909] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2041.899177][ T909] ? find_held_lock+0x35/0x130 [ 2041.903986][ T909] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2041.909584][ T909] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2041.915163][ T909] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2041.920410][ T909] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2041.926011][ T909] __memcg_kmem_charge+0x136/0x300 [ 2041.931170][ T909] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2041.936581][ T909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2041.942910][ T909] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2041.948675][ T909] ? copy_process.part.0+0x1d08/0x7980 [ 2041.954208][ T909] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2041.959540][ T909] ? trace_hardirqs_on+0x67/0x230 [ 2041.964597][ T909] ? kasan_check_read+0x11/0x20 [ 2041.969492][ T909] copy_process.part.0+0x3e0/0x7980 [ 2041.974754][ T909] ? psi_memstall_leave+0x11c/0x180 [ 2041.979990][ T909] ? sched_clock+0x2e/0x50 [ 2041.984438][ T909] ? psi_memstall_leave+0x12e/0x180 [ 2041.989677][ T909] ? find_held_lock+0x35/0x130 [ 2041.994480][ T909] ? psi_memstall_leave+0x12e/0x180 [ 2041.999741][ T909] ? __cleanup_sighand+0x60/0x60 [ 2042.004714][ T909] ? __lock_acquire+0x548/0x3fb0 [ 2042.009688][ T909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2042.015967][ T909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2042.022246][ T909] ? debug_smp_processor_id+0x3c/0x280 [ 2042.027761][ T909] _do_fork+0x257/0xfd0 [ 2042.031958][ T909] ? fork_idle+0x1d0/0x1d0 [ 2042.036417][ T909] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2042.042520][ T909] ? lock_downgrade+0x880/0x880 [ 2042.047668][ T909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2042.053950][ T909] ? blkcg_exit_queue+0x30/0x30 [ 2042.058834][ T909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2042.064338][ T909] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2042.069823][ T909] ? do_syscall_64+0x26/0x610 [ 2042.074533][ T909] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2042.080628][ T909] ? do_syscall_64+0x26/0x610 [ 2042.085352][ T909] __x64_sys_clone+0xbf/0x150 [ 2042.090065][ T909] do_syscall_64+0x103/0x610 [ 2042.094694][ T909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2042.100607][ T909] RIP: 0033:0x45b779 [ 2042.104519][ T909] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2042.124149][ T909] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2042.132600][ T909] RAX: ffffffffffffffda RBX: 00007ff76ea8b700 RCX: 000000000045b779 [ 2042.140595][ T909] RDX: 00007ff76ea8b9d0 RSI: 00007ff76ea8adb0 RDI: 00000000003d0f00 [ 2042.148569][ T909] RBP: 0000000000a4fcb0 R08: 00007ff76ea8b700 R09: 00007ff76ea8b700 [ 2042.156549][ T909] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2042.164544][ T909] R13: 0000000000a4fb4f R14: 00007ff76ea8b9c0 R15: 000000000073bfac [ 2042.182313][ T909] memory: usage 307176kB, limit 307200kB, failcnt 12617 [ 2042.204107][ T909] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2042.226642][ T909] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2042.245900][ T909] Memory cgroup stats for /syz2: cache:48KB rss:90140KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:90156KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:12 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000800c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:12 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000120f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:12 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) mkdir(&(0x7f0000000680)='./file0\x00', 0x88) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000640)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x500008}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)=ANY=[@ANYBLOB="34010000", @ANYRES16=r2, @ANYBLOB="0c0128bd7000dfdbdf250b0000002c0007000c00040000f007000000000008000200110800000c00040000000000000000000800010001000000b00004002400070008000400060000000800040001000000080004000200000008000200060000001400070000000000b0a7000008000300ffffffff0c00070008000300090000000c00010073797a31000000002400070008000400ffffff7f08000400aa040000080003000080000008000400020000002400070008000400ff7f0000080004000000008008000100090000000800010001000000140007000800040076b8000008000200c1ffffff4400020008000200ff03000008000100faffffff0400040008000200dcffffff0400040008000100ffffff7f080001000500000008000100070000000400040004000400"], 0x134}, 0x1, 0x0, 0x0, 0x4000001}, 0x880) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:12 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf21000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2042.272452][ T909] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32508,uid=0 05:06:12 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) [ 2042.348098][ T909] Memory cgroup out of memory: Killed process 32508 (syz-executor.2) total-vm:72976kB, anon-rss:2236kB, file-rss:35808kB, shmem-rss:0kB 05:06:12 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000200f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2042.546341][ T1044] oom_reaper: reaped process 32508 (syz-executor.2), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB 05:06:12 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000a00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:12 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf21000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:12 executing program 2: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0xb76e5fd3adc05179, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x5b3, 0x10001}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000100)={r1, 0x8, 0x4}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000340)={r2, 0xfb, 0x3f, 0x6, 0x80000001}, &(0x7f0000000300)=0x4) syz_execute_func(&(0x7f00000004c0)="4a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091ec4417dfdf5a2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:12 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000240f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2042.917231][ T1205] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2042.960591][ T1205] CPU: 1 PID: 1205 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2042.968630][ T1205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2042.978709][ T1205] Call Trace: [ 2042.982037][ T1205] dump_stack+0x172/0x1f0 [ 2042.986401][ T1205] dump_header+0x10f/0xb6c [ 2042.990848][ T1205] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2042.996694][ T1205] ? ___ratelimit+0x60/0x595 [ 2043.001318][ T1205] ? do_raw_spin_unlock+0x57/0x270 [ 2043.006486][ T1205] oom_kill_process.cold+0x10/0x15 [ 2043.011646][ T1205] out_of_memory+0x79a/0x1280 [ 2043.016387][ T1205] ? lock_downgrade+0x880/0x880 [ 2043.021272][ T1205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2043.027549][ T1205] ? oom_killer_disable+0x280/0x280 [ 2043.032783][ T1205] ? find_held_lock+0x35/0x130 [ 2043.037586][ T1205] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2043.043165][ T1205] ? memcg_event_wake+0x230/0x230 [ 2043.048232][ T1205] ? do_raw_spin_unlock+0x57/0x270 [ 2043.053388][ T1205] ? _raw_spin_unlock+0x2d/0x50 [ 2043.058388][ T1205] try_charge+0x102c/0x15c0 [ 2043.062923][ T1205] ? find_held_lock+0x35/0x130 [ 2043.067734][ T1205] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2043.073316][ T1205] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2043.078953][ T1205] ? find_held_lock+0x35/0x130 [ 2043.083769][ T1205] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2043.089384][ T1205] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2043.094985][ T1205] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2043.100245][ T1205] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2043.105837][ T1205] __memcg_kmem_charge+0x136/0x300 05:06:13 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) r2 = add_key$user(&(0x7f0000000400)='user\x00', &(0x7f0000000480)={'syz', 0x2}, &(0x7f00000004c0)="c4aab84ecd9dfee9c12ac360e4b0fb771a4f6e189c3583ee5ce5ac52db91edd690c73b3c635a9514585e293e735c041ebc4476aecfe8055e5cd9fb78d7aa457a8b64f519f6cd2bd9af607314ba8c0a4701f9e941ac1e5f687e8affd6cb87003a7dbc7ee15a7463a41903842e8fcd83589da5cb18f9fd56c53bb34c9b01c02ebb625d", 0x82, 0xfffffffffffffffe) keyctl$invalidate(0x15, r2) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r1, 0x0, 0x0) r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) fchdir(r0) ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000580)={0x7, 0xc15e, 0x5, 0x6, 0xfffffffffffff868}) [ 2043.111008][ T1205] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2043.116535][ T1205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2043.122821][ T1205] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2043.128586][ T1205] ? copy_process.part.0+0x1d08/0x7980 [ 2043.134096][ T1205] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2043.139418][ T1205] ? trace_hardirqs_on+0x67/0x230 [ 2043.144493][ T1205] copy_process.part.0+0x3e0/0x7980 [ 2043.149736][ T1205] ? psi_memstall_leave+0x11c/0x180 [ 2043.154968][ T1205] ? sched_clock+0x2e/0x50 [ 2043.159429][ T1205] ? psi_memstall_leave+0x12e/0x180 [ 2043.164658][ T1205] ? find_held_lock+0x35/0x130 [ 2043.169474][ T1205] ? psi_memstall_leave+0x12e/0x180 [ 2043.174738][ T1205] ? __cleanup_sighand+0x60/0x60 [ 2043.179725][ T1205] ? __lock_acquire+0x548/0x3fb0 [ 2043.184756][ T1205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2043.184772][ T1205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2043.184787][ T1205] ? debug_smp_processor_id+0x3c/0x280 [ 2043.184816][ T1205] _do_fork+0x257/0xfd0 [ 2043.197545][ T1205] ? fork_idle+0x1d0/0x1d0 05:06:13 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, 0x0, 0x0) [ 2043.197563][ T1205] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2043.197576][ T1205] ? lock_downgrade+0x880/0x880 [ 2043.197589][ T1205] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2043.197605][ T1205] ? blkcg_exit_queue+0x30/0x30 [ 2043.197620][ T1205] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2043.197633][ T1205] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2043.197645][ T1205] ? do_syscall_64+0x26/0x610 [ 2043.197660][ T1205] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2043.197672][ T1205] ? do_syscall_64+0x26/0x610 05:06:13 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x400000, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r0, 0x400442c9, &(0x7f00000001c0)={0x80000001, @dev={[], 0x1a}}) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000180)=0x3, 0x4) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2043.197690][ T1205] __x64_sys_clone+0xbf/0x150 [ 2043.197712][ T1205] do_syscall_64+0x103/0x610 [ 2043.245034][ T1205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2043.245047][ T1205] RIP: 0033:0x45b779 [ 2043.245061][ T1205] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2043.245068][ T1205] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 05:06:13 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf21000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2043.245081][ T1205] RAX: ffffffffffffffda RBX: 00007f71d9337700 RCX: 000000000045b779 [ 2043.245089][ T1205] RDX: 00007f71d93379d0 RSI: 00007f71d9336db0 RDI: 00000000003d0f00 [ 2043.245097][ T1205] RBP: 0000000000a4fcb0 R08: 00007f71d9337700 R09: 00007f71d9337700 [ 2043.245105][ T1205] R10: 00007f71d93379d0 R11: 0000000000000202 R12: 0000000000000000 [ 2043.245113][ T1205] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac [ 2043.296781][ T1205] memory: usage 307200kB, limit 307200kB, failcnt 9376 05:06:13 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000270f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2043.390253][ T1205] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2043.408900][ T1205] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2043.417740][ T1339] Unknown ioctl 22026 [ 2043.438600][ T1205] Memory cgroup stats for /syz1: cache:108KB rss:130416KB rss_huge:65536KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:124324KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2043.539599][ T1205] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=32734,uid=0 05:06:13 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000002b0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2043.631119][ T1205] Memory cgroup out of memory: Killed process 32734 (syz-executor.1) total-vm:72580kB, anon-rss:2216kB, file-rss:35792kB, shmem-rss:0kB [ 2043.716704][ T1044] oom_reaper: reaped process 32734 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2043.766430][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2043.811810][ T7890] CPU: 1 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2043.819861][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2043.829942][ T7890] Call Trace: [ 2043.833273][ T7890] dump_stack+0x172/0x1f0 [ 2043.837653][ T7890] dump_header+0x10f/0xb6c [ 2043.842120][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2043.847980][ T7890] ? ___ratelimit+0x60/0x595 [ 2043.852609][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2043.857794][ T7890] oom_kill_process.cold+0x10/0x15 [ 2043.862953][ T7890] out_of_memory+0x79a/0x1280 [ 2043.867684][ T7890] ? oom_killer_disable+0x280/0x280 [ 2043.872918][ T7890] ? find_held_lock+0x35/0x130 [ 2043.877901][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2043.883520][ T7890] ? memcg_event_wake+0x230/0x230 [ 2043.888589][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2043.893779][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2043.898795][ T7890] try_charge+0x102c/0x15c0 [ 2043.903346][ T7890] ? find_held_lock+0x35/0x130 [ 2043.908159][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2043.913740][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2043.919323][ T7890] ? find_held_lock+0x35/0x130 [ 2043.924138][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2043.929728][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2043.935305][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2043.940544][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2043.946131][ T7890] __memcg_kmem_charge+0x136/0x300 [ 2043.951287][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2043.956718][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2043.962491][ T7890] ? copy_page_range+0x125a/0x1f90 [ 2043.967647][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2043.974019][ T7890] alloc_pages_current+0x107/0x210 [ 2043.979161][ T7890] pte_alloc_one+0x1b/0x1a0 [ 2043.983684][ T7890] __pte_alloc+0x20/0x310 [ 2043.988045][ T7890] copy_page_range+0x1529/0x1f90 [ 2043.993019][ T7890] ? find_held_lock+0x35/0x130 [ 2043.997815][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2044.004118][ T7890] ? pmd_alloc+0x180/0x180 [ 2044.008656][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 2044.014208][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 2044.018903][ T7890] ? __vma_link_rb+0x279/0x370 [ 2044.023684][ T7890] copy_process.part.0+0x568b/0x7980 [ 2044.028991][ T7890] ? __cleanup_sighand+0x60/0x60 [ 2044.033947][ T7890] _do_fork+0x257/0xfd0 [ 2044.038140][ T7890] ? fork_idle+0x1d0/0x1d0 [ 2044.042578][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2044.048059][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2044.053543][ T7890] ? do_syscall_64+0x26/0x610 [ 2044.058241][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2044.064312][ T7890] ? do_syscall_64+0x26/0x610 [ 2044.069012][ T7890] __x64_sys_clone+0xbf/0x150 [ 2044.073704][ T7890] do_syscall_64+0x103/0x610 [ 2044.078297][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2044.084196][ T7890] RIP: 0033:0x45737a [ 2044.088092][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2044.107705][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2044.116151][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2044.124123][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2044.132093][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2044.140073][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2044.148076][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:06:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0xd9, 0xfffffffffffffffe, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) bind$inet6(r0, &(0x7f00000008c0)={0xa, 0x4e20, 0x9, @ipv4={[], [], @rand_addr=0x2}, 0x4}, 0xffffffffffffffcf) r3 = dup3(r2, r2, 0x80000) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="43ceff07000000000000e3ccb8c92e5b", 0x5) getresuid(&(0x7f0000002180), &(0x7f00000021c0), &(0x7f0000002200)) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_extract_tcp_res(&(0x7f0000000440), 0x8, 0x1) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000700)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x1001}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x1c, r5, 0x404, 0x70bd28, 0x25dfdbfb}, 0x1c}}, 0x40000) r6 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x100000001, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r3, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000800)=ANY=[@ANYBLOB="ffe325bd7000fedb0800062004000200"], 0x1}, 0x1, 0x0, 0x0, 0x20000080}, 0x800) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x80006000) getegid() open_by_handle_at(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="0b0000008d124f79a5f85d"], 0x20000) ioctl$BLKTRACESETUP(r6, 0xc0481273, &(0x7f0000000040)={[], 0x0, 0x9, 0x4}) sendmsg$TIPC_CMD_SET_LINK_TOL(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000840)={0x68, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7f, @media='ib\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) socket$rds(0x15, 0x5, 0x0) ioctl$BLKTRACESTART(r6, 0x1274, 0x0) getsockopt$sock_buf(r4, 0x1, 0x3b, &(0x7f0000000480)=""/183, &(0x7f0000000540)=0xb7) getsockopt$inet_dccp_int(r4, 0x21, 0x0, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000280)) setsockopt$RDS_GET_MR(r3, 0x114, 0x2, &(0x7f00000003c0)={{&(0x7f0000000340)=""/46, 0x2e}, &(0x7f0000000380), 0x28}, 0x20) ioctl$BLKTRACESTOP(r6, 0x1275, 0x0) [ 2044.168847][ T7890] memory: usage 307200kB, limit 307200kB, failcnt 3127 [ 2044.183314][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:14 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) fcntl$setsig(r2, 0xa, 0x4) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000003c0)=0x7) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r2, 0x0, 0x0) ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000400)={&(0x7f0000ffc000/0x1000)=nil, 0x7, 0x5, 0x24, &(0x7f0000ffa000/0x3000)=nil, 0x465}) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:14 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000b00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2044.225116][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2044.248303][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:203864KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204056KB inactive_file:0KB active_file:0KB unevictable:0KB 05:06:14 executing program 0: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x7ffff000, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:14 executing program 4 (fault-call:0 fault-nth:0): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:14 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000140)={0xc, 0x7fffffff, 0x80000001, 0x4000}) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x80, 0x0) r1 = dup(r0) setsockopt$inet_buf(r1, 0x0, 0x2e, &(0x7f00000001c0)="693c148a5b8566aeaa2eabb52a32b1ebfb5b26067b7a17c3f5c31327da9dceb5c2b7d4be80e2", 0x26) write$FUSE_IOCTL(r1, &(0x7f0000000000)={0x20}, 0x7) [ 2044.422382][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16371,uid=0 [ 2044.441701][ T1510] FAULT_INJECTION: forcing a failure. [ 2044.441701][ T1510] name failslab, interval 1, probability 0, space 0, times 0 [ 2044.450681][ T7890] Memory cgroup out of memory: Killed process 16371 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35780kB, shmem-rss:0kB [ 2044.484281][ T1510] CPU: 1 PID: 1510 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2044.492355][ T1510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2044.502440][ T1510] Call Trace: [ 2044.505766][ T1510] dump_stack+0x172/0x1f0 [ 2044.510131][ T1510] should_fail.cold+0xa/0x15 [ 2044.514756][ T1510] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2044.520587][ T1510] ? ___might_sleep+0x163/0x280 [ 2044.525464][ T1510] __should_failslab+0x121/0x190 [ 2044.530430][ T1510] should_failslab+0x9/0x14 [ 2044.534966][ T1510] kmem_cache_alloc+0x2b2/0x6f0 [ 2044.539843][ T1510] ? __f_unlock_pos+0x19/0x20 [ 2044.544555][ T1510] getname_flags+0xd6/0x5b0 [ 2044.549087][ T1510] user_path_at_empty+0x2f/0x50 [ 2044.553967][ T1510] vfs_statx+0x129/0x200 [ 2044.558233][ T1510] ? vfs_statx_fd+0xc0/0xc0 [ 2044.562759][ T1510] ? kasan_check_write+0x14/0x20 [ 2044.567765][ T1510] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 2044.573354][ T1510] __do_sys_newlstat+0xa4/0x130 [ 2044.578235][ T1510] ? __do_sys_newstat+0x130/0x130 [ 2044.583288][ T1510] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2044.589565][ T1510] ? fput_many+0x12c/0x1a0 [ 2044.594004][ T1510] ? fput+0x1b/0x20 [ 2044.597832][ T1510] ? ksys_write+0x1f1/0x2d0 [ 2044.602380][ T1510] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2044.607870][ T1510] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2044.613368][ T1510] ? do_syscall_64+0x26/0x610 [ 2044.618073][ T1510] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2044.624169][ T1510] ? do_syscall_64+0x26/0x610 [ 2044.628892][ T1510] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2044.634226][ T1510] __x64_sys_newlstat+0x54/0x80 [ 2044.639123][ T1510] do_syscall_64+0x103/0x610 [ 2044.643766][ T1510] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2044.649693][ T1510] RIP: 0033:0x2000000a [ 2044.653803][ T1510] Code: Bad RIP value. [ 2044.657905][ T1510] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000006 [ 2044.666376][ T1510] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2044.674386][ T1510] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 05:06:14 executing program 0: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x7ffff000, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2044.682391][ T1510] RBP: 00000000000000ff R08: 0000000000000005 R09: 0000000000000006 [ 2044.690398][ T1510] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2044.698417][ T1510] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 05:06:14 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000c00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2044.859147][ T1613] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2044.895319][ T1613] CPU: 1 PID: 1613 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2044.903390][ T1613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2044.913468][ T1613] Call Trace: [ 2044.916795][ T1613] dump_stack+0x172/0x1f0 [ 2044.921171][ T1613] dump_header+0x10f/0xb6c [ 2044.925617][ T1613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2044.931629][ T1613] ? ___ratelimit+0x60/0x595 [ 2044.936255][ T1613] ? do_raw_spin_unlock+0x57/0x270 [ 2044.941437][ T1613] oom_kill_process.cold+0x10/0x15 [ 2044.946615][ T1613] out_of_memory+0x79a/0x1280 [ 2044.951350][ T1613] ? lock_downgrade+0x880/0x880 [ 2044.956239][ T1613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2044.962513][ T1613] ? oom_killer_disable+0x280/0x280 [ 2044.967744][ T1613] ? find_held_lock+0x35/0x130 [ 2044.972553][ T1613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2044.978142][ T1613] ? memcg_event_wake+0x230/0x230 [ 2044.983211][ T1613] ? do_raw_spin_unlock+0x57/0x270 [ 2044.988375][ T1613] ? _raw_spin_unlock+0x2d/0x50 [ 2044.993266][ T1613] try_charge+0x102c/0x15c0 [ 2044.997808][ T1613] ? find_held_lock+0x35/0x130 [ 2045.002623][ T1613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2045.008211][ T1613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2045.013792][ T1613] ? find_held_lock+0x35/0x130 [ 2045.018588][ T1613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2045.024189][ T1613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2045.029777][ T1613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2045.035012][ T1613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2045.040596][ T1613] __memcg_kmem_charge+0x136/0x300 [ 2045.045833][ T1613] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2045.051245][ T1613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.057528][ T1613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2045.063285][ T1613] ? copy_process.part.0+0x1d08/0x7980 [ 2045.068802][ T1613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2045.074120][ T1613] ? trace_hardirqs_on+0x67/0x230 [ 2045.079204][ T1613] ? kasan_check_read+0x11/0x20 [ 2045.084096][ T1613] copy_process.part.0+0x3e0/0x7980 [ 2045.089325][ T1613] ? psi_memstall_leave+0x11c/0x180 [ 2045.094568][ T1613] ? sched_clock+0x2e/0x50 [ 2045.099015][ T1613] ? psi_memstall_leave+0x12e/0x180 [ 2045.104260][ T1613] ? find_held_lock+0x35/0x130 [ 2045.109065][ T1613] ? psi_memstall_leave+0x12e/0x180 [ 2045.114363][ T1613] ? __cleanup_sighand+0x60/0x60 [ 2045.119360][ T1613] ? __lock_acquire+0x548/0x3fb0 [ 2045.124351][ T1613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.130633][ T1613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.136909][ T1613] ? debug_smp_processor_id+0x3c/0x280 [ 2045.142429][ T1613] _do_fork+0x257/0xfd0 [ 2045.146639][ T1613] ? fork_idle+0x1d0/0x1d0 [ 2045.151099][ T1613] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2045.157206][ T1613] ? lock_downgrade+0x880/0x880 [ 2045.162103][ T1613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.168404][ T1613] ? blkcg_exit_queue+0x30/0x30 [ 2045.173301][ T1613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.178815][ T1613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.184321][ T1613] ? do_syscall_64+0x26/0x610 [ 2045.189044][ T1613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.195148][ T1613] ? do_syscall_64+0x26/0x610 [ 2045.199896][ T1613] __x64_sys_clone+0xbf/0x150 [ 2045.204626][ T1613] do_syscall_64+0x103/0x610 [ 2045.209259][ T1613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.215197][ T1613] RIP: 0033:0x45b779 [ 2045.219116][ T1613] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2045.238914][ T1613] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2045.247355][ T1613] RAX: ffffffffffffffda RBX: 00007ff76ea8b700 RCX: 000000000045b779 05:06:15 executing program 4 (fault-call:0 fault-nth:1): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2045.255355][ T1613] RDX: 00007ff76ea8b9d0 RSI: 00007ff76ea8adb0 RDI: 00000000003d0f00 [ 2045.263378][ T1613] RBP: 0000000000a4fcb0 R08: 00007ff76ea8b700 R09: 00007ff76ea8b700 [ 2045.271384][ T1613] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2045.279383][ T1613] R13: 0000000000a4fb4f R14: 00007ff76ea8b9c0 R15: 000000000073bfac [ 2045.409669][ T1742] FAULT_INJECTION: forcing a failure. [ 2045.409669][ T1742] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2045.422950][ T1742] CPU: 1 PID: 1742 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2045.430950][ T1742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2045.441206][ T1742] Call Trace: [ 2045.444539][ T1742] dump_stack+0x172/0x1f0 [ 2045.448922][ T1742] should_fail.cold+0xa/0x15 [ 2045.453560][ T1742] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2045.459406][ T1742] ? __lock_acquire+0x548/0x3fb0 [ 2045.464551][ T1742] ? debug_smp_processor_id+0x3c/0x280 [ 2045.470048][ T1742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2045.476342][ T1742] should_fail_alloc_page+0x50/0x60 [ 2045.481585][ T1742] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2045.487003][ T1742] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2045.492758][ T1742] ? find_held_lock+0x35/0x130 [ 2045.497661][ T1742] ? __lock_acquire+0x548/0x3fb0 [ 2045.502668][ T1742] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2045.508697][ T1742] cache_grow_begin+0x9c/0x860 [ 2045.513503][ T1742] ? getname_flags+0xd6/0x5b0 [ 2045.518254][ T1742] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2045.524557][ T1742] kmem_cache_alloc+0x62d/0x6f0 [ 2045.529442][ T1742] ? __f_unlock_pos+0x19/0x20 [ 2045.534146][ T1742] getname_flags+0xd6/0x5b0 [ 2045.538684][ T1742] user_path_at_empty+0x2f/0x50 [ 2045.543572][ T1742] vfs_statx+0x129/0x200 [ 2045.547868][ T1742] ? vfs_statx_fd+0xc0/0xc0 [ 2045.552410][ T1742] ? kasan_check_write+0x14/0x20 [ 2045.557397][ T1742] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 2045.563015][ T1742] __do_sys_newlstat+0xa4/0x130 [ 2045.567920][ T1742] ? __do_sys_newstat+0x130/0x130 [ 2045.572986][ T1742] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2045.579289][ T1742] ? fput_many+0x12c/0x1a0 [ 2045.583784][ T1742] ? fput+0x1b/0x20 [ 2045.587630][ T1742] ? ksys_write+0x1f1/0x2d0 [ 2045.592173][ T1742] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.597698][ T1742] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.603199][ T1742] ? do_syscall_64+0x26/0x610 [ 2045.607921][ T1742] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.614026][ T1742] ? do_syscall_64+0x26/0x610 [ 2045.618748][ T1742] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2045.624104][ T1742] __x64_sys_newlstat+0x54/0x80 [ 2045.629266][ T1742] do_syscall_64+0x103/0x610 [ 2045.634828][ T1742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.640770][ T1742] RIP: 0033:0x2000000a [ 2045.644905][ T1742] Code: Bad RIP value. [ 2045.648990][ T1742] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000006 05:06:15 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000300f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:15 executing program 0 (fault-call:0 fault-nth:0): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2045.657430][ T1742] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2045.665461][ T1742] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2045.673462][ T1742] RBP: 00000000000000ff R08: 0000000000000005 R09: 0000000000000006 [ 2045.681560][ T1742] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2045.689553][ T1742] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 05:06:15 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000d00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2045.805055][ T1751] FAULT_INJECTION: forcing a failure. [ 2045.805055][ T1751] name failslab, interval 1, probability 0, space 0, times 0 [ 2045.832201][ T1751] CPU: 1 PID: 1751 Comm: syz-executor.0 Not tainted 5.1.0-rc7+ #100 [ 2045.840259][ T1751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2045.850358][ T1751] Call Trace: [ 2045.853698][ T1751] dump_stack+0x172/0x1f0 [ 2045.858072][ T1751] should_fail.cold+0xa/0x15 [ 2045.862741][ T1751] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2045.868596][ T1751] ? ___might_sleep+0x163/0x280 [ 2045.873489][ T1751] __should_failslab+0x121/0x190 [ 2045.879249][ T1751] should_failslab+0x9/0x14 [ 2045.883792][ T1751] kmem_cache_alloc+0x2b2/0x6f0 [ 2045.888677][ T1751] ? __f_unlock_pos+0x19/0x20 [ 2045.893397][ T1751] getname_flags+0xd6/0x5b0 [ 2045.898028][ T1751] user_path_at_empty+0x2f/0x50 [ 2045.902919][ T1751] vfs_statx+0x129/0x200 [ 2045.907385][ T1751] ? vfs_statx_fd+0xc0/0xc0 [ 2045.911929][ T1751] ? kasan_check_write+0x14/0x20 [ 2045.916998][ T1751] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 2045.922617][ T1751] __do_sys_newlstat+0xa4/0x130 [ 2045.927505][ T1751] ? __do_sys_newstat+0x130/0x130 [ 2045.932576][ T1751] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2045.938872][ T1751] ? fput_many+0x12c/0x1a0 [ 2045.943365][ T1751] ? fput+0x1b/0x20 [ 2045.947295][ T1751] ? ksys_write+0x1f1/0x2d0 [ 2045.951846][ T1751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.957355][ T1751] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2045.962845][ T1751] ? do_syscall_64+0x26/0x610 [ 2045.967560][ T1751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.973662][ T1751] ? do_syscall_64+0x26/0x610 [ 2045.978399][ T1751] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2045.983734][ T1751] __x64_sys_newlstat+0x54/0x80 [ 2045.988637][ T1751] do_syscall_64+0x103/0x610 [ 2045.993280][ T1751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2045.999216][ T1751] RIP: 0033:0x2000000a [ 2046.003412][ T1751] Code: Bad RIP value. [ 2046.007494][ T1751] RSP: 002b:00007f60eb824bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000006 [ 2046.015930][ T1751] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2046.023959][ T1751] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000004 [ 2046.031958][ T1751] RBP: 00000000000000ff R08: 0000000000000005 R09: 0000000000000006 [ 2046.040132][ T1751] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2046.048136][ T1751] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 05:06:16 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db0000003f0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2046.064742][ T1613] memory: usage 307172kB, limit 307200kB, failcnt 12642 [ 2046.087414][ T1613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:16 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x2, 0xfffffffffffffffa, 0x0, 0x40, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x40000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) r2 = add_key(&(0x7f00000001c0)='rxrpc\x00', &(0x7f0000000400)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$assume_authority(0x10, r2) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2046.127757][ T1613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2046.145385][ T1613] Memory cgroup stats for /syz2: cache:48KB rss:89980KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:90156KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:16 executing program 4 (fault-call:0 fault-nth:2): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2046.222797][ T1613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32594,uid=0 05:06:16 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:16 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a001000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2046.321009][ T1613] Memory cgroup out of memory: Killed process 32594 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 2046.339510][ T1897] FAULT_INJECTION: forcing a failure. [ 2046.339510][ T1897] name failslab, interval 1, probability 0, space 0, times 0 [ 2046.411316][ T1897] CPU: 0 PID: 1897 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2046.419392][ T1897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2046.429481][ T1897] Call Trace: [ 2046.432810][ T1897] dump_stack+0x172/0x1f0 [ 2046.437259][ T1897] should_fail.cold+0xa/0x15 [ 2046.441880][ T1897] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2046.447717][ T1897] ? ___might_sleep+0x163/0x280 [ 2046.452598][ T1897] __should_failslab+0x121/0x190 [ 2046.457565][ T1897] should_failslab+0x9/0x14 [ 2046.462623][ T1897] kmem_cache_alloc_trace+0x2d1/0x760 [ 2046.468034][ T1897] ? ksys_write+0x1f1/0x2d0 [ 2046.472577][ T1897] fsnotify_alloc_group+0x46/0x310 [ 2046.477724][ T1897] do_inotify_init+0x49/0x640 [ 2046.482424][ T1897] ? trace_hardirqs_on+0x67/0x230 [ 2046.487468][ T1897] __ia32_sys_inotify_init+0x10/0x20 [ 2046.492777][ T1897] do_syscall_64+0x103/0x610 [ 2046.497397][ T1897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2046.503298][ T1897] RIP: 0033:0x2000000a [ 2046.507400][ T1897] Code: Bad RIP value. [ 2046.511474][ T1897] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000fd [ 2046.519900][ T1897] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2046.527882][ T1897] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2046.535869][ T1897] RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 [ 2046.535878][ T1897] R10: 0000000000000007 R11: 0000000000000282 R12: 000000000000000b [ 2046.535886][ T1897] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2046.561806][ T1884] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2046.609535][ T1884] CPU: 0 PID: 1884 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2046.617589][ T1884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2046.627683][ T1884] Call Trace: [ 2046.630999][ T1884] dump_stack+0x172/0x1f0 [ 2046.635368][ T1884] dump_header+0x10f/0xb6c [ 2046.639908][ T1884] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2046.645751][ T1884] ? ___ratelimit+0x60/0x595 [ 2046.650374][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2046.655512][ T1884] oom_kill_process.cold+0x10/0x15 [ 2046.660641][ T1884] out_of_memory+0x79a/0x1280 [ 2046.665428][ T1884] ? lock_downgrade+0x880/0x880 [ 2046.670292][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2046.676550][ T1884] ? oom_killer_disable+0x280/0x280 [ 2046.681759][ T1884] ? find_held_lock+0x35/0x130 [ 2046.686551][ T1884] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2046.692125][ T1884] ? memcg_event_wake+0x230/0x230 [ 2046.697195][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2046.702358][ T1884] ? _raw_spin_unlock+0x2d/0x50 [ 2046.707379][ T1884] try_charge+0x102c/0x15c0 [ 2046.711904][ T1884] ? find_held_lock+0x35/0x130 [ 2046.716696][ T1884] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2046.722261][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2046.728499][ T1884] ? kasan_check_read+0x11/0x20 [ 2046.733602][ T1884] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2046.739135][ T1884] mem_cgroup_try_charge+0x24d/0x5e0 [ 2046.744438][ T1884] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2046.750082][ T1884] wp_page_copy+0x408/0x1740 [ 2046.754679][ T1884] ? find_held_lock+0x35/0x130 [ 2046.759457][ T1884] ? pmd_pfn+0x1d0/0x1d0 [ 2046.763700][ T1884] ? lock_downgrade+0x880/0x880 [ 2046.769044][ T1884] ? swp_swapcount+0x540/0x540 [ 2046.773804][ T1884] ? kasan_check_read+0x11/0x20 [ 2046.778808][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2046.783950][ T1884] do_wp_page+0x48e/0x1500 [ 2046.788385][ T1884] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2046.793756][ T1884] __handle_mm_fault+0x22e8/0x3ec0 [ 2046.798873][ T1884] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2046.804423][ T1884] ? find_held_lock+0x35/0x130 [ 2046.809197][ T1884] ? handle_mm_fault+0x322/0xb30 [ 2046.814251][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2046.820511][ T1884] ? kasan_check_read+0x11/0x20 [ 2046.825385][ T1884] handle_mm_fault+0x43f/0xb30 [ 2046.830260][ T1884] __do_page_fault+0x5ef/0xda0 [ 2046.835071][ T1884] do_page_fault+0x71/0x581 [ 2046.839598][ T1884] ? page_fault+0x8/0x30 [ 2046.843833][ T1884] page_fault+0x1e/0x30 [ 2046.847978][ T1884] RIP: 0033:0x40c0f3 [ 2046.851862][ T1884] Code: 48 18 8b 4c 24 5c 89 48 24 31 c0 48 8b 8c 04 20 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 4d 71 ff ff <83> 05 0a 3f 53 00 01 80 7c 24 1e 00 74 0b f6 44 24 18 01 0f 84 89 [ 2046.871572][ T1884] RSP: 002b:0000000000a4fbd0 EFLAGS: 00010207 [ 2046.877632][ T1884] RAX: 0000000000000001 RBX: 0000000000000064 RCX: 0000000000458da9 [ 2046.885603][ T1884] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bfa8 [ 2046.893585][ T1884] RBP: 00000000000009e1 R08: 00007fec78bbf700 R09: ffffffffffffffff [ 2046.901552][ T1884] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000073bfa0 [ 2046.909692][ T1884] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000073bfac [ 2046.930780][ T1884] memory: usage 307200kB, limit 307200kB, failcnt 3175 [ 2046.941510][ T1884] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2046.949753][ T1884] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2046.957898][ T1884] Memory cgroup stats for /syz5: cache:52KB rss:203864KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204024KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2046.980871][ T1884] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=21510,uid=0 [ 2046.997175][ T1884] Memory cgroup out of memory: Killed process 21510 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35780kB, shmem-rss:0kB [ 2047.022506][ T1615] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2047.035100][ T1615] CPU: 0 PID: 1615 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2047.043195][ T1615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2047.053375][ T1615] Call Trace: [ 2047.056786][ T1615] dump_stack+0x172/0x1f0 [ 2047.061156][ T1615] dump_header+0x10f/0xb6c [ 2047.065589][ T1615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2047.071412][ T1615] ? ___ratelimit+0x60/0x595 [ 2047.076013][ T1615] ? do_raw_spin_unlock+0x57/0x270 [ 2047.081186][ T1615] oom_kill_process.cold+0x10/0x15 [ 2047.086403][ T1615] out_of_memory+0x79a/0x1280 [ 2047.091106][ T1615] ? oom_killer_disable+0x280/0x280 [ 2047.096517][ T1615] ? find_held_lock+0x35/0x130 [ 2047.101320][ T1615] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2047.106908][ T1615] ? memcg_event_wake+0x230/0x230 [ 2047.111934][ T1615] ? do_raw_spin_unlock+0x57/0x270 [ 2047.117047][ T1615] ? _raw_spin_unlock+0x2d/0x50 [ 2047.121947][ T1615] try_charge+0xa87/0x15c0 [ 2047.126394][ T1615] ? find_held_lock+0x35/0x130 [ 2047.131177][ T1615] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2047.136733][ T1615] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2047.142316][ T1615] ? find_held_lock+0x35/0x130 [ 2047.147124][ T1615] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2047.152700][ T1615] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2047.158276][ T1615] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2047.163489][ T1615] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2047.169055][ T1615] __memcg_kmem_charge+0x136/0x300 [ 2047.174188][ T1615] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2047.179569][ T1615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.185841][ T1615] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2047.191600][ T1615] ? copy_process.part.0+0x1d08/0x7980 [ 2047.197109][ T1615] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2047.202399][ T1615] ? trace_hardirqs_on+0x67/0x230 [ 2047.207432][ T1615] ? kasan_check_read+0x11/0x20 [ 2047.212289][ T1615] copy_process.part.0+0x3e0/0x7980 [ 2047.217496][ T1615] ? debug_check_no_obj_freed+0x200/0x464 [ 2047.223228][ T1615] ? find_held_lock+0x35/0x130 [ 2047.228018][ T1615] ? debug_check_no_obj_freed+0x200/0x464 [ 2047.233752][ T1615] ? kasan_check_write+0x14/0x20 [ 2047.238685][ T1615] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2047.244962][ T1615] ? filename_lookup+0x294/0x410 [ 2047.249934][ T1615] ? __cleanup_sighand+0x60/0x60 [ 2047.254886][ T1615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.261124][ T1615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.267390][ T1615] ? getname_flags+0x300/0x5b0 [ 2047.272168][ T1615] ? getname_flags+0x300/0x5b0 [ 2047.276928][ T1615] ? rcu_read_lock_sched_held+0x110/0x130 [ 2047.282652][ T1615] _do_fork+0x257/0xfd0 [ 2047.286829][ T1615] ? fork_idle+0x1d0/0x1d0 [ 2047.291263][ T1615] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.297505][ T1615] ? do_sys_truncate.part.0+0xbc/0x150 [ 2047.302965][ T1615] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2047.308443][ T1615] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2047.313910][ T1615] ? do_syscall_64+0x26/0x610 [ 2047.318579][ T1615] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2047.324649][ T1615] ? do_syscall_64+0x26/0x610 [ 2047.329351][ T1615] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2047.334658][ T1615] __ia32_sys_vfork+0x1f/0x30 [ 2047.339343][ T1615] do_syscall_64+0x103/0x610 [ 2047.343941][ T1615] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2047.349836][ T1615] RIP: 0033:0x2000000a [ 2047.353912][ T1615] Code: Bad RIP value. [ 2047.357975][ T1615] RSP: 002b:00007ff76eaabbd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003a [ 2047.366410][ T1615] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2047.374402][ T1615] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000000000a [ 2047.382394][ T1615] RBP: 0000000000000033 R08: 0000000000000005 R09: 0000000000000006 [ 2047.390382][ T1615] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2047.398369][ T1615] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2047.407093][ T1615] memory: usage 307200kB, limit 307200kB, failcnt 12682 [ 2047.414465][ T1615] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2047.422233][ T1615] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2047.429445][ T1615] Memory cgroup stats for /syz2: cache:48KB rss:90112KB rss_huge:10240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:90148KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2047.451116][ T1615] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=32766,uid=0 05:06:17 executing program 2: pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x84800) getsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000000180)={@mcast2}, &(0x7f00000001c0)=0x14) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000440)={&(0x7f0000000200), 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x178, r1, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_NET={0x64, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x120000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80000001}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x96}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_NODE={0x18, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xe78}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_BEARER={0x90, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'syz_tun\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:17 executing program 0: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x3a1001, 0x0) r1 = accept$unix(r0, 0x0, &(0x7f0000000180)) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) accept$unix(r1, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e) [ 2047.466942][ T1615] Memory cgroup out of memory: Killed process 32766 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 2047.485213][ T1044] oom_reaper: reaped process 32766 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:06:17 executing program 4 (fault-call:0 fault-nth:3): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:17 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) ioctl$TCSBRK(r0, 0x5409, 0x1) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:17 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a001a00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2047.515705][ T2028] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2047.547795][ T2039] FAULT_INJECTION: forcing a failure. [ 2047.547795][ T2039] name failslab, interval 1, probability 0, space 0, times 0 [ 2047.610699][ T2028] CPU: 1 PID: 2028 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2047.618742][ T2028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2047.629380][ T2028] Call Trace: [ 2047.632696][ T2028] dump_stack+0x172/0x1f0 [ 2047.637890][ T2028] dump_header+0x10f/0xb6c [ 2047.642345][ T2028] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2047.648365][ T2028] ? ___ratelimit+0x60/0x595 [ 2047.652987][ T2028] ? do_raw_spin_unlock+0x57/0x270 [ 2047.658132][ T2028] oom_kill_process.cold+0x10/0x15 [ 2047.663274][ T2028] out_of_memory+0x79a/0x1280 [ 2047.667980][ T2028] ? oom_killer_disable+0x280/0x280 [ 2047.673193][ T2028] ? find_held_lock+0x35/0x130 [ 2047.677992][ T2028] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2047.683594][ T2028] ? memcg_event_wake+0x230/0x230 [ 2047.688652][ T2028] ? do_raw_spin_unlock+0x57/0x270 [ 2047.693793][ T2028] ? _raw_spin_unlock+0x2d/0x50 [ 2047.698676][ T2028] try_charge+0x102c/0x15c0 [ 2047.703202][ T2028] ? find_held_lock+0x35/0x130 [ 2047.708000][ T2028] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2047.713566][ T2028] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2047.719135][ T2028] ? find_held_lock+0x35/0x130 [ 2047.723921][ T2028] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2047.729500][ T2028] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2047.735082][ T2028] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2047.740307][ T2028] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2047.745899][ T2028] __memcg_kmem_charge+0x136/0x300 [ 2047.751039][ T2028] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2047.756435][ T2028] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2047.762182][ T2028] ? copy_page_range+0x125a/0x1f90 [ 2047.767316][ T2028] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2047.773593][ T2028] alloc_pages_current+0x107/0x210 [ 2047.778757][ T2028] pte_alloc_one+0x1b/0x1a0 [ 2047.783322][ T2028] __pte_alloc+0x20/0x310 [ 2047.787697][ T2028] copy_page_range+0x1529/0x1f90 [ 2047.792656][ T2028] ? find_held_lock+0x35/0x130 [ 2047.797435][ T2028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.803717][ T2028] ? pmd_alloc+0x180/0x180 [ 2047.803736][ T2028] ? __rb_insert_augmented+0x231/0xdf0 [ 2047.803755][ T2028] ? validate_mm_rb+0xa3/0xc0 [ 2047.818328][ T2028] ? __vma_link_rb+0x279/0x370 [ 2047.823134][ T2028] copy_process.part.0+0x568b/0x7980 [ 2047.828478][ T2028] ? __cleanup_sighand+0x60/0x60 [ 2047.833440][ T2028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.839798][ T2028] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2047.846077][ T2028] ? getname_flags+0x300/0x5b0 [ 2047.850880][ T2028] ? getname_flags+0x300/0x5b0 [ 2047.855678][ T2028] ? rcu_read_lock_sched_held+0x110/0x130 [ 2047.861423][ T2028] ? kmem_cache_free+0x225/0x260 [ 2047.866383][ T2028] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2047.872303][ T2028] _do_fork+0x257/0xfd0 [ 2047.876492][ T2028] ? fork_idle+0x1d0/0x1d0 [ 2047.880925][ T2028] ? __ia32_sys_mkdir+0x80/0x80 [ 2047.885801][ T2028] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2047.891281][ T2028] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2047.896762][ T2028] ? do_syscall_64+0x26/0x610 [ 2047.901457][ T2028] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2047.907539][ T2028] ? do_syscall_64+0x26/0x610 [ 2047.912239][ T2028] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2047.917554][ T2028] __ia32_sys_fork+0x1f/0x30 [ 2047.922158][ T2028] do_syscall_64+0x103/0x610 [ 2047.926783][ T2028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2047.932700][ T2028] RIP: 0033:0x2000000a [ 2047.936793][ T2028] Code: Bad RIP value. [ 2047.940877][ T2028] RSP: 002b:00007fec78bbebd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2047.949311][ T2028] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a 05:06:17 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x10400, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f00000002c0)=0x5, 0x4) sendmsg$TIPC_CMD_SET_NODE_ADDR(r0, &(0x7f0000000280)={&(0x7f0000000180), 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x24, r1, 0x300, 0x70bd27, 0x25dfdbff, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0x3}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x11) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) ioctl$TCGETX(r0, 0x5432, &(0x7f0000000300)) 05:06:17 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x301002, 0x0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000180)="7822873d24b8e80fa49b24047c094fc3374642d4788ef2066bd38b7b892408be883210860bffa9630d9790651637db1e0fccdc337e24") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x8, 0x0, {0x0, 0x4, 0x0, 0x100000000010000}}, 0x20) [ 2047.957313][ T2028] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2047.965316][ T2028] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2047.973323][ T2028] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2047.981325][ T2028] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2047.991756][ T2039] CPU: 0 PID: 2039 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2047.999773][ T2039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2048.009845][ T2039] Call Trace: [ 2048.013155][ T2039] dump_stack+0x172/0x1f0 [ 2048.017502][ T2039] should_fail.cold+0xa/0x15 [ 2048.022122][ T2039] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2048.027953][ T2039] ? ___might_sleep+0x163/0x280 [ 2048.032820][ T2039] __should_failslab+0x121/0x190 [ 2048.037775][ T2039] should_failslab+0x9/0x14 [ 2048.042478][ T2039] kmem_cache_alloc_trace+0x2d1/0x760 [ 2048.047874][ T2039] ? __mutex_init+0xef/0x130 [ 2048.052494][ T2039] do_inotify_init+0xa2/0x640 [ 2048.057185][ T2039] ? trace_hardirqs_on+0x67/0x230 [ 2048.062226][ T2039] __ia32_sys_inotify_init+0x10/0x20 [ 2048.067524][ T2039] do_syscall_64+0x103/0x610 [ 2048.072122][ T2039] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2048.078017][ T2039] RIP: 0033:0x2000000a [ 2048.082102][ T2039] Code: Bad RIP value. [ 2048.086168][ T2039] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000fd [ 2048.094580][ T2039] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2048.102562][ T2039] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2048.110539][ T2039] RBP: 00000000000000f6 R08: 0000000000000005 R09: 0000000000000006 [ 2048.118607][ T2039] R10: 0000000000000007 R11: 0000000000000282 R12: 000000000000000b [ 2048.126583][ T2039] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2048.135737][ T2028] memory: usage 307196kB, limit 307200kB, failcnt 3200 [ 2048.142630][ T2028] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2048.198320][ T2028] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2048.244447][ T2028] Memory cgroup stats for /syz5: cache:52KB rss:203864KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204028KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2048.367681][ T2028] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=29738,uid=0 [ 2048.408211][ T2028] Memory cgroup out of memory: Killed process 29738 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35780kB, shmem-rss:0kB [ 2048.440716][ T1044] oom_reaper: reaped process 29738 (syz-executor.5), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 2048.502061][ T1884] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2048.514429][ T1884] CPU: 0 PID: 1884 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2048.522435][ T1884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2048.532533][ T1884] Call Trace: [ 2048.535847][ T1884] dump_stack+0x172/0x1f0 [ 2048.540209][ T1884] dump_header+0x10f/0xb6c [ 2048.544671][ T1884] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2048.550501][ T1884] ? ___ratelimit+0x60/0x595 [ 2048.555103][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2048.560253][ T1884] oom_kill_process.cold+0x10/0x15 [ 2048.565402][ T1884] out_of_memory+0x79a/0x1280 [ 2048.570107][ T1884] ? lock_downgrade+0x880/0x880 [ 2048.574968][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2048.581213][ T1884] ? oom_killer_disable+0x280/0x280 [ 2048.586437][ T1884] ? find_held_lock+0x35/0x130 [ 2048.591216][ T1884] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2048.596758][ T1884] ? memcg_event_wake+0x230/0x230 [ 2048.601786][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2048.606907][ T1884] ? _raw_spin_unlock+0x2d/0x50 [ 2048.611762][ T1884] try_charge+0x102c/0x15c0 [ 2048.616292][ T1884] ? find_held_lock+0x35/0x130 [ 2048.621053][ T1884] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2048.626611][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2048.632862][ T1884] ? kasan_check_read+0x11/0x20 [ 2048.637742][ T1884] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2048.643447][ T1884] mem_cgroup_try_charge+0x24d/0x5e0 [ 2048.648755][ T1884] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2048.654404][ T1884] wp_page_copy+0x408/0x1740 [ 2048.659186][ T1884] ? find_held_lock+0x35/0x130 [ 2048.663961][ T1884] ? pmd_pfn+0x1d0/0x1d0 [ 2048.668224][ T1884] ? lock_downgrade+0x880/0x880 [ 2048.673176][ T1884] ? swp_swapcount+0x540/0x540 [ 2048.677953][ T1884] ? kasan_check_read+0x11/0x20 [ 2048.682804][ T1884] ? do_raw_spin_unlock+0x57/0x270 [ 2048.687928][ T1884] do_wp_page+0x48e/0x1500 [ 2048.692368][ T1884] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2048.697764][ T1884] __handle_mm_fault+0x22e8/0x3ec0 [ 2048.702908][ T1884] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2048.708574][ T1884] ? find_held_lock+0x35/0x130 [ 2048.713444][ T1884] ? handle_mm_fault+0x322/0xb30 [ 2048.718424][ T1884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2048.724700][ T1884] ? kasan_check_read+0x11/0x20 [ 2048.729580][ T1884] handle_mm_fault+0x43f/0xb30 [ 2048.734404][ T1884] __do_page_fault+0x5ef/0xda0 [ 2048.739172][ T1884] do_page_fault+0x71/0x581 [ 2048.743680][ T1884] ? page_fault+0x8/0x30 [ 2048.747934][ T1884] page_fault+0x1e/0x30 [ 2048.752614][ T1884] RIP: 0033:0x400590 [ 2048.756500][ T1884] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 d5 52 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 2048.776964][ T1884] RSP: 002b:0000000000a4fb90 EFLAGS: 00010206 [ 2048.783026][ T1884] RAX: fffffffffffffef9 RBX: 0000000000740178 RCX: 0000000000000000 [ 2048.791013][ T1884] RDX: 0000000000000000 RSI: 0000000020000000 RDI: fffffffffffffef9 [ 2048.798980][ T1884] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 2048.806953][ T1884] R10: 0000000000a4fca0 R11: 0000000000000246 R12: 0000000000740180 [ 2048.814948][ T1884] R13: 00000000004beb51 R14: 0000000000000000 R15: 000000000073bfac [ 2048.823553][ T1884] memory: usage 306772kB, limit 307200kB, failcnt 3225 [ 2048.834541][ T1884] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2048.842146][ T1884] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2048.849583][ T1884] Memory cgroup stats for /syz5: cache:52KB rss:203864KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:203900KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2048.871762][ T1884] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=12675,uid=0 [ 2048.887612][ T1884] Memory cgroup out of memory: Killed process 12675 (syz-executor.5) total-vm:72448kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB 05:06:18 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000f423f0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:18 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x0, 0x202000) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000240)=0x0) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f0000000280)) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x4, 0x51e, 0x9, 0xfff, 0x0, 0x9, 0x349c3bd35c07779a, 0x1, 0x6, 0x7ff, 0x8, 0x8001, 0x2, 0x0, 0x3, 0x4, 0xfff, 0x5, 0x843, 0x3, 0x9, 0x40, 0x1000, 0x1000, 0x0, 0x6, 0x0, 0x100, 0x0, 0xfffffffffffffffa, 0x100000001, 0x9, 0x400, 0x2, 0x0, 0x5, 0x0, 0x1, 0x2, @perf_bp={&(0x7f0000000140), 0x9}, 0x18, 0x40, 0x4, 0x0, 0x0, 0x1f, 0x200000000000000}, r1, 0xd, r0, 0x2) ioctl$NBD_CLEAR_QUE(r0, 0xab05) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:18 executing program 4 (fault-call:0 fault-nth:4): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:18 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a004c00c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:18 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f00000013c0)="e2281e6dabc4f4178ca78a22054d09cf7d8b7ce94f1b18fad090c3dee1783f75f768e2bff8e1e40431425817c203e5a23f1dd1dafba24d23468d56388ada88f433c4ae725881b22a2310f47a9638db12b9066fbaf71c05a710043af08dfe01a76bc93108e7a02c64dc7b6710bdce8db12edb4daa6a5c51027d5bb0662456260da9caf1b76e59599f4eb50a88a4a769f0742aa61456939e77e39b1d923f9e7cdabdf5cabdb045e9bdfd57a9b952a1c814b20c126b0b08a58ecc28f7d5797f4f3414107dfadeeefeb984d71188aa749e6b6741c67e0d01f2b01fa072eb926e95089cee660f448a8f7b88286cb3fe9e8eb30c7d772468c20ff1eabf94380cd6a8e4d0edede86e238b87f179f34f63a9e90710600978e10f690e1b10d51aef88a6a67448a476e7a6e053ae1d2cc59e1033a2d27e075513605f18b86b0b1323dcdff25041ac6e08711fdda74146e9913d55c573c2cb69fd4c57aaa4e082ae6b0e9df438d6e93ed4a8f5534df20420fcd1df99b628d3be64373a9125c057c92b9f663bf084d77a33a3c1398da92b12f7ebfb75d37353c320eb2b5a78de9eb5b8f534be861f129ae41d4895047c8abe7dd03eb4cc31dbbc1f2cb3c07d501614e359d413f9815de08def2d6a5ebe9208b97f6ed08ed9e8f2194c7207abdde6f3bb7ea44140f83204cf1ed297306fead8643de3c70c3ee3966ab0d617e90b5528f94fa5e277aaeb82e035657488db881910269b4a482d9558f8cbc2b6479e917a173e48ef922c1376563ad0e04192463f913ae01e5eb4a529a706550d478a7185d8c6b8bbffff199e8c55eaab9836ead77406b3e39e8c91719012d899fb2a1cef971b9137ee912f762df163e3512f0287fc75dd1b80b5c03959eca3c6e310d0e5993c46d70199e7cc9f493b6bd47ed819cd1042a559c25ed21d80c707c7e3e1b6ec80e02e3a82e5ab45d2154f6a6c5935ed9407edc5f6d909b6e9c459993f6d17bc7f78aa7efe39c35c4b908f3be460d3e2710a03ef462bc83ddff1aac60f25b75fdf8c179b7f90574b72ebc1bcb5658b9b256f186be70d88986d96b6324e012977e017a1bcd7fb94dc536ed36f93c4a7cac26357ee8916f78b86c3329c80b102995f5aaf5ac6277346f685478d58273cefb6a9af3059aa207749ebf081b37dd9ad27437d0dc4c4eab33682dd35b33d7024667ac438772382609b46d56a2c6ff6ae1dea83d08c75ff941b9aca12ee7980998023a298f70a118596007ef4274af110a21b5264242ca7df3a4052e310d66ff6cdde185609eefb2cff61f4d6df91fbf6ad0392e7063066443c5e6e490ecc73f3414553f106ebe2f79c7dba2fec1bc4438b8940c4ae34aeb1ac3c124b9d6069e99b182ed252bc9dfa96ddb65093ae8c7349adfb87c6c05e6bfe197e54f2211ca35b55608aee43b14277cd64a05a6b1e80cfe4f5377e81f1a6e1029a32bd0c7ffab695e4d298931bc09013eb2485a7a8019ed55dd94b6aa3e6b8f022f02f886b810730e98943b841c0b9fe3024744ce3bb93f7eaa8635d7a3f4ae01c5f6b8ce21791ee50bbf05b2e9a894e6be98adb36bfc948f16f23f903b8c610cfb1f245801c496733b166e46ecb57d1e168a46991bee270b5ceac6d614b567741103b67db2cf0c17a07094ed3ad354888dc5496ae35ae88de1770a77a5017aaf92bc1b60601a990a11f7977c0791dd6599865fd648e857933e5217d19d45b80cee93274173921a709f584e78e9b557320231c83f9a52f7319c8ba1e5ce63501b13528ac7c9db5ef06bde599dedf3306e06236a80e9c838a90e2709a888458c637d1f99058b388bda9eb118738db6a3a9cdaa0d5c8fe736014e20c5bef6651204fd084598a1a0ba1c5a30414a783d763b63215e7e84b0e1ecb681a9b04b3ac7abae68affe7082aac63d1b6ebf6e8d500136a619404c32f32ab27b7843782095dbdffad32a6f92321367b851a84897cf8ac4f62f4dedf77f9c2f9d8da2b64509e5f3a8fe059486791a00e78cce5aa3746f8f48e1514026f6ece3fcbf301092f127d3b19c4ba14b073c0553bf2081697ec14269ab86523eb2c612e95790cdc13e7e84812e697e5b227122bf03202b0d4da74f6332484ba55730b2e222cc7c8dca75631f98b7ac68448c922b6b54b5b482ad891c624a329a047d70ded4cde1a3da14fee2fa99c4fe2d67b96cd5391250112f624ecbdd3e43cc8825820bf39e5187c853a3a09be6416a133679faa5585440870e37e11ccd3c707288b646380a59c56b8a854328a43a16fa9b9accbde7b81101a1551a980b7ec20e3e153a892d7ea7033d077e08fba58130444bad245c896f48143a6563344cf80fa82e529003d7a9ee8dcd8cd76e610618206b2199be46280c2d386729cec3f523a036cf30c2f8b53a56381702ca5f1bf2abf9afa8e8b589bfc08175084845da2e2e44f3eabce27679e066c1ad5ae8b1eddc712034463adf44f8db1a4a4795567f5be99517e592716eab05d0f51757bcf7a147cf5d9fc116483abc7a7c1284f625f39ca3106630541559948cc254cb942675084aec5fbf09639b5ec943821c916bc9c13e727eda5d0fc289904f7f48b45be0640ae5a8e5839a0a1be34afedd7306aed86fc908b87f63d998ffbaf82c3cec40e254242b3ab7db8ee5162cf0dcd3151195335503642b9e213a6aa5c0875960cf5698c84fc11874bd3a540df021a6df611a0a93996e8e5c4069c31713fe69423ff968cacd8a131d1fec3c0198505dcc99ca1b6cd475e1d664dd26e7bc698a323f1ef62dbe22f9ebe07f885335bd89de6e144d27c97e9169aa93bbd49a7a5931d67fed3c827c6d3b600fb4bfa4ca84d18b6a23e6895010c2fdf6e0aec0c0bf6766e8b7ffcb59f200b79c67212c0e34a0e46087dff090f8e9f9d7081bc719c0fb89b2cd2489e501a68f051adf011791a70fcca918ad9e2d9de4c9b8379ea48dc42accf1697fcc71ac6304c1dbe4d689673e03208773636af6b992d39fa3435a15321a3d258d8b55f8703bd32244fca9adcb15a035d7f54fa6ce898edb2b1e449c81f6ce55a514938ddcfd1798e98d0f7ef2cb5a2719d7997c286dd63a4f6a44dd496bbf52f7e9f59c84318690539460f2088621731492e59d925304e03baf4ae9575687f324f587933b8f6532668e67c857799813ac652626f35e8873f8c6fdce1a1b48a9a128c6b5941006f021827a0160390ff1143c5afb08fce72310bad2a53cad03d22cb16c4dfb6520af72c5e45fae36198ae870845848ceaf31703800d0aa940960958a40b97b6edf40519137ef407dad7a06f05ee21d40b265c7b3056e283000ff437cd326790f03ffdcf523d9bdcfd4d6fbf13b2cb23409d923a1de2abefd60c05889bb95a3240ee624a9795db1d53aa355e1a0bf9d0d0e37fde9231eb615f20fe4e168eaf587cd00e7cc8a0e6dc0694d3ff21466076d3c96d19dd8ffe2fdb0f30cad6193981ba8c517c260e3b5a934b81b774dcf2583ec7ebc8080b1d45cba4caddc6e7482b87ff5cd1ec46c8e9abb8b674083b8dd962535b9cfff371ee031e7e4c4e9d351475c78a5af966ed814bee2183f85071f67372aee8ac4ba0ac8f3dd7b27497ad744fe7f837e777c7f5819e8481e97d11b225ced190cf8236ea463c7ade26c74c7c121d4ff0a167ef4f7cbd2ef26e3fb5d274379babac31e6f2dba2fe6743bcef1c1f067304c8480d84c168a4f644fd11d59bdc4b08c6c9ab265bf9030fdf1e2b9195525e76852c29b46dd51515173a57cbb4fc5ffe5a4f3107ef9b48867882fb4a7dc1f4f8f9022eb5f2e9f9e028f5da4bdcf5ba57580b4db5f39d919a19e877ad949216d6b0516f31385346667941b366bab5c1871e7a2fde2ceb243717fbe0b08b6317b562e4bc784828241fd732cfe0183ab1401ab46534cf0509ffade60a5f53f0eb2c94ee1f269075bbf8e4102412781abd2ea7cefda8777a6cc0dcc194895f78abf5f8ccd302c4c186060c4ebcddc252a1ece57ded2f74b4edddfa1d3508054b36b80d55f9d06c8002cc4095fc340451aabecc8209a4d917d0ba5ec781b641764fc24cc33477f2ece6c416f44bbe8f5111212f1c13dec1e434bbba24b364e09308aa4ec1ac0dbe0a810c5463aa1684ad56df838fd56a4a762eba21aef144bfba15737d4e560bde900b4e7499570671da3c254fdc862ec4e721c7138f86cb8adac50d94f3e74a03635ca44de40bb74b27cd33b85c40453d3ddce220d474f3541cff581df997828862493f4210cbb1930b41a9e74e451c9847773bad878b4bb027b679e100916bc9a2042b460d5cde28c10ac9bb921efb36c13f91121d92de9fc997e43ce22990f4f832e09cce1ad2514b40b30015129ea78e9e4dee547944dc1e248d32ad6798e72a29f61888f7975b61e835ab7e43fdeeeacd516a76aa72fc8eaba425ba045492fb9ac80bcfbdf429f05ffc0dec70c3b4ca9e5a5bc4689ba58788f998f611957c46651d38ccd7d832b123d82c84acf34a39e8a7d3a1dfbc34d39df74773df512779699cf9d681657b5b66c2a4634131aeddf84f0b64b6760ce4df056d5c60489769dd66c4256521a8d6e28cd6401a434406723cc27976a109aa9d535fe210ae1b5352f31c789f29f0b41a59a74e00871ed1e8c2c23d5a497288033aac1503380691289f3088d268416b7e0e852eb685085b3d1e14bdbbf1713f97bb1b2bc3564e7d28b9d3c5844c936050b55f6cc1557b192f49dc7c7fa5356801a398bd8d5bc7cbad7680bd34917e8e5f3e4297e2379df12ad6dc22e74a88478e7c24caa5d472a9e3b1618e89228dbabc537222637bcfffbb768a9f591d6cd4e557c9e1ef34853bd1aba817a12bee47746d76862586496a24603b6ed5dd24696a302d255518744d06283dd0d6e40ede926a7a5017b869f833c7637a8dc3dccb1db385d9da331d94a10f43572245c81d050e21813a222ccc25988a788945b4b080304e834dd94dc512c79f6d8ffa4e5f8a21e3354c5b25490d73a20ebd5ee3062898a7fe59df1829205d5c1943cc24aead52163244c81f28593b2eb7535d42077812016d78b9e865ff8a031f7406183e7350175c7001932a5f498d47b9d96993b96daff6ee4ab8c5597259a82d12b07712e8f1deda26a23f065bfe0b09e5b83408403fd403acdaa21c71e439010f0c9211490e42c6dc95b23bf5cff36d29ec249ff9369bb2587401e05745a472ab68ad88e66cdb8096c22489bfff215b7e4a12d5a61bde1f0db172603ce83205303e0c9f15af70234403419e719fe742d272ba82b7257ea4aab303c13e97216eb6b33bc72b9ff59d8ffdbceefdd3abf2c8cd50169e053316b76991e95d646150bcf7d889acb5fa769812356de5697f2ac3ceec57d194c28774d48ee5064a247338b949c8ccfbe92f07bd10782bc1129050b003b41baf777bdc32fc8e1d6094d9fc3324934f531cb0bdbf5ba1c2037ac07db1b691d232270a8c54e51e7cc12c70a98d84ec60bcaf7e0d1ba0871bafb4f19f9bb4b2bffef516e1b8cade37e3d1734b5136428d6ef5590c0717c1302e9f2a724fa34e2c74d298145abe6b0fbb5340018a3ddafe65f7f12e71a34abcd4c449a714695020a3fa364861709b097d34b3d90ca951183efe15bdfedb483c5fcf7d8e78cc88c3e0554596eee7f2ff002909d08d2f0df5da88f973a96f794bddf13edb8b9992910d8f2922cbce67961574d7e00f41be8d252bb95f218df125cc393f74256108b6d20b12eae5185eaab53f6338a16056d122ab7bf06c07564981d7e75004d7fc4ea5d61c", 0x1000, 0xfffffffffffffffb) keyctl$update(0x2, r1, 0x0, 0x0) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd53b, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r2, 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000600)={0x11c, r4, 0x2, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7fff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100000000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}]}, @TIPC_NLA_BEARER={0xa0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x5712, @dev={0xfe, 0x80, [], 0x1f}, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'bond0\x00'}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x16}}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x3, @remote, 0x4}}}}]}, @TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x10, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x40}, 0x48000) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:18 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x80080, 0x0) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000000180)={0x5000, 0xd000, 0x7, 0x1, 0x181}) [ 2048.905649][ T1044] oom_reaper: reaped process 12675 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2048.957421][ T2311] FAULT_INJECTION: forcing a failure. [ 2048.957421][ T2311] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.044821][ T2311] CPU: 1 PID: 2311 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2049.053320][ T2311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2049.063411][ T2311] Call Trace: [ 2049.066740][ T2311] dump_stack+0x172/0x1f0 [ 2049.071110][ T2311] should_fail.cold+0xa/0x15 [ 2049.075922][ T2311] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2049.081768][ T2311] ? ___might_sleep+0x163/0x280 [ 2049.086653][ T2311] __should_failslab+0x121/0x190 [ 2049.091619][ T2311] should_failslab+0x9/0x14 [ 2049.096147][ T2311] kmem_cache_alloc+0x2b2/0x6f0 [ 2049.101022][ T2311] ? __fget+0x381/0x550 [ 2049.105217][ T2311] getname_flags+0xd6/0x5b0 [ 2049.109752][ T2311] user_path_at_empty+0x2f/0x50 [ 2049.114634][ T2311] do_utimes+0x1ce/0x350 [ 2049.118909][ T2311] ? utimes_common.isra.0+0x600/0x600 [ 2049.124307][ T2311] ? do_mq_notify+0x2e0/0xd50 [ 2049.129028][ T2311] do_futimesat+0x147/0x1c0 [ 2049.133553][ T2311] ? do_utimes+0x350/0x350 [ 2049.137992][ T2311] ? __x64_sys_mq_notify+0x10a/0x170 [ 2049.143301][ T2311] ? __ia32_sys_mq_timedreceive+0x260/0x260 [ 2049.149230][ T2311] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2049.154713][ T2311] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2049.160196][ T2311] ? do_syscall_64+0x26/0x610 [ 2049.164903][ T2311] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2049.170994][ T2311] ? do_syscall_64+0x26/0x610 [ 2049.175704][ T2311] __x64_sys_utimes+0x59/0x80 [ 2049.180410][ T2311] do_syscall_64+0x103/0x610 [ 2049.185026][ T2311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2049.190931][ T2311] RIP: 0033:0x2000000a [ 2049.195014][ T2311] Code: Bad RIP value. [ 2049.199081][ T2311] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000286 ORIG_RAX: 00000000000000eb [ 2049.207500][ T2311] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2049.215480][ T2311] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2049.223464][ T2311] RBP: 00000000000000e4 R08: 0000000000000005 R09: 0000000000000006 [ 2049.231447][ T2311] R10: 0000000000000007 R11: 0000000000000286 R12: 000000000000000b 05:06:19 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000480)=""/141) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) openat$vsock(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vsock\x00', 0x408c82, 0x0) r3 = accept$alg(r2, 0x0, 0x0) sendto$inet(r1, &(0x7f00000003c0)="92b5f97be6a6d16635610adc49390734f0b88cc0595642fb350c6c378ff457bebb68a3e4feb7449e7882177d8e1c4ca7af67bff6c5433119", 0x38, 0x20040040, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2049.239433][ T2311] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 05:06:19 executing program 2: write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:19 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbffffff3f0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:19 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a008800c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:19 executing program 0: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dlm-control\x00', 0x8000, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f00000003c0)={0x5, 0x8, 0xffffffffffffffff, 0x8000}, 0x10) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000400)={0x0, 0xae}, &(0x7f0000000440)=0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000480)={r1, @in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xc1, 0xffff, 0x8001, 0x9, 0x40}, &(0x7f0000000540)=0x98) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x400200, 0x0) dup(r0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffff9c, 0x84, 0x6d, &(0x7f0000000580)=ANY=[@ANYRES32=0x0, @ANYBLOB="c100a700a993ccd2198c39879c4f054c4770dce2b51a8fa788e4158a4420ec1343bf40c57718020c790f3b51d997e8d49765bbe047034f76579626e87a53efbf69499ee74319d873f740c729ca11fd01b1fc15e1a472c97ca1b670deff0f00000ad1ddc2bf65816d2f589aaf0ddb6d6bcba495da3d1bbc4cfd9c708e0e2f560f5b069188493078f0582395f1085981406ed925c4f3601ebbc0b14529165aa27a46dd26b6ad74bb9531dc79262c47e96e80c3d34e0e2ff74507691afb58ceab11ea77d9b1571a52da02ae411d47c8a9fa2fe4a780de1e7d33166e70f8da"], &(0x7f0000000280)=0xc9) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f00000002c0)={r3, @in={{0x2, 0x4e23, @loopback}}}, 0x84) 05:06:19 executing program 4 (fault-call:0 fault-nth:5): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:19 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x40040, 0x0) read$FUSE(r0, &(0x7f0000000180), 0x1000) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000001180), &(0x7f00000011c0)=0x4) [ 2049.526392][ T2455] FAULT_INJECTION: forcing a failure. [ 2049.526392][ T2455] name failslab, interval 1, probability 0, space 0, times 0 05:06:19 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) io_setup(0x2, &(0x7f00000003c0)) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2049.618208][ T2455] CPU: 1 PID: 2455 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2049.626247][ T2455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2049.636767][ T2455] Call Trace: [ 2049.640086][ T2455] dump_stack+0x172/0x1f0 [ 2049.644446][ T2455] should_fail.cold+0xa/0x15 [ 2049.649063][ T2455] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2049.654903][ T2455] ? ___might_sleep+0x163/0x280 [ 2049.659781][ T2455] __should_failslab+0x121/0x190 [ 2049.664738][ T2455] should_failslab+0x9/0x14 [ 2049.669260][ T2455] kmem_cache_alloc+0x2b2/0x6f0 [ 2049.674130][ T2455] ? kasan_check_read+0x11/0x20 [ 2049.679007][ T2455] getname_flags+0xd6/0x5b0 [ 2049.683535][ T2455] user_path_at_empty+0x2f/0x50 [ 2049.688445][ T2455] path_listxattr+0x98/0x160 [ 2049.693065][ T2455] ? listxattr+0x150/0x150 [ 2049.697850][ T2455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2049.703345][ T2455] ? do_syscall_64+0x26/0x610 [ 2049.708476][ T2455] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2049.714566][ T2455] ? do_syscall_64+0x26/0x610 [ 2049.719270][ T2455] __x64_sys_listxattr+0x78/0xb0 [ 2049.724248][ T2455] do_syscall_64+0x103/0x610 [ 2049.728954][ T2455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2049.735099][ T2455] RIP: 0033:0x2000000a [ 2049.739197][ T2455] Code: Bad RIP value. [ 2049.743274][ T2455] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000c2 [ 2049.751714][ T2455] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2049.759704][ T2455] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 05:06:19 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x1000, 0x0) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000180)=0x1f) ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f00000001c0)=0x100000001) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000200)=0x0) ptrace$getregs(0xc, r1, 0x174, &(0x7f0000000240)=""/4096) [ 2049.767793][ T2455] RBP: 00000000000000bb R08: 0000000000000005 R09: 0000000000000006 [ 2049.775785][ T2455] R10: 0000000000000007 R11: 0000000000000282 R12: 000000000000000b [ 2049.783774][ T2455] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 05:06:19 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00c000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:20 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000400f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:20 executing program 2: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) r1 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f00000002c0)={0x0, @bt={0x9, 0x3, 0x0, 0x3, 0x5, 0x5, 0x13, 0x0, 0x5, 0xbd7, 0x9, 0x100, 0x1000000000000, 0x4, 0x18, 0x18}}) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x8905, &(0x7f00000000c0)) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000080)=0x9) prctl$PR_GET_CHILD_SUBREAPER(0x25) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x0, 0x1}}, 0x20) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000280)={0xfffffffffffffffe}, 0x1) 05:06:20 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$cec(&(0x7f00000001c0)='/dev/cec#\x00', 0x3, 0x2) write$FUSE_GETXATTR(r0, &(0x7f0000000200)={0x18, 0xffffffffffffffda, 0x3, {0x10001}}, 0x18) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000180)={0x18, 0x1, 0x0, {0xd61}}, 0x18) fstatfs(r0, &(0x7f0000000240)=""/132) 05:06:20 executing program 4 (fault-call:0 fault-nth:6): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:20 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000402c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2050.302656][ T2636] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2050.323507][ T2642] FAULT_INJECTION: forcing a failure. [ 2050.323507][ T2642] name failslab, interval 1, probability 0, space 0, times 0 05:06:20 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x20) r0 = accept4$packet(0xffffffffffffff9c, 0x0, &(0x7f0000000140), 0x80000) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f00000003c0)=0x3fd) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.stat\x00', 0x0, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/urandom\x00', 0x402000, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={0x0, 0x8}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000400)={r2, 0x62, "f88b66f7b85d717a3d384de2070f4cfcda2c0ffe9f12503cf8baf9c297a95e4c151a3ca200c5a9fae50b5c8903bd3714b7a559b2e3a87f1f34a34846238666e8442c0e610feaeead307ac90805103b8d40313cd19e3e0b8a8945268c0b0aefffb380"}, &(0x7f0000000480)=0x6a) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000540)='IPVS\x00') r4 = socket(0x1e, 0x4, 0x0) r5 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000080)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000265000)=@req={0x3fc}, 0x3) sendmmsg(r4, &(0x7f0000005140)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000001600)=@nfc, 0x80, 0x0}}], 0x2, 0x0) sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x410000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00012bbd705d7d0dfb452d257f000800040004000000"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000) setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000200), 0x4) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, &(0x7f0000000380)) [ 2050.412136][ T2642] CPU: 0 PID: 2642 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2050.420177][ T2642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2050.430248][ T2642] Call Trace: [ 2050.433568][ T2642] dump_stack+0x172/0x1f0 [ 2050.437936][ T2642] should_fail.cold+0xa/0x15 [ 2050.442558][ T2642] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2050.448403][ T2642] ? ___might_sleep+0x163/0x280 [ 2050.453279][ T2642] __should_failslab+0x121/0x190 [ 2050.458239][ T2642] should_failslab+0x9/0x14 [ 2050.462767][ T2642] kmem_cache_alloc+0x2b2/0x6f0 [ 2050.467637][ T2642] ? find_held_lock+0x35/0x130 [ 2050.472426][ T2642] ? __fget+0x35a/0x550 [ 2050.476635][ T2642] getname_flags+0xd6/0x5b0 [ 2050.481174][ T2642] do_renameat2+0x199/0xc40 [ 2050.485713][ T2642] ? user_path_create+0x50/0x50 [ 2050.490589][ T2642] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2050.496871][ T2642] ? ksys_dup3+0x3e0/0x3e0 [ 2050.501317][ T2642] ? _copy_to_user+0xc9/0x120 [ 2050.506046][ T2642] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2050.511667][ T2642] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2050.517256][ T2642] ? do_syscall_64+0x26/0x610 [ 2050.521971][ T2642] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2050.528330][ T2642] ? do_syscall_64+0x26/0x610 [ 2050.533057][ T2642] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2050.538483][ T2642] __x64_sys_rename+0x61/0x80 [ 2050.543194][ T2642] do_syscall_64+0x103/0x610 [ 2050.547815][ T2642] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2050.553723][ T2642] RIP: 0033:0x2000000a [ 2050.557821][ T2642] Code: Bad RIP value. 05:06:20 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000600f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2050.561900][ T2642] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000052 [ 2050.570330][ T2642] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2050.578605][ T2642] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2050.586863][ T2642] RBP: 000000000000004b R08: 0000000000000005 R09: 0000000000000006 [ 2050.594863][ T2642] R10: 0000000000000007 R11: 0000000000000202 R12: 000000000000000b [ 2050.602863][ T2642] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2050.623786][ T2636] CPU: 1 PID: 2636 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2050.631832][ T2636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2050.641914][ T2636] Call Trace: [ 2050.645238][ T2636] dump_stack+0x172/0x1f0 [ 2050.649598][ T2636] dump_header+0x10f/0xb6c [ 2050.654045][ T2636] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2050.659876][ T2636] ? ___ratelimit+0x60/0x595 [ 2050.664536][ T2636] ? do_raw_spin_unlock+0x57/0x270 [ 2050.669666][ T2636] oom_kill_process.cold+0x10/0x15 [ 2050.674797][ T2636] out_of_memory+0x79a/0x1280 [ 2050.679522][ T2636] ? lock_downgrade+0x880/0x880 [ 2050.684434][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2050.690734][ T2636] ? oom_killer_disable+0x280/0x280 [ 2050.695952][ T2636] ? find_held_lock+0x35/0x130 [ 2050.700746][ T2636] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2050.706398][ T2636] ? memcg_event_wake+0x230/0x230 [ 2050.711452][ T2636] ? do_raw_spin_unlock+0x57/0x270 [ 2050.723894][ T2636] ? _raw_spin_unlock+0x2d/0x50 [ 2050.729238][ T2636] try_charge+0x102c/0x15c0 [ 2050.729254][ T2636] ? find_held_lock+0x35/0x130 [ 2050.729276][ T2636] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2050.729290][ T2636] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2050.729310][ T2636] ? find_held_lock+0x35/0x130 [ 2050.744153][ T2636] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2050.744180][ T2636] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2050.744195][ T2636] ? memcg_kmem_put_cache+0xb0/0xb0 05:06:20 executing program 4 (fault-call:0 fault-nth:7): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2050.744212][ T2636] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2050.744229][ T2636] __memcg_kmem_charge+0x136/0x300 [ 2050.744249][ T2636] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2050.744264][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2050.744288][ T2636] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2050.796176][ T2773] FAULT_INJECTION: forcing a failure. [ 2050.796176][ T2773] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2050.799839][ T2636] ? copy_process.part.0+0x1d08/0x7980 [ 2050.818522][ T2636] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2050.823843][ T2636] ? trace_hardirqs_on+0x67/0x230 [ 2050.828972][ T2636] ? kasan_check_read+0x11/0x20 [ 2050.833844][ T2636] copy_process.part.0+0x3e0/0x7980 [ 2050.839068][ T2636] ? debug_check_no_obj_freed+0x200/0x464 [ 2050.844801][ T2636] ? find_held_lock+0x35/0x130 [ 2050.849667][ T2636] ? debug_check_no_obj_freed+0x200/0x464 [ 2050.855399][ T2636] ? kasan_check_write+0x14/0x20 [ 2050.860351][ T2636] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2050.866601][ T2636] ? filename_parentat.isra.0+0x2d5/0x410 [ 2050.872588][ T2636] ? getname+0x20/0x20 [ 2050.876676][ T2636] ? __cleanup_sighand+0x60/0x60 [ 2050.881636][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2050.887894][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2050.894156][ T2636] ? getname_flags+0x300/0x5b0 [ 2050.898934][ T2636] ? getname_flags+0x300/0x5b0 [ 2050.903720][ T2636] ? rcu_read_lock_sched_held+0x110/0x130 [ 2050.909463][ T2636] ? kmem_cache_free+0x225/0x260 [ 2050.914428][ T2636] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2050.920350][ T2636] _do_fork+0x257/0xfd0 [ 2050.924548][ T2636] ? fork_idle+0x1d0/0x1d0 [ 2050.928980][ T2636] ? __ia32_sys_mkdir+0x80/0x80 [ 2050.933874][ T2636] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2050.939379][ T2636] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2050.944887][ T2636] ? do_syscall_64+0x26/0x610 [ 2050.949600][ T2636] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2050.955704][ T2636] ? do_syscall_64+0x26/0x610 [ 2050.960422][ T2636] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2050.965758][ T2636] __ia32_sys_fork+0x1f/0x30 [ 2050.970391][ T2636] do_syscall_64+0x103/0x610 [ 2050.975024][ T2636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2050.980949][ T2636] RIP: 0033:0x2000000a [ 2050.985044][ T2636] Code: Bad RIP value. [ 2050.989115][ T2636] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2050.997551][ T2636] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2051.005546][ T2636] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2051.013545][ T2636] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2051.021542][ T2636] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2051.029642][ T2636] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2051.037669][ T2773] CPU: 0 PID: 2773 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2051.045688][ T2773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2051.055766][ T2773] Call Trace: [ 2051.059083][ T2773] dump_stack+0x172/0x1f0 [ 2051.063442][ T2773] should_fail.cold+0xa/0x15 [ 2051.068051][ T2773] ? fixup_exception+0xad/0xe0 [ 2051.072833][ T2773] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2051.078665][ T2773] ? __lock_acquire+0x548/0x3fb0 [ 2051.083613][ T2773] ? __lock_acquire+0x548/0x3fb0 [ 2051.087673][ T2636] memory: usage 307200kB, limit 307200kB, failcnt 3281 [ 2051.088563][ T2773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2051.088585][ T2773] should_fail_alloc_page+0x50/0x60 [ 2051.088601][ T2773] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2051.088627][ T2773] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2051.104797][ T2636] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:21 executing program 0: r0 = syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x0, 0x2) write$FUSE_IOCTL(r0, &(0x7f0000000180)={0x20, 0xfffffffffffffffe, 0x5, {0x7f, 0x4, 0x4}}, 0x20) connect$rxrpc(r0, &(0x7f00000012c0)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0xda, @remote, 0x5}}, 0x24) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000011c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000001200)=0x18) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000001240)={r1, 0x8}, &(0x7f0000001280)=0x8) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f00000001c0)="89b4bb637a93ee9c85c2175c0d4266b5aea8909f17192832916add0f27505998a141e3047b0c3bbe6581828dc6061fc28959903760aa4989d2a308ea6e6b06be6b1c8da32f9981565815d4857e5c2f6cb4ede17e0bc5b0b910117a4dc4a958708829d3148b12c66d0885eb44b440cc098a8fe01a614ca712eb9a205233209dab62d9a6d3ee0f1f63e6589a4e449006b7d8efc93b8a11f474d6af6ef70ea0401958c7ced50b36145bc69a6af28cd9aed0c537f5610a6b960d788a740b87666eddb4cd42030ac5c0457de2b7216cead6ec8d03d62991521fcf43e5dce1114f1f99e44888dafd5434a196db2b115777739dad0b6aa3c0acb4777dbdbac11cebc79adcbc2991984bc242d8c88f1afe1189134c37adb1022c1ef17495b8e86576d57f633eadffe155abddfac8b02221d1977cc53e357606d76cea8054f9b93a5640f3152b80538bd21c98790f63dd4c92586a73824fb1b4e9682add0d9a31d6a9c7b7103fc13a6677df029313bfbb6b0b72026bb70e7a946a3044a01ff45c3c8f50d2aa028741c503db314362124b91c8c0a73c0356434063c3c26def35400dd25837aa06efbd0e81629f6db644c0b6cf1a8e7f01873b069e007d8abe510e4f07560d5ad03d3c76950d00b5da65701341c0ee02474d79fda8b8b8c10f6696e1faac6b134e470bf7507a5a82a5c2a0a9047b9f7e4bd2fb1b0a0c9e1444609ba42ce4dce7fc2b5e601ccd2a6b30a748f6cae039b4ca64fd0f43fadae728d31d2fc411839710ed1675bfa421778b6896ceb13e7eb61ec254d17f0edb021edc03e38aee37ddbed3c788a2448366335b77f3c0d17a14b3ccde22a006377b361f3d3fe83ce21e2ee6c945a385ededf46aa7743d5f765fa0dfd9538eaa716d7122e60cc5a413444ebb8987d02895c523acba635b51d92b3a39e8eb0f8cadd44c4d81b797862bc4caa686dcc2b91cd74175b39d3d3e0c258c85fa83be3a72b0e80409690f3fa2b85316124ecc0b08037602064f1b11e09d3beb9e881ea8f89ad62c9991b1ed23c7a81b3b891c0c9e115c5eab27e8b2855bdc8ad11debc5510af19cd040ea1dd3664c21de322f66d3397f37ec7552fdaa14dd5d36caf62945b5e03b2faf64a89407f6cd6fc2cf8877bc9e493f0706b19f866e3a7f69958fe707546d7ae5ee4b22c73ff9bfa90521a5b62d2f347b56289b43486293733c19c14021f47763bb5bad363d45652ae4e2deff0a501d4fc9fb8919cbe0e8f66494fa83a6ddcf1e49bcc2b40ca0c02efe6ca43a1e9443b8a34269527ac5c261f3baa9eabfdce711a44e6605ac8ec5bb07a806bd372a99130f01f9ae137b5b6f45ec972971734c5c64f44e4ce6c6eb7263c1ce8570a47015db12aa5ac6ceab7c7f10ac28f7d23f959fedbce3247db0a2644feb5bac21bd61525829271eec5b9e4cde798e469c6b7d7f205d8c4a9a98527f8b32074eb1539f5b799dd4ed88287c32acf1928b8e86f4cb60587b521ad4cbd7f6de1f1a514f716f53aadc546fca177b884a8723352b3ab472c5eecd7931cfe4ef128ccaf4167e608dca6e9a3a14cab5a436e916c9d461603310976ea6c2b0406785f2e769eb4243f40f779b3a54a824bec907d2277fe2604c939a07e256a89a850b85eb3cab815cc873e17661723f3cd96fc2162177cea7db1f2825414d64a57721dd4537cfa8e21e621ad18ab065c13f233cdc7569824ff1202894ddc0fef533da8b9418e789bcdb53ef2bbf197a1cd52e3fa757b036b9ef56f91650557ba514d6cfd4b2359be77919f71d0d68c02e112337a82dd855e77d1df3cda4c81e5769b5bb04f93aa8bc8b45e911441e568df13c1b0c581a62dffe31f1eb00d7f4883bb0679591dda206acfd9366f1a2f274d091b44cb4e2005e931b53f88ff9e7231a99a6e5cf5c14ec39cda2789f961d9435f904299a35009c33f31790786c433189ddb520033e275f0a48eef5a470b8d9861c652e17184fead8fc06450afd24309b7b6851122f869400d201d4864ceb37828d5ff266219acd7f8fb2da360b7760e18f9cf24b9dcdf7421e688ab9b58a7e67b742d2bd9a8a039055a05f36b49447a03e2e8dfac4327ed80bec097cd32492efb68068633731467e906090ebee18e7c00f4cd3eb0f54782341d0bed8b149354fff95acbcc3d9e94d7ec585e2c8706835cf5b614240e856e12c316e29130e0aef93272f50569f9c0bd72cb0fdb682185b76acbf7d6df6748958f7bf967c56043463a739d4277d90c3902210179307415f2b3ed60a15345988ba393f542d45c59da8e043514ddb344ac5173d10f215a8c73d48b57d3a917a3a08e1a0b8f59ff0221b6944a7f80a87b7869a08ca7048afb8a636b77d8888a395b55076102278ad7b239f9e7d4ce3f859ee9f7a065530db4a0f575409e4822797ee29edef01c01c96cba666c6adfd0007da8d0e4d6af6f1045a9eacbdffde7f1308f1dab4dfd95311a711560ddc257e117212cf60246eaa9e74a2bc14e593f9b96007c2022b2af15783266e4bbab72f984c67110b3d57c0562c45cc7b65a6f84c68505036478aaf8c72abd0cbc490da770ac00e2f270841e57a274017d9127af0fa02ecca78d357469b1e036fb327e5ca826e471512226bda0438596f6f0ff6a9baad2f79d8c2196597d46baf5ffcb2777b88dd087285af7b59acda7df909677a34d75c5b677f07e4e24aa0d0df1a8fab2bf3e177ad7ddba089b0fb2149feb7854aed8babbde418406df2eb997ee61bbee9aedf6ff746924722086efa91391dc6fb663e1123ea66d44e39f28a0a81b51bae7ea25a323249fa4ceca9a4ed0c0848f5d0327f06437c0d6a88b6c50deab77b194dfbd8d91075cf7af82385937025511247991b4c5cf138fd6708deafb212896c3b3dcd7a8c0c81f375720b18b1f94e00d721c695bcbe7899ff02660668364decc78704cb8f2aeebaffa595fe4269e663143de254baf8f865e38b774820910a518beedae25f9466936e0a13c42c4b279a4147f95f47726a70b0f51d49595c756f408ff8ea41f7e8c0f917ac98b6dedea8eab1f1167d7442a388fc311d96153ea6e4d413de7fda7e91a1c70ec754a4e8a2ea8a5eceb2b13f48c385229fd9c247a75b051eb2ff44447e44fd00ced86ed6f728020db5bde43b276559bbd6c684e3de38773127ccb1a41c04b62d1b84bbbefc4e3797f9235465639093a1af75c48fe3fd9aa2c8b5fc224421063e4db0806ccb905d1e51868b986e187570698cca14f18d4eee4c27a7008f5270ed60d64901b3592a3e8e9622d727593b1f0919b8d4db0f248bbd86c0181745bc0244857b3e3ec77c67de1fa1d100110c82bb7d54dcf932746151fe586c9a21f8700b42d9f111138d1a05d4b6188c01b9c4caf3c4978fac4c8550209e9faf3c2b5ac341a6c4c6bf76d7829acd699491c4dc3d722de89fb61ad9f95762ef69e39fd6439787104192ae4ce635c6769d94117b35ad1e2657ea009c80398db677a233f53196837df4d7d4dde0cb64db18eaf35cfd804fea5ed530749364383de802e353c53d40b8ba3a94deb02eb194eebcd59547ab2fe6b2ddc6e414d5c3de155eb2dda066fa0e7c6fa85887e0f669152fba8425696e691aabff5564e3cdada1dc1206a98652c57b2f9f71d8b3fbf63982dd7a6f16f1f78055b35c71d7916fc3d1fe292c1162ada40d8f2bcf39932aa1cd0ac9edfb00958c3a9f557753ee1bc92396a0f3e1ce6724924ec1be423756d4a3ffa7221ecc462c4fe007a61156aa8dfe0dd275c442c46eb173e2410e98379eb2a331c2f98e938c4ec44267ac8888693927c31ea75990fcdc996e94f24fc7d3f55be8f6d5a2d89b306c91ac7b9c59e4a7a7d6a780d4b9689fe360e4f3a3fd666dc07c4e8e0bf2bd84d0bf1ed8b325d430978b12db5ff7d50fc647f108a6dbc5e53301eada7ce79d8e4d725e8bac4236b6ca9deaeb94d2d13c3c9497c6140ca29b8151b662ada26a828d5a57cb2575ae122f895d944066921cb9b512481ff513fb98e9cd2d6930fef261c63e8a5718faf0aff8fe2ad4ee46b7ecad80c53df4ff5772ae9ef0a045ab3fb057e0cc5cd74ba70c587a6e68cc26ea58f0db02eb5d343f93ff2cbdf5bff472809ae96542c6a944915f7e6c1f7fa0578e6e9ec9e97d04c91e16eb2e981ed3933c30680127af7c5ab5e7b63e38cd5a08b5a261087e889975bce240738352c3713deb6dec5eeae8cc65662ad0c6b4eb284a72666393285b9e6c72ca6c186466b42433808292533992c783bef553d2b1345c5259ec4247b6990cd5fe3fc3feaeefe9c09e54f810bf64bc769871eabd7a4bdb34a724014ad74831004a0812ecbdd2d9bdcd247c8bafd590b3e73ae0a27a3f5f6e26bca63e5fa16f2c09ac7f9e3bc3914c194b8508f7f74e5d260ee6236b92d111f5f01e45d4d085f7a42e1186cc0c9c018243a45353b134131498ff1db554973737d7367107062c31c2e9d78377253fbdd4a8b08c3947463d867f8370ef94e4594de45b7c4986be007670649fd454b3ff462f38ad4f03f24b284edc3c2c62be0c6afc2cc87d8724a2e3b7d4c407fa5d2cf54f2448ac3015afc30fdaa8e41132fc2da443338ee8748884f617f303cc30f183bc0d20276971e1360c308715d996654219ba3005dcc38a7d4d88e0207676c3ffe274ab81dd5c2b7c58d0bfda485e7db2ee1bcb051a4cb24c3b4985eee7dd88af447ee6f17f1ed9811fc27a8ba032beb07121e3f96f52df41f32c9d274afe7e47dae17b6ef72d820769a454ae020a8355c0274bed2af83837a2f583b2b9052f9da23254fb9f6d6fe33900e3c308a033c8965046eed403eb76c23b6a9f42afef025d4ce484368f89c5024f6aa031da5206f49ec487d230136befb08163505a22e3a5fd566cf97fbd2b4a5eaa56c10134c583243704c1b1913cc894877bdcba9fd8c6d4777089e09e104b83faae60eb392fe1ac58874030426cb9cecf1a65ac1b61706bed771f48f3f5a375b74a913aceba6d3a12ea467f5c10ce2a041b520aff666ac8378abac47ac9b51ae3e8d518d8cc7d6a0d213dbf9d9e00aa93311833cb6a11d904986b81778312ef35ae395943eb426cda855df1e8459983282fb0d4b24042c45b75c0f210d495c5ded2839c576a892198157acc2cc2cb67524497c2a9d74dd0e6b0a9a191aa22606fcf8eedad549fec099c2d9fb778f625bdb59dc56e584522ff1c7e87ea255665b5a9feb1d5aca99bac85f463993545a18b2d317df49d8bfc95bbd62f562151131b143462501302ead127f2f024eb3dd12bb7f3c3847769d777e939d5c6293be549db1314f1760e38db7e9cbaa287e8cffb20ed1dc0e2e06de69fcd7db6c1ef2abe63febffa00bdedb4733620be6359424a0bfe9181fef31b8916dc92a7abec0b5667d95e74fc923345beaf5da8329d7922dd46020e27f1c5173e37ed83ac78a88fa56415606fad4468ed0cf3056e9a06f201de2addfff9639443f63f28f476219902c61517cbfb72ca38384a6f5d5d75e65449479b3ade34a37572a54884928a429aa2147598f218d601fc5cedccf4a74f56ac169cf1d385dd88ba0721d73b71b15ee85b76df79281b6e6f5ec9de51f48cffa87cf8af8d2509a3b3766a02d9994f8e37b4d2b4c4d7eabfb40f67f917d4c6d4196400f24556e6719462d45dec21953358278b1bc8b0c54bec244b8965a6848c8b02174fc3f2bd110e2580a5d7526f2cfb4023b480a4f5b9cfe1e8a572718d0fbe21a29ffd1359adf3f34c09c204990c0d325605222a1f4bc76dce703f748633", 0x1000) [ 2051.106932][ T2773] ? find_held_lock+0x35/0x130 [ 2051.106961][ T2773] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2051.106984][ T2773] cache_grow_begin+0x9c/0x860 [ 2051.112791][ T2636] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2051.118131][ T2773] ? getname_flags+0xd6/0x5b0 [ 2051.118148][ T2773] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2051.118167][ T2773] kmem_cache_alloc+0x62d/0x6f0 [ 2051.118180][ T2773] ? find_held_lock+0x35/0x130 [ 2051.118200][ T2773] getname_flags+0xd6/0x5b0 [ 2051.118218][ T2773] do_renameat2+0x199/0xc40 [ 2051.118242][ T2773] ? user_path_create+0x50/0x50 [ 2051.118262][ T2773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2051.118278][ T2773] ? ksys_dup3+0x3e0/0x3e0 [ 2051.118298][ T2773] ? _copy_to_user+0xc9/0x120 [ 2051.126292][ T2636] Memory cgroup stats for /syz5: cache:52KB rss:204024KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204132KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2051.130556][ T2773] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2051.130573][ T2773] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2051.130587][ T2773] ? do_syscall_64+0x26/0x610 [ 2051.130604][ T2773] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2051.130624][ T2773] ? do_syscall_64+0x26/0x610 [ 2051.137011][ T2636] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=2440,uid=0 [ 2051.141175][ T2773] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2051.141196][ T2773] __x64_sys_rename+0x61/0x80 [ 2051.141215][ T2773] do_syscall_64+0x103/0x610 [ 2051.141235][ T2773] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2051.148696][ T2636] Memory cgroup out of memory: Killed process 2440 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 2051.152750][ T2773] RIP: 0033:0x2000000a [ 2051.152777][ T2773] Code: Bad RIP value. [ 2051.152786][ T2773] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000052 [ 2051.165234][ T1044] oom_reaper: reaped process 2440 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 2051.168620][ T2773] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2051.168630][ T2773] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2051.168639][ T2773] RBP: 000000000000004b R08: 0000000000000005 R09: 0000000000000006 [ 2051.168647][ T2773] R10: 0000000000000007 R11: 0000000000000202 R12: 000000000000000b [ 2051.168663][ T2773] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2051.187928][ T2717] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2051.239960][ T2717] CPU: 0 PID: 2717 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2051.261446][ T2717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2051.261453][ T2717] Call Trace: [ 2051.261478][ T2717] dump_stack+0x172/0x1f0 [ 2051.261499][ T2717] dump_header+0x10f/0xb6c [ 2051.276024][ T2717] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2051.276041][ T2717] ? ___ratelimit+0x60/0x595 [ 2051.276062][ T2717] ? do_raw_spin_unlock+0x57/0x270 [ 2051.276081][ T2717] oom_kill_process.cold+0x10/0x15 [ 2051.276097][ T2717] out_of_memory+0x79a/0x1280 [ 2051.276120][ T2717] ? oom_killer_disable+0x280/0x280 [ 2051.276132][ T2717] ? find_held_lock+0x35/0x130 [ 2051.276155][ T2717] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2051.295859][ T2717] ? memcg_event_wake+0x230/0x230 [ 2051.295882][ T2717] ? do_raw_spin_unlock+0x57/0x270 [ 2051.295896][ T2717] ? _raw_spin_unlock+0x2d/0x50 [ 2051.295911][ T2717] try_charge+0x102c/0x15c0 [ 2051.295922][ T2717] ? find_held_lock+0x35/0x130 [ 2051.295942][ T2717] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2051.295954][ T2717] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2051.295967][ T2717] ? find_held_lock+0x35/0x130 [ 2051.295982][ T2717] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2051.296009][ T2717] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2051.296033][ T2717] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2051.296051][ T2717] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2051.296073][ T2717] __memcg_kmem_charge+0x136/0x300 [ 2051.296092][ T2717] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2051.296115][ T2717] ? __pud_alloc+0x1d3/0x250 [ 2051.304258][ T2717] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2051.508436][ T2717] ? __pud_alloc+0x1d3/0x250 [ 2051.508465][ T2717] ? lock_downgrade+0x880/0x880 [ 2051.508486][ T2717] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2051.518975][ T2717] alloc_pages_current+0x107/0x210 [ 2051.518991][ T2717] ? do_raw_spin_unlock+0x57/0x270 [ 2051.519009][ T2717] __pmd_alloc+0x41/0x460 [ 2051.519020][ T2717] ? pmd_val+0x100/0x100 [ 2051.519035][ T2717] pmd_alloc+0x10c/0x180 [ 2051.519052][ T2717] copy_page_range+0x62e/0x1f90 [ 2051.519099][ T2717] ? pmd_alloc+0x180/0x180 [ 2051.519112][ T2717] ? vma_compute_subtree_gap+0x158/0x230 [ 2051.519127][ T2717] ? validate_mm_rb+0xa3/0xc0 [ 2051.519144][ T2717] ? __vma_link_rb+0x279/0x370 [ 2051.519164][ T2717] copy_process.part.0+0x568b/0x7980 [ 2051.519211][ T2717] ? __cleanup_sighand+0x60/0x60 [ 2051.602837][ T2717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2051.609167][ T2717] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2051.615415][ T2717] ? getname_flags+0x300/0x5b0 [ 2051.620174][ T2717] ? getname_flags+0x300/0x5b0 [ 2051.624932][ T2717] ? rcu_read_lock_sched_held+0x110/0x130 [ 2051.630654][ T2717] ? kmem_cache_free+0x225/0x260 [ 2051.635594][ T2717] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2051.641483][ T2717] _do_fork+0x257/0xfd0 [ 2051.645643][ T2717] ? fork_idle+0x1d0/0x1d0 [ 2051.650066][ T2717] ? __ia32_sys_mkdir+0x80/0x80 [ 2051.654913][ T2717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2051.660365][ T2717] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2051.665818][ T2717] ? do_syscall_64+0x26/0x610 [ 2051.670586][ T2717] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2051.676650][ T2717] ? do_syscall_64+0x26/0x610 [ 2051.681311][ T2717] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2051.686606][ T2717] __ia32_sys_fork+0x1f/0x30 [ 2051.691232][ T2717] do_syscall_64+0x103/0x610 [ 2051.695813][ T2717] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2051.701691][ T2717] RIP: 0033:0x2000000a [ 2051.705767][ T2717] Code: Bad RIP value. [ 2051.709838][ T2717] RSP: 002b:00007f71d9357bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2051.718255][ T2717] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2051.726228][ T2717] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000204001a [ 2051.734199][ T2717] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2051.742156][ T2717] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2051.750122][ T2717] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2051.759738][ T2717] memory: usage 307200kB, limit 307200kB, failcnt 9431 [ 2051.768451][ T2717] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2051.776279][ T2717] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2051.783186][ T2717] Memory cgroup stats for /syz1: cache:108KB rss:130412KB rss_huge:65536KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:124220KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2051.805480][ T2717] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=20335,uid=0 [ 2051.820973][ T2717] Memory cgroup out of memory: Killed process 20335 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 2051.837721][ T1044] oom_reaper: reaped process 20335 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2051.839965][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 05:06:21 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) write$P9_RWRITE(r0, &(0x7f00000003c0)={0xb, 0x77, 0x1, 0x515}, 0xb) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f0000000540)) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) mount(&(0x7f0000000400)=@md0='/dev/md0\x00', &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='nfs4\x00', 0x810000, &(0x7f0000000500)='9\x00') recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:21 executing program 2: r0 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0x80, 0x80) fsetxattr$security_smack_transmute(r0, &(0x7f0000000300)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000340)='TRUE', 0x4, 0x3) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x0, 0x0) open$dir(&(0x7f0000000380)='./file0\x00', 0x840, 0x101) sendto$rxrpc(r1, &(0x7f0000000180)="df3c998449cba0b03cb4bbbd6da9003c723b81f135a4bc9599dad19f8ceed8c3291cdbf038e2a4d92880506923d7c0cc5394abc79aa5f75f8220e4e7a3cb0e165eb7ec75e8cfd16755e42cbb4839fd50460a2ad0d001bf352686d6e7c2bd6e585da5778812dddb0ab2b33c856cfa91612771bd064811fcca206cb0ab3f3c3e6ea14d2a635c0c90d89ae872d809cd8326ad1f62fa82b947cfad0ea3a016b30c3480a291fd30ccf5df97b26e68bc8f599a2eafe13ee1f04f3f297e70ba0f95da1d5298", 0xc2, 0x8000, &(0x7f0000000280)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x800, @rand_addr="3f0e82561eb45f9c2aaffab14e9f5181", 0x800}}, 0x24) prctl$PR_SET_TSC(0x1a, 0x1) sendto$inet(r0, &(0x7f00000003c0)="5504058449ecf69ecf9632b5e546", 0xe, 0x0, &(0x7f0000000400)={0x2, 0x4e20, @multicast2}, 0x10) 05:06:21 executing program 0: socket$inet_sctp(0x2, 0x5, 0x84) r0 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x10, &(0x7f00000002c0)={&(0x7f0000000200)=""/188, 0xbc, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000380)={r0, 0x10, &(0x7f0000000340)={&(0x7f0000000140)=""/154, 0x9a, r1}}, 0x10) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x44180, 0x0) ioctl$DRM_IOCTL_IRQ_BUSID(r2, 0xc0106403, &(0x7f0000000080)={0x2, 0x9c, 0xfffffffffffffffd, 0x4}) syz_execute_func(&(0x7f0000000a00)="f00fbabd00000421194a2ae92c02b64c0f05bf040000008fe92898fb41e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c6086114add0d083397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efa76766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc472c1f8ae9c32250000006d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd23e47d865c2f3460f2ad0f30f5ea5a9a50000ffff660f79caeb153131b83a00a2f1fbfb766208cf") ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f00000000c0)=0xa5) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:21 executing program 4 (fault-call:0 fault-nth:8): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2051.882449][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2051.890474][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2051.900536][ T7890] Call Trace: [ 2051.903839][ T7890] dump_stack+0x172/0x1f0 [ 2051.903861][ T7890] dump_header+0x10f/0xb6c [ 2051.903879][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2051.903902][ T7890] ? ___ratelimit+0x60/0x595 [ 2051.923111][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2051.928252][ T7890] oom_kill_process.cold+0x10/0x15 [ 2051.933388][ T7890] out_of_memory+0x79a/0x1280 [ 2051.938086][ T7890] ? oom_killer_disable+0x280/0x280 [ 2051.943298][ T7890] ? find_held_lock+0x35/0x130 [ 2051.948082][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2051.948098][ T7890] ? memcg_event_wake+0x230/0x230 [ 2051.948121][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2051.948138][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2051.948160][ T7890] try_charge+0xa87/0x15c0 [ 2051.973084][ T7890] ? find_held_lock+0x35/0x130 [ 2051.977877][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2051.983431][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2051.988994][ T7890] ? find_held_lock+0x35/0x130 [ 2051.993768][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2051.999348][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2052.004908][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2052.010121][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2052.015681][ T7890] __memcg_kmem_charge+0x136/0x300 [ 2052.020819][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2052.026214][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2052.031959][ T7890] ? copy_page_range+0x125a/0x1f90 [ 2052.037082][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2052.043347][ T7890] alloc_pages_current+0x107/0x210 [ 2052.048496][ T7890] pte_alloc_one+0x1b/0x1a0 [ 2052.053018][ T7890] __pte_alloc+0x20/0x310 [ 2052.057381][ T7890] copy_page_range+0x1529/0x1f90 [ 2052.062330][ T7890] ? find_held_lock+0x35/0x130 [ 2052.067124][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2052.073413][ T7890] ? pmd_alloc+0x180/0x180 [ 2052.077847][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 2052.083314][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 2052.088025][ T7890] ? __vma_link_rb+0x279/0x370 [ 2052.092802][ T7890] copy_process.part.0+0x568b/0x7980 [ 2052.098127][ T7890] ? __cleanup_sighand+0x60/0x60 [ 2052.103095][ T7890] _do_fork+0x257/0xfd0 [ 2052.107469][ T7890] ? fork_idle+0x1d0/0x1d0 [ 2052.111912][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2052.117405][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2052.122881][ T7890] ? do_syscall_64+0x26/0x610 [ 2052.127570][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2052.133647][ T7890] ? do_syscall_64+0x26/0x610 [ 2052.138348][ T7890] __x64_sys_clone+0xbf/0x150 [ 2052.143054][ T7890] do_syscall_64+0x103/0x610 [ 2052.147661][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2052.153566][ T7890] RIP: 0033:0x45737a [ 2052.157468][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2052.177120][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2052.185549][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2052.193531][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2052.201513][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2052.209494][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2052.217474][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2052.229080][ T2799] FAULT_INJECTION: forcing a failure. 05:06:22 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a002302c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2052.229080][ T2799] name failslab, interval 1, probability 0, space 0, times 0 05:06:22 executing program 0: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x1, 0x0) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000180)={0x37c4e27a, 0x1c, 0xffff}) syz_execute_func(&(0x7f0000000580)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c000000c00fc7a4ea70db00fc0000000f383a9e02000000110f4e5bc4a265aa104b26660f38091ea2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2052.293219][ T2799] CPU: 0 PID: 2799 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2052.301262][ T2799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2052.301275][ T2799] Call Trace: [ 2052.314638][ T2799] dump_stack+0x172/0x1f0 [ 2052.318981][ T2799] should_fail.cold+0xa/0x15 [ 2052.323594][ T2799] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2052.329433][ T2799] ? ___might_sleep+0x163/0x280 [ 2052.334298][ T2799] __should_failslab+0x121/0x190 [ 2052.339258][ T2799] should_failslab+0x9/0x14 [ 2052.343776][ T2799] kmem_cache_alloc+0x2b2/0x6f0 [ 2052.348643][ T2799] ? kasan_check_read+0x11/0x20 [ 2052.353510][ T2799] getname_flags+0xd6/0x5b0 [ 2052.358034][ T2799] user_path_at_empty+0x2f/0x50 [ 2052.362904][ T2799] path_listxattr+0x98/0x160 [ 2052.367500][ T2799] ? listxattr+0x150/0x150 [ 2052.367519][ T2799] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2052.367535][ T2799] ? do_syscall_64+0x26/0x610 [ 2052.367553][ T2799] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2052.367566][ T2799] ? do_syscall_64+0x26/0x610 [ 2052.367592][ T2799] __x64_sys_listxattr+0x78/0xb0 [ 2052.367611][ T2799] do_syscall_64+0x103/0x610 [ 2052.367635][ T2799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2052.367648][ T2799] RIP: 0033:0x2000000a [ 2052.367672][ T2799] Code: Bad RIP value. [ 2052.367680][ T2799] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000282 ORIG_RAX: 00000000000000c2 [ 2052.424881][ T2799] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2052.432849][ T2799] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 05:06:22 executing program 2: syz_execute_func(&(0x7f0000000280)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2052.440818][ T2799] RBP: 00000000000000bb R08: 0000000000000005 R09: 0000000000000006 [ 2052.448792][ T2799] R10: 0000000000000007 R11: 0000000000000282 R12: 000000000000000b [ 2052.456853][ T2799] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2052.477916][ T2812] Unknown ioctl 19270 [ 2052.615643][ T7890] memory: usage 307004kB, limit 307200kB, failcnt 3290 [ 2052.631505][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2052.640397][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2052.658817][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:204024KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204096KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2052.702580][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18128,uid=0 [ 2052.738581][ T7890] Memory cgroup out of memory: Killed process 18128 (syz-executor.5) total-vm:72448kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB 05:06:22 executing program 4 (fault-call:0 fault-nth:9): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2052.806157][ T1044] oom_reaper: reaped process 18128 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 2052.832119][ T2636] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 05:06:22 executing program 0: syz_execute_func(&(0x7f0000000140)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426b8f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) ioctl$PPPIOCSMRRU(0xffffffffffffffff, 0x4004743b, &(0x7f0000000080)=0x1) [ 2052.886319][ T2925] FAULT_INJECTION: forcing a failure. [ 2052.886319][ T2925] name failslab, interval 1, probability 0, space 0, times 0 [ 2052.923726][ T2925] CPU: 1 PID: 2925 Comm: syz-executor.4 Not tainted 5.1.0-rc7+ #100 [ 2052.931770][ T2925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2052.941847][ T2925] Call Trace: [ 2052.945173][ T2925] dump_stack+0x172/0x1f0 [ 2052.949538][ T2925] should_fail.cold+0xa/0x15 [ 2052.955748][ T2925] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2052.961580][ T2925] ? ___might_sleep+0x163/0x280 [ 2052.966455][ T2925] __should_failslab+0x121/0x190 [ 2052.971408][ T2925] should_failslab+0x9/0x14 [ 2052.975953][ T2925] kmem_cache_alloc+0x2b2/0x6f0 [ 2052.980824][ T2925] getname_flags+0xd6/0x5b0 [ 2052.985351][ T2925] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2052.991091][ T2925] user_path_at_empty+0x2f/0x50 [ 2052.995959][ T2925] do_linkat+0x13f/0x770 [ 2053.000221][ T2925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2053.006474][ T2925] ? __ia32_sys_symlink+0x80/0x80 [ 2053.011513][ T2925] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2053.017769][ T2925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2053.023244][ T2925] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2053.028713][ T2925] ? do_syscall_64+0x26/0x610 [ 2053.033401][ T2925] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2053.039479][ T2925] ? do_syscall_64+0x26/0x610 [ 2053.044177][ T2925] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2053.049479][ T2925] __x64_sys_link+0x61/0x80 [ 2053.053997][ T2925] do_syscall_64+0x103/0x610 [ 2053.058605][ T2925] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2053.064505][ T2925] RIP: 0033:0x2000000a [ 2053.068589][ T2925] Code: Bad RIP value. [ 2053.072658][ T2925] RSP: 002b:00007fa0cedd9bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000056 [ 2053.081079][ T2925] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2053.089058][ T2925] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000029 [ 2053.097042][ T2925] RBP: 000000000000004f R08: 0000000000000005 R09: 0000000000000006 [ 2053.105024][ T2925] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2053.113005][ T2925] R13: 000000000000000c R14: 000000000000000d R15: 0000000000000003 [ 2053.121013][ T2636] CPU: 0 PID: 2636 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2053.129009][ T2636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2053.139075][ T2636] Call Trace: [ 2053.142394][ T2636] dump_stack+0x172/0x1f0 [ 2053.146742][ T2636] dump_header+0x10f/0xb6c [ 2053.151172][ T2636] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2053.156995][ T2636] ? ___ratelimit+0x60/0x595 [ 2053.161715][ T2636] ? do_raw_spin_unlock+0x57/0x270 [ 2053.166844][ T2636] oom_kill_process.cold+0x10/0x15 [ 2053.171965][ T2636] out_of_memory+0x79a/0x1280 [ 2053.176645][ T2636] ? oom_killer_disable+0x280/0x280 [ 2053.181842][ T2636] ? find_held_lock+0x35/0x130 [ 2053.181870][ T2636] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2053.181885][ T2636] ? memcg_event_wake+0x230/0x230 [ 2053.181909][ T2636] ? do_raw_spin_unlock+0x57/0x270 [ 2053.202329][ T2636] ? _raw_spin_unlock+0x2d/0x50 [ 2053.207287][ T2636] try_charge+0x102c/0x15c0 [ 2053.207303][ T2636] ? find_held_lock+0x35/0x130 [ 2053.207327][ T2636] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2053.207355][ T2636] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2053.222137][ T2636] ? find_held_lock+0x35/0x130 [ 2053.222154][ T2636] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2053.222180][ T2636] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2053.232470][ T2636] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2053.232491][ T2636] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2053.232510][ T2636] __memcg_kmem_charge+0x136/0x300 [ 2053.232531][ T2636] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2053.232551][ T2636] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2053.270528][ T2636] ? save_stack+0xa9/0xd0 [ 2053.274879][ T2636] ? kmem_cache_alloc+0x11a/0x6f0 [ 2053.279910][ T2636] ? anon_vma_fork+0x1ea/0x4a0 05:06:23 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000810f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:23 executing program 0: r0 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x5, 0x404000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000180)=[@in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e20, 0x7, @rand_addr="71a1e5007d6c17fdb0db15db9d5e62b3", 0x5}, @in6={0xa, 0x4e22, 0x0, @mcast1, 0x100000001}, @in6={0xa, 0x4e21, 0x0, @rand_addr="863b6b826cc3ce03850ee9983bdb3eb0", 0x80000001}, @in6={0xa, 0x4e24, 0x6, @remote, 0x6}, @in6={0xa, 0x4e21, 0x0, @remote, 0x5}, @in={0x2, 0x4e24, @rand_addr=0x14000000000}, @in6={0xa, 0x4e22, 0xfffffffffffffffe, @empty, 0x10001}], 0xc8) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:23 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) pidfd_send_signal(r0, 0x25, &(0x7f00000003c0)={0x1c, 0x9}, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:23 executing program 4 (fault-call:0 fault-nth:10): syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2053.284682][ T2636] ? copy_process.part.0+0x350f/0x7980 [ 2053.290159][ T2636] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2053.296425][ T2636] alloc_pages_current+0x107/0x210 [ 2053.301563][ T2636] get_zeroed_page+0x14/0x50 [ 2053.306160][ T2636] __pud_alloc+0x3b/0x250 [ 2053.310498][ T2636] pud_alloc+0xde/0x150 [ 2053.314670][ T2636] copy_page_range+0x375/0x1f90 [ 2053.319532][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2053.325793][ T2636] ? debug_smp_processor_id+0x3c/0x280 [ 2053.331280][ T2636] ? copy_process.part.0+0x3121/0x7980 [ 2053.336756][ T2636] ? copy_process.part.0+0x3121/0x7980 [ 2053.336783][ T2636] ? pmd_alloc+0x180/0x180 [ 2053.336795][ T2636] ? vma_compute_subtree_gap+0x158/0x230 [ 2053.336810][ T2636] ? validate_mm_rb+0xa3/0xc0 [ 2053.336825][ T2636] ? __vma_link_rb+0x279/0x370 [ 2053.336846][ T2636] copy_process.part.0+0x568b/0x7980 [ 2053.336890][ T2636] ? __cleanup_sighand+0x60/0x60 [ 2053.336905][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2053.336927][ T2636] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2053.346789][ T2636] ? getname_flags+0x300/0x5b0 [ 2053.346806][ T2636] ? getname_flags+0x300/0x5b0 [ 2053.346827][ T2636] ? rcu_read_lock_sched_held+0x110/0x130 [ 2053.346847][ T2636] ? kmem_cache_free+0x225/0x260 [ 2053.346860][ T2636] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2053.346880][ T2636] _do_fork+0x257/0xfd0 [ 2053.346905][ T2636] ? fork_idle+0x1d0/0x1d0 [ 2053.346920][ T2636] ? __ia32_sys_mkdir+0x80/0x80 [ 2053.346941][ T2636] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2053.429596][ T2636] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2053.435076][ T2636] ? do_syscall_64+0x26/0x610 [ 2053.439762][ T2636] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2053.445835][ T2636] ? do_syscall_64+0x26/0x610 [ 2053.450520][ T2636] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2053.455822][ T2636] __ia32_sys_fork+0x1f/0x30 [ 2053.460421][ T2636] do_syscall_64+0x103/0x610 [ 2053.465030][ T2636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2053.470941][ T2636] RIP: 0033:0x2000000a [ 2053.475025][ T2636] Code: Bad RIP value. [ 2053.479096][ T2636] RSP: 002b:00007fec78bdfbd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 05:06:23 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000204c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2053.487520][ T2636] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2053.495492][ T2636] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 0000000000000011 [ 2053.503465][ T2636] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2053.511454][ T2636] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2053.519430][ T2636] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff 05:06:23 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mISDNtimer\x00', 0x8900, 0x0) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:23 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:23 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00000ac4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2053.766139][ T2636] memory: usage 307172kB, limit 307200kB, failcnt 3302 [ 2053.782632][ T2636] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:23 executing program 0: syz_execute_func(&(0x7f0000000200)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x2000, 0x0) write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000180)={0x2a, 0x6, 0x0, {0x5, 0x6, 0x1, 0x0, ']'}}, 0x2a) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000001c0)={r0, r0, 0xf, 0x1}, 0x10) [ 2053.825605][ T2636] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2053.906531][ T2636] Memory cgroup stats for /syz5: cache:52KB rss:204144KB rss_huge:157696KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:204144KB inactive_file:0KB active_file:0KB unevictable:0KB 05:06:23 executing program 4: syz_execute_func(&(0x7f0000000000)="984a2ae92c02b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:24 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00000bc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2054.031022][ T2636] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26992,uid=0 05:06:24 executing program 2: syz_execute_func(&(0x7f0000000280)="994a2ae92c02b64c0f05bf0a000000c4e2d1f79a3223333340e2e9fc55fc55e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0f4aaf1c62abe465f20f7cd8a1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436c7aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000660f79ca553131b83a00a2f1c401777c12ecc27dacefe5648c006000c2766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2054.124239][ T2636] Memory cgroup out of memory: Killed process 26992 (syz-executor.5) total-vm:72448kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 2054.256914][ T3063] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2054.337100][ T3063] CPU: 1 PID: 3063 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2054.345141][ T3063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2054.355209][ T3063] Call Trace: [ 2054.358520][ T3063] dump_stack+0x172/0x1f0 [ 2054.362871][ T3063] dump_header+0x10f/0xb6c [ 2054.367298][ T3063] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2054.373124][ T3063] ? ___ratelimit+0x60/0x595 [ 2054.377726][ T3063] ? do_raw_spin_unlock+0x57/0x270 [ 2054.377746][ T3063] oom_kill_process.cold+0x10/0x15 [ 2054.377763][ T3063] out_of_memory+0x79a/0x1280 [ 2054.377786][ T3063] ? oom_killer_disable+0x280/0x280 [ 2054.377804][ T3063] ? find_held_lock+0x35/0x130 [ 2054.388031][ T3063] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2054.388046][ T3063] ? memcg_event_wake+0x230/0x230 [ 2054.388068][ T3063] ? do_raw_spin_unlock+0x57/0x270 [ 2054.388085][ T3063] ? _raw_spin_unlock+0x2d/0x50 [ 2054.388108][ T3063] try_charge+0xa87/0x15c0 [ 2054.427631][ T3063] ? find_held_lock+0x35/0x130 [ 2054.432510][ T3063] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2054.438039][ T3063] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2054.443569][ T3063] ? find_held_lock+0x35/0x130 [ 2054.448313][ T3063] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2054.453877][ T3063] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2054.459409][ T3063] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2054.464589][ T3063] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2054.470114][ T3063] __memcg_kmem_charge+0x136/0x300 [ 2054.475251][ T3063] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2054.480606][ T3063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2054.486831][ T3063] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2054.492533][ T3063] ? copy_process.part.0+0x1d08/0x7980 [ 2054.497976][ T3063] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2054.503244][ T3063] ? trace_hardirqs_on+0x67/0x230 [ 2054.508250][ T3063] ? kasan_check_read+0x11/0x20 [ 2054.513094][ T3063] copy_process.part.0+0x3e0/0x7980 [ 2054.518275][ T3063] ? psi_memstall_leave+0x11c/0x180 [ 2054.523586][ T3063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2054.529046][ T3063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2054.534492][ T3063] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2054.539763][ T3063] ? retint_kernel+0x2d/0x2d [ 2054.544348][ T3063] ? trace_hardirqs_on_caller+0x6a/0x220 [ 2054.549985][ T3063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2054.555432][ T3063] ? __cleanup_sighand+0x60/0x60 [ 2054.560381][ T3063] ? __lock_acquire+0x548/0x3fb0 [ 2054.565303][ T3063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2054.571525][ T3063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2054.577750][ T3063] ? debug_smp_processor_id+0x3c/0x280 [ 2054.583214][ T3063] _do_fork+0x257/0xfd0 [ 2054.587375][ T3063] ? fork_idle+0x1d0/0x1d0 [ 2054.591795][ T3063] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2054.597844][ T3063] ? lock_downgrade+0x880/0x880 [ 2054.602682][ T3063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2054.608931][ T3063] ? blkcg_exit_queue+0x30/0x30 [ 2054.613777][ T3063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2054.619254][ T3063] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2054.624791][ T3063] ? do_syscall_64+0x26/0x610 [ 2054.629457][ T3063] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2054.635508][ T3063] ? do_syscall_64+0x26/0x610 [ 2054.640192][ T3063] __x64_sys_clone+0xbf/0x150 [ 2054.644863][ T3063] do_syscall_64+0x103/0x610 [ 2054.649440][ T3063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2054.655314][ T3063] RIP: 0033:0x45b779 [ 2054.659195][ T3063] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2054.678780][ T3063] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2054.687174][ T3063] RAX: ffffffffffffffda RBX: 00007fec78bbf700 RCX: 000000000045b779 [ 2054.695130][ T3063] RDX: 00007fec78bbf9d0 RSI: 00007fec78bbedb0 RDI: 00000000003d0f00 [ 2054.703085][ T3063] RBP: 0000000000a4fcb0 R08: 00007fec78bbf700 R09: 00007fec78bbf700 [ 2054.711040][ T3063] R10: 00007fec78bbf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 2054.719017][ T3063] R13: 0000000000a4fb4f R14: 00007fec78bbf9c0 R15: 000000000073bfac [ 2054.729473][ T3063] memory: usage 305104kB, limit 307200kB, failcnt 3302 [ 2054.736531][ T3063] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2054.744087][ T3063] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2054.750996][ T3063] Memory cgroup stats for /syz5: cache:52KB rss:202000KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:201984KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2054.773062][ T3063] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3053,uid=0 05:06:24 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000bc0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:24 executing program 2: syz_execute_func(&(0x7f0000000500)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e22ac422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:24 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c03b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:24 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00000cc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2054.788259][ T3063] Memory cgroup out of memory: Killed process 3053 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 2054.805161][ T1044] oom_reaper: reaped process 3053 (syz-executor.5), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 05:06:24 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) openat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x2) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:24 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f00000001c0)={0x20}, 0x20) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x184c1, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3) write$UHID_DESTROY(r0, &(0x7f0000000180), 0x4) 05:06:25 executing program 2: syz_execute_func(&(0x7f00000003c0)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c6086521f2adad83397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = open(&(0x7f0000000080)='./file0\x00', 0x80, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) getresuid(&(0x7f0000000100), &(0x7f0000000280), &(0x7f0000000200)=0x0) r3 = gettid() getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002840)={{{@in6=@remote, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@remote}}, &(0x7f0000000340)=0xe8) lstat(&(0x7f0000002e80)='./file0\x00', &(0x7f0000002940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000029c0)=0x0) fstat(0xffffffffffffff9c, &(0x7f0000002a00)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffff9c, &(0x7f0000002a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r9 = getpgid(0xffffffffffffffff) lstat(&(0x7f0000002b00)='./file0\x00', &(0x7f0000002b40)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getgid() r12 = syz_open_dev$binder(&(0x7f0000000380)='/dev/binder#\x00', 0x0, 0x7ff) r13 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000002c00)='/proc/self/attr/keycreate\x00', 0x2, 0x0) r14 = openat$cgroup(0xffffffffffffffff, &(0x7f0000002c40)='syz1\x00', 0x200002, 0x0) r15 = socket$nl_netfilter(0x10, 0x3, 0xc) r16 = perf_event_open$cgroup(&(0x7f0000002cc0)={0x7, 0x70, 0x7, 0x400000038, 0x1, 0xbf8, 0x0, 0x9, 0x28040, 0xc, 0x1, 0x3, 0x40008000000, 0x80000001, 0xffffffffffffffc0, 0x200, 0x0, 0x1000, 0x832, 0x5, 0x800000076, 0x20, 0x6, 0x28e, 0xffffffff, 0xfffffffffffffffc, 0x1f, 0x3, 0x0, 0x1ff, 0x400, 0xffff, 0xa621, 0x9, 0xffff, 0x1ff, 0x6, 0x4800000000, 0x0, 0x405, 0x4, @perf_bp={&(0x7f0000002c80), 0x1}, 0x40, 0x8, 0x1, 0x12, 0x8001, 0x9, 0x3}, 0xffffffffffffff9c, 0x10, 0xffffffffffffff9c, 0x4) r17 = socket$inet_smc(0x2b, 0x1, 0x0) r18 = socket$key(0xf, 0x3, 0x2) r19 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000002d40)='/dev/ubi_ctrl\x00', 0x2, 0x0) r20 = dup(0xffffffffffffff9c) sendmsg$netlink(r0, &(0x7f0000002e40)={&(0x7f00000000c0)=@kern={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="182200002e00000225fd70a10400000000000000080300000000000008002200", @ANYRES32=r1, @ANYBLOB="140039000000000000000000000000000000000108001400ff010000d8213100d37bafae6ccc07deca71aa1cbd4e3676ef475254d046db0dd8a8694574a3fe6eccb46bab6f3148c2ca5553390084f12d433fc7b2b4b8b6e2609eda25e8120906a154a728d6b3936a2514bc68dec1fcd25dffa60ce307da0b59d1bf0ab10c0aeb9e286db46c2d17b22b151692d95e05b65fa3d207c23a5ecce6ad38ac0bb10b70cbfcb60ce1454489cd028a53c73892ddcf81f5658f9d78178260e5ef52b3affacfa355da8d6de28976d61843cf7d03a2572295ad86d00801ae9f84bd5855783e7c1bb763d06caa68ef39735552038a763ddd6c0fa84e3e69bea7ae88d03e680ea45eccc37134ce1fe0385789be0c5ee3633d9e49630ce6ba74bcfeac271d93c257bc2016ea79a4e7fffab8e019f67d0cf205ebae266c2bb720cffcff94e08832ee568996fe9f7430a4be1d713eaf6c1f7820c6c030b6962033ef3b679ebd198d25d4c8c886a77ba82dcdfeb6508755167c81bafa8ad0027c7c03c3884835fce3888720f236a13f31f30cf2dd1424e6bcebb2fd6aa087db8c023be8471a4ce25aba49f0501081b9a7d5d0f6ba29b75879f5a5f26b4e1a4aeeed15d35ef8b89fca146bb05c34544bdd050f21e830ab025dc78bd17d0f9880fe6e75f5ce3d02fd44f09a0e0683fa20887abc3b29df8d121ff08478b4bb629adc5b104bc7a12fdb98996c832bc35e33b71095beed7935358315726177f33983464e7c6a0013adc78c67bc7003b99077f9af6f9884f39b6223e4b8df8a48a881ca58507b0d2d3d05750d737f2a5bab102a7e15e0bbd5ae95c05f34b3ac715bdd0b41cbfe2da8e6cb742373c2183f346db5073aef3fce9bbf431ca3e9ab1f072379316de184d8deb128922b2f26c691afcded262080d67fabeb2adadbf13811ae18da5d5267801293b370565e6c9ce84aa5e25675e9cc0c79259a81fca508c6641946aff5decd32bdf9cd9dcdc91ee1847003aa7eb21ff48bfccaba7793630e5fa5aec519d2f53b96a08535403eaa264aab138507cf2d42b85de8c3a2d040e1c70635b36947dbeafdde1ca7915afaffeb67dfe6631200330cab198ed113c83c75b618f68511a0282f04276a4cefe4d6c2f91d66c03a7d16501faffc69f6d3c1912599342df0d96bdade3e9b1caff6f3107104cca6cd11b8b34252798327789915ced22c9eb0fa3dbd391f2cf824e1407abd439954bc3907c92eb2c1bc252526eee27106e6165d615d16ff3cbad424c4ef2374e94dfa7a56eba42e7dd95593f149d09de926b4605fb29a42b471da90ac4253d6f8cf9016ed310cd337178e2232097e941dbe13a6e6999ff9624a824c846e91e7456646652249397a87975899215d0173c632c6e81cd81484eaadad35a34053b1a1a22df7dcf7825383a0e0c586b34de7fccd211b0f9d72a6d813b252fa899cd72c6e92ff3363f3840e12df7444eed97db2445cca9ffe2117caea066814197bc539deb6bca286f78ff9e85c8764d4306f1335fd3c7a5a40babd03edf1f4490ce2d45e0d7dec8bca63b750d71291cf6c824f9347fcec514dafd6a54685ac502664911a18e52fc1d2ac81a3ec5d6487c83aae996769019331ea22c475b59c1f9e51098ad9b2bf8441cfdec6037ca68f4873eff77b3880cbf818ada73501a31bc8e57da5fc63f51f11cff561e2366eb8841ed5257876e161557f965057c38fe811b8845d8cae6529b543e20d698a70fea0ffc9c93e24174adb65aaae5eea49ee4b2793470945930703ee60dbe5bfe4bb1bb10408223f8b8f68d9b1f03cc9102b95a35ce5992d953437f4a27d1c79b714cf4ccc0b3bc5bd2d309052d731c1f9b4f284fb646451569cc8dc8e5d4e14c8b9c840df0cd3f153430c2cd0379383d110e8b677e26340f5d742045c8d44cfb9fa7ec04b1c3af87bcaa772f4114ad7fef9ae52e561947b09986bdb81e96d82fb62681ce9a2bb411433e83df97088c2205ea52ffae8167eb920422d5419973747c2b8d27ffa63458c9ec3ddeb8ebdf68c1893141abc0833ebc31e729bd420ce1771eef5832e9f3a202f3f3ec71a4223b02bfc1d72915e7f400f13163cbb757db17159179e9abaed0c7b29f1fdb7322e799373894dc443950fbb78593f00414f34198b344e47a769f72e4ab85f3a6c920237921381941f0f7197629ff140126fd28ec0b361708b80c7342e993e25c9a1e749fc14b212715d0ff7a8b828aa71521ffa27b9b6c14c80296a21b2893c92f1551b6b6ae20d03afe8d69690ccb0fd19361ff7e48399fd72dd687e1b180fe03f5955d1aa2ede1b6d5c6e4eb684d4868ec5d7766196422c33792aaf35c68751819c7628a1fba05f5dc70cc3e12555f7ed9751ceb865f82591d8fadb0031420a8c8054a48d318c7850d057017a2dc3a14ec5f89ae3a862b9f5843873f417e25acc1e3dd57f0f9b14cefbf3dbc0e1b377a7aa7966aab7dafb601371fa35dab271129c4fc363a1774d79724d4b08b80033d8bdc2076281c8fcc46008d326007402e56bfcff09d94bab9d8909fd40194270da4b86556738f90b0071c717f8f04803a257e3464410ee1ef0a97d7810a7a8af3a9f8748c5ddf13788a8ea5c52678695bb416a22bb00c007e0882d59818e6efc77ac70cd6f73054d8f3f51af488009790d45ccc253c91cc792a7145c20983588975329a29eb56aa4d89b8dffa08eb5958043b85b71c5fb9383d041073e92149c193b65b708aece91b3a1d4389418b9d8c9fd7f07459bc8381a691bff378e7512c387ff14f0a96b84f31b78c9f68c779a9f48744a80453cddc28eef14f4dd8465562f8759bf22cadc2902e430d5316a7697054fa96093ce58b581569f4f4f72e9b9d45522425e05bdd918352b369776f6c0f051d6211f89fce8877f7a6ffb2142195659f182387985cccdc847c55a5b66210647a4c8f997794c1084dd53b465c5b414b1fae5dfcbdc2a6cd36f76c8dad629cd1211958a2186464421439b53a9d6c9d5cd9e7102a829ff0fd2e5b8bcfb01feae3f834e039215be26a1f1a08892784b9c067f24c4559d8fc7d5ae9b4662d66fe04f3e55b126c8b3cf4345284b0008b47b6a711233127bbdedf1f4907b2505f135a6d09a15b27e7a893764044416d30fe8f4638adf983b1683e73618466eb46c1958a943cec4d9e062692f4dca12066077bed5e1c2727057ed3e25da7c2f0601cd5829545f8228a435c6c6562a28570de8d3080e59b85f31b05c56d09259fe6a0d79e354cfd6558e3019b059f938c5bcb88a357e83d97f8121fa73915155ed61562cd8001e4d4881bfa9892979d203109b6cf25ca3f4f78cbe0bbab80626786204d7149c5d2d444e78b7dc2777fbb294ebd475925e87e5e74f17474410558e41c5d4d678bcae46b3090d13fefb2cd54c8504a6bb470f9387853d9ae1e98b35cf2fe34b9012e246470c40e65644f59c76f729151c47e8af709e2b96adafe0bb491e9e2672d33af204ea467383ff789cb262031543a06241bdcb397fe40ebe2318dbab482da7a62be22bdf08cf4dcf060895bcf75fad739d746d620abd035f924918d32f9bdc56f54098f47db7ee194841678460d723f135c9796e5adf1003f2548df019a3d792d3c94caf94e446a51d856922698cbf53ca7107fa103cd194d70d31030a7abb619b0d7135ef5016b6ac1de9afecfbcbfb764b65f07eba93ef6a086044cd852afba978e35d5a0a2aefdf4db7271a72a11a065c84a4ee739e6ebba3e6c2f6951c5a706c66c9874265526ee59bb6570ff2427a137b50d26d5a614edc942acc9f53c15ba30c63914e47ae40498129c82a5bee0db21a7bb7ae301a1f698909bfa03dce2ff392e2c7e95685aa9016bd0f291afd3a02d7d0ff2f7e00774bf1e55119d6b621675fbcda08778609bf1e5ad00c824435f3b8d97b4e31233ee658d311a98675266cb8b38b56bd0b140eb48ae662ad5813e2328d84f8ddf40a7ee7371f7589a16cbe01dd739ff5e312db49f17bf83c12a856b083c7db53fb1137de1265385199342ddb3648da4ed7f44ecb07e5cdec2bb8894b96106b801cb8797512044b7df39fac112b46a9e2ebfd53dc6853263e8a2d5ad4392eed632959edc69a7be949f7a8377634fde7ab632b742e1b417a6e9cdb9167da5ad89853b4c51174b7755c3ac339bc047a4c405d72e94986866f944a4d19aec71b9774bf10452195c52557a03d866af6a32eaae3af0b3efe9c1d2723b57e0bd926d73fe4c76f65ec36ccd761b0430feacffa5b544dfc4f98a19928693da7a5f99ec393ad5639a269ebe2efc88b41339e2fbf44ce9a36106df0589235e5c5984e603a37795432acdafcb99da05cfe28a51084717aa76d81fd7bbfd7cb5f37f880c2815d18fced86911e239f67f5d336b85215aa5904a7f3d67212abef0da18fe5f44b39e1210d22fba2c223e16c517dc84eff85c95e1ffdd5ea273db2bc191a6c0a57add53f8a43f60b2ab811537a09691e759281afc20f2f273b3d1368af318670cf7c82705c783995fcdb0aa94dc7562a708e44709d74fe6f8271d38529293bbe0e3baa66d22d160cb06b3dc2307709d14686540cc86d3b0867405efdc12a586a419d668695cd3594b97897901c48921c8c2aaeca6226bcfc280f51742c94e2582a5caa30e1271c37f45a840d490a3648e571d4f6d7626b9447d1fd7ba6bdeb4c60da6337233fcf0d2d26c22978a76038b6c0e10a6af0bb0317b7d7a334cf27d48e85e8c69952d3165175f832bef4d2893a0766d81a48579ea168d45aadadb1078439e9405c7b047ff888d25bc5551b3cb2574eefd697085e501a37c49fde02c12bf4904746571d4a74c9a971bdf68d0b003abfb0887bbfee473d616804fdd1447171a4b88dd5746879d4714043e67960bfa770d13c635d0682289493f5e3d8c2aa8d46bde5b0794aec76107f975570e4a1f938fd433b813d4b3b9897976aa5f6356fe041d262e825515ee99573f6274015a4c8dbb4b00eaf02555429f7f6a26ab4dfde73dcd6de325963d38a31300e2e9888ce937968ad8ccb3ea89dbb1026cdbda4821a186d2891ece70f83e69d6019f743896f7622dced3551dc403451ce37779b87516f572688da78671ab21e9e2230e2d2e51531f36c3ebab29fd8b892951de75d9f7b84343a8e6af4168e4bdd714b52d31f50c96b5d122e6e98f414b555742bac819bb093c1fbf17736ed44ee8732a69bfdc943d3dc223f29e1693eb90e681836ad371a9ae28eaf33349ebd50e7efca754cab6448871468e213d029dac59aa1c87ef337061f2a6494e511bd31d74774ec66bbba9ba0879f322a990360c8917639c3413947acf65c8e12a101891b89b61fa350028a246265c799c7fa67f6bd98152553ed460b8b0cfea1f04d2113f9f8507ce7da4560a32ce9fcb46cee1d6a42eea1c190755df80901d915c5e16c5411b14a8753758fd14ae4d1ad3f07a1b75dc91e3cabb69565cde1f989c76d5b622565e9782c544e972cec94af9576c87fdb13b40c3269e8c7c2c8fcaa0e007707f1de3502e6187b0b8be69ad379983d4baf8af65f1fd79984d457e63f544c6c165535177157b4ab79d394ab0515197d0c1b6c344f9c5924521a72e7d63cc7f416cff151f68eb93b4a630ae0e250c4d420d80bd1c7b0e4400fe6c4a868eb668c1de9919f15fb95563a622834c3137f5dcbd7bb32bed805106a3110f020270e60025127c23e00288fe958c593107346fa8c2d6fad79c56a04f8d3a50a7f415b279e2d695188b0f4c8331fa0f384c80fcca140b6352d612432d6b4ab805225509016a23f32dd43cec09991a19944babb1784ad6f79c7eebbe058c7d5801c467f387ecf4b5bb8eabaf6d8f02b32223a419841bf565eadb26ab71ec4bec30e504e6e8d1cb9bf35276f60830dd0dcbe1c8a0bf6a22b7705621b0ecc3834939080d41e00183c0d0dea60148c370e8cc3089da7a56f98df8f23e1ed47caa4374a60de018265430998df05ba4ba068d2e4db746f6cd52ac947a63f79992cbfc11026f3f85b9a330ef66e7d7fb9bc1e41dab8c96a2d50a9bd9148b1981579b29ab20467d4857691b5275093127a2fda35777939ff5fddd8e2b63e1c8d6350615a35c5017a1b11c14d7f6ddae776345a06f6c866ab5d888ed01e2cc804b1b1b6a056408da772f0c901abd109de4484b3ede2075066806b24efc51d28a4439bcdd645cdfbd8a4873893dc2cb554a8522ecc3db45ba48c6c1557e6c5e95be626113f2b1a8bbe801b04b602d99b666c8ab3db2d503fef301e9117b73e28487548ee3d30cfced5924a17bb495047ecbb0c3fd64aed4af35baccfd173dacb599d53a569eee96e861fd1c3e776bc10759ddc406db72573930db5ce2bd05ba7016559a1e0d9d6baa97253eea6d5d38cda4d13c4fc0cc0b1ea577b72cc92cac663be0e088b572fede1db8404543764dc5d9e2b922fa7cd709b2321cfb60742c37be8b6f7cf4c466b8af5ee96142d1948fd6fb315357a0dd0d241cbf5015c6531824f629ae623df5905c1591ee50a8155fdc8c530136b2dfcc0654af5d96cdde1faff6c9314f0332e12a48094b3d91de2bbb4b6e1c863733ca85169f23c8cb0d2c0d4e9ad556a6a1eac2d3c60de8b0565dce0af35dee06cd1c1ebe140368db6851bb991db43f2d09071cc73ed52b149e0c28d3004051a6522528302c3dea905319fb4918c5c1cca26c8c3a70887bb2dd0a449c985c7a42f81af45752f7199e0732e395ba04fbd059401afc775045240bb2b0e36355ffd64e2b04b9dcaf309f0e1591281a6547de1dfb20393887fb7f2df529bcc9acc93f5d7925073649478185224274263dd9086cef301672b68950cfd0e1b5188dcaac0b5d76020b7debb6c93e2292e74255c6e052c6d75d9eb70dae4eb3f6da4749fed4986556a16b02dbc196b767a60e317d2028136f6ff1d29ffef5c29daa10a8d29328eef7d634bf1f6ab450b1511168d64ed57ba12b671a9679748f52ef0a41ed1167b35bb0d7f0b540a168e974f8c1e6e1343b1b4e3ec089695c99f6c7fbe4b423611ddf162b26fd9ed235d5a0649d3163dc7d9bb969f0b5f5ad9f2e25dc911776fb334d9feee4da489b7ca5b09b1e22fed02cb4a2c324b3447dfb8ed36cea0fdf4c41f41df2c437b893174fd73662ecb3975fa6358144450dd9d655257f142c7d53a5ed265fb59834c7da5403589b5017bf664145ada50888def0168af1a020319dca9d093fbc33d0e6267bc3162b26569272b4ec68cb14746e1f5ee2a81e50d585da7e0426cb5363ea3f947f9fba48cce250b5abf4d140a1ab89609aa07b0886e26a306ac075fec7bd81220a9ee50f9b4287c859291653af31af9214b8b235e372f23af1413d6dbeae6ab8f15138378d7d7d454a117006051d2dbbfabbbb91b2e788ea78e4fc9e990953632806ff17954db9272a43cd05294a2da3e2269bc10bf8f30cbf8224fdd202ec39f38c73430239cef95b789f4b28169660039ea1db3f0d9e30c81b9e9d04f01719431299e306fc1380c939076233e166278038ecb511dbc77be42021975ef912ef2ae74bc699098e2675a20292a2796462b07d9b937b1c16c9486f4bbc3b6c74aa2b86d1f9605c9a41ed4e53b7f681d989d1c2fc69515b5c5f542cf7c92a158639b43a862c4bf5cf13060f95e9488d97094138cf17b1f1f996fef3766672f42faf9e63a8d7f7c6f8dce6e42135cfa97299afc54ae06d1144834644dfdf91c1d486e46a7fa298aa5a4fd9a84eebbc629544f04b501ccff2c42eb04ced41acbc74d3ca2c38ebc9d646f8ec5b74fb946ba6fd83d0e9924084459f6be96327b97a0b8eb54afceaa6879a1e73ca189e726165db34457984bab5958fd14c2ddfec91001b68c585831f7a28ec7f889507e9aef6df0527c6bd5424cb39bbf036a63479b7068c2d7a40918f7780e5d4d62734fe1748bbbc0eb2b1cc471e055a7c5b2e1f2f250dce909a6397d0c98c6d12803a36fb48170586a145b240a834b1761c5b1dc1b0c034bfa000a0f181d0a8620593006abbb8d866f38ff1e2e562cb97dab112e1aa61dc88e6c728334f34a3fbff35630aaaa13e93ea65b253f20ca327f22bf62545bfdafb9182efc630fc0159544da110b73ef2cb552863286e66950bb2c5fc0704d4ba941cff20a87023919d9eed262d0f743524cfce2406a1c9524a4cb9158da18c68d074d4d84c9eb8723d1259691c10377780e06d98b28b6fb137d73ced1a673c6c7cf702380adf91415232fd0a5cfac71467487aa86491c17c273e113d022ee6044f6c0b1d4bf57d79055fe0522da92d27fe7639849c37030ad2b82a21281ac53f0f00fc80c5a296a495a471c47f22c3afa9df9801d8a8d52afa178041403e6aa0f89dad593319e14c13a9fdb13551e9acf9c18bd82cd5a2024fc10eb5ef9592f49f0ffd0e185887755e4a54258592180d6ff402ede17bae7060376bba1d263173280436fff44140606b2e83f5800708ac344cecdf3f2a5df3da8369d3dad4e1c52f075ae7762e6e0c8e54405cf5484da3c2461ef8b7a763a9f800830cd5cb632d0d2c86c6f0fd95ea9819e62baf3d76d7594d86196b82e39841ded42dfff08ab71a199ac7d89c33be9cf449c2221aa28c794ce9c666cb2c8e82feff61de1716fff0211ec19140fd4667bb99b83a85ffdfa69fe040aca7ded090ced9fbd0e2f42a1294fdc3a310012ba95529900c5c603ec3b9c6920096fec484724571dfe7e85932c959c0ee48217a22d3b687205566216e4cb26882ff0a27e24823b4b7c18f63fd8b50f35902ba782974bf25feab41a1b750cc442c2db303d07c59734a8360b897d39bd3a76de8b100aa6e5702243bb8246db687a838f2b67cb63c45a6404bb84c44edee511fc2cff97d83d48f93bd58b8af094ddce8fa05d73f7721f76714c68a996e5237fc5b6f993d738db77709f71772deeac8fd90bdecb4101b616f086268dc2d4c5a57943cec9f7ff4e53ee3461c428cb3264f214f6152f040d706c536a9786d92468a6cba1d60251c61525c4bbfce4515636a93378320c12769c6eed0448b682cef551a1be2fa27f61c185a751a802db05f02d13902e63233f738c8dd35c5e1d161a1e840f7718ca26c96fc4f91ad61be62afb448a84410b8a61669b58d695a0e6e00681f87d2aa416de4f97dda271ffd3a6c1d9d3053a5e730c3da50a2a3d191f6c2d248a84230d8961e331a983fd5647c8c98d2c880fbbe956cd52445c1c6f991998506607a6771a79ffd3589c81d1ac403120290f823736a22885c58b5bd11a6646e48402b64fcb41f6474ca9d775fddd67cbb9704f780b3e8fa320b5e72d32c096dfbec70b990126a0b4cbf55bb6c66a85b6ec046635ad9d6f4125d673a02e1844bbf93a1bff59914ba878cc8611539ba2464ca907cfae7d48f69684685360309553b51794c7054d09e382ddaa4c3bfc2fd6beac72817e696cf749ea548065c92b16e3d4cb8645e99c5421a1f9c489c9e307b4fe6e36ab98396fc70a07ef2ff5ff62c04420c4b3ea5e600456dba06a63ce0f8de61de8b24521f1c12d7fac30d3b87b6e259e3a233a1029e0a6945e238e58766caedc410b08e6765d3e1f0c3acadf6bbb68f082c040b8e3371083a59e8abb1775e943f2f3326f3eac0dacb761d7e7b3b87501e121ebbc43fad2509e94f59683ec4999ebf8014d7fc5856612ebdb6877d56056bf9b4ff912e9fb1d61b1c1ecfeaa218b66fe05e224781ad340c7c397854dc542af2ee872facb156a516ebdb9a12ff0ac3b75cadeb4520fb2a99118519cda23e2e2471e1db96dc47215e33a3b731ff6184addf5d4307145b26ff2b440fda0b5acc0d46d9ecdbc71b587e458de222c12d9d8f7b13d06eca87a1d2d309485deb750344bd15df56bab5c5d26d9287794cc56966022d863a8bbd9a996bc048d3e2f657ea938ed7299c409859d5de749aad149ddadb0c7e3863fc4ab79421367ee8478020b7bcddf9133590537350f69f0fd747be326db11b9cdb06986a50bb3959f8d59d043ca4de11e0d805d22b1bab8f3d375ed5f90c76e38eb6f0ac11a20080f56234cdc32f602c2dbaedab4699500e41b3f1568a13e6e066bb77a4a1252065199a6dffdd93ac1f9eb8080f8e4c094d0fc7951566e378626e784b7b5a13da3e540787d6b122a5d2984af86f8e40b0c299cee21d6c13d6f55f2a5d57a19f93a2a8f1a717da99f25ccfb79d9786b2c0206eb595d43aec3a43011e39f2813d75c4811326a425ab5d372baceb9cf76e12ee586feb294c7f479d4ffbd8dbb2cde8e28945be46a065a41520815a6c593c23ab0b1e3e81530375ced446e4ec874ca1d75588ec64a05e9847f044d745c49c7655cba249b44ea94ea982389fa3698cfad10c127664287e068946d1bcd54b49999b287409ff2348b7a60ca3d53169e1fe0562df7affd88716e02960ffd633886cfe451622c32538f3522ce1679b92024fdf066dc80ce4bd94ef2ac0a423662873b49438dd84e3c85476eb14d5768ac9c3696b11d640e9a6809d6c47b7a4d388d873dd03879caead7b0c43c708bef6fb96c63e8373d1be8ab398db6a466c178c41bc6908d2053a222baf90dc33c71fdb9f144b51942cf3e79d80f8180a159ca42c8098387fc48f6acc4851c4be60b6c500411c8cd1ccf4d34b9ebe9e3f8c92e4bd5a7737151b99a779ff3c1fbcae7c23378e671865186e3eca9127429c62deba1ddf64e4f3f0450f192ff9d317e09e1277eb59106f5f839564047f6496323ad2c9c04a7224a3ea6309c413e04d8d1e1f3c8fe3130788d64cd4f84e5679b3a5f48f12934dba777e10fb032ad0f5210ca260b48e75cddf912e4c38f27054c88231122716c4a035ce005a7ff5c32af4ee9f727c9a314d0a29c1da455ee0e6f0923658f090c9f7cf5d509a1f545cf3d946e419dde611c15acc1ed9a8c721625f5856f9e88a3fea0df5957b2a44431ee79147e15b56d6f8bf98e641ca5798ebb20329289eebd0770b106c5a0bf94383543966e27088100f20f7353d64834a343ca16797aa1ffe9a4dd0cbd89ab90bf5d12c3697664c2e5effb59bf439b6c9b733514c53a6340cecaff49871cbaf61452d90448e9ef29b8919ab924634ccd5601f4ea100d05b4439abcecb32b3f0584048f013b55305f8c8c5099e783a457e5c96b941ba479e21946a8c4c1bb94f2343010057cbd49b7fa25ac61668eb580226c9bd83083c66d82a0c78efd7de619213be458d121e499d38c8b3c489a151a298764e783aaaf094306042e167d6e9242250d2903bcbd01bc9d0566440c37054332751b3d25ee408d4f683cf70f68a2ecd0451a8260056423cdecb8a8495eaf8767500150c8594246bec77fd6d3cdf2d1f668bd68283b0b22160b19109b653b0e856ed11eabf841fbcbdde6241713b8c092b38482dc63d93c058c89454a4050f781d6d6df3006f2e239921d13b9505ea80d70ef050af07d839e087922969e3b976e1c1ccd516c76260187477ea98098b4616d45ee22d6d3d013e8f1a59e1423fd4e33dbd6e3c8a1b14527c739da459f21cc8c9f0c0215ff33a02a956dd330beb9621bb1e3730b99f7fe769ef3652ce6fe2b4ec357e614cd627bda1ece4574307c4514002200fe8000000000000000000000000000bb19f3fb6957b081dce082d06ad27e9b63d52e7d84561b2cf098a9337e141776b9475753fd9c27850d4a1d86614cff86366eee75f4563cf4cd4f687fadf260a8a5915fd55148281a6b6d12e95be4232bc2db62da1acd4c7235db8817ec14bb05e13578a3f3b06efc0c1456a78cca81b08a29ddb51722230b7f62791c5fe33bea8f723f709554ec949d767edcc7f639b832de1ac9400379f4c8f8ed34a4cd1ae22bd671da048a43d6d36d693574db1ec6de23db7f78e6bf9021bf77ae1fa57b512fd4800f129d523ba5ae90ac9ee70ad547e11357e051da7042eab1b128c945109366639ad39dc32a91b89a023f3382e7f2155ed15c9a58681f688d490e4af9340c4724662435559334ab1a3e14007f0000000000000000000000ffffffffffff063e82011364e4ebbd5694e5a3ccf7dcb4f22b2e1fedf390ebe5145fcae69f58aad2cdc678208ea0dcf3bcf68c75c3ce18c3bdd4f3d824af731617716292bd040070031e890973f1788e7e3020f20b2468edbe31d65d3c9964bee483dae95276fa23cf9a83286fa22f66d4082d999a16da8f71e61d45d6e335465c9dca07ab03d58286a82cb400ea0ef94eb569801d395ce0ac22363c18ce08008e00", @ANYRES32=r2, @ANYBLOB='\x00'], 0x2218}, {&(0x7f0000002740)=ANY=[@ANYBLOB="f80000002500000025bd7000fedbdf2548506461b32daf34b5074ac3364382d8e7e455380480a72f6b6b50110e2c5e3148a767e71d082fc6e69abbfbe5f5831d028a6ffe9c87112a989651c003ffbdd047fa22f066751ffddbea34f4884acfb3f50702b6821534ba560bc604e2a43e161c9d93e3c29b412772b20fae9480658fb6ca811b6d56cfb8a67fdee9950cc668ec8285c61e4b79a21c25f7a395a7da3a6277658ae5b7e3a85a20c50be30a115840ecee7a0c8f5077d822dd5835b0d22bf9ec2bd89a0189b3e9cd902a80c88de20ddef050d21b61908802fa0d09bb4ab595dc50901a1f43506e76c5119d497d5b5d54ceb127000000"], 0xf8}], 0x2, &(0x7f0000002d80)=ANY=[@ANYBLOB="20000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="0000000020000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="00000000200000000000ff000100000002000000", @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="0000000038000000000000000100000001000000", @ANYRES32=r12, @ANYRES32=r13, @ANYRES32=r14, @ANYRES32=r15, @ANYRES32=r16, @ANYRES32=r17, @ANYRES32=r18, @ANYRES32=r19, @ANYRES32=r20, @ANYBLOB='\x00\x00\x00\x00'], 0x98, 0x80}, 0x20000894) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r21 = socket$bt_cmtp(0x1f, 0x3, 0x5) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140)={r21}) r23 = syz_open_dev$dspn(&(0x7f0000002ec0)='/dev/dsp#\x00', 0x1, 0x109000) ioctl$TUNSETLINK(r23, 0x400454cd, 0xfffe) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/syz1\x00', 0x200002, 0x0) ioctl$sock_inet_udp_SIOCINQ(r23, 0x541b, &(0x7f0000000040)) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r22, 0x84, 0x1e, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 05:06:25 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00000dc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:25 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c04b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:25 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000140)={{{@in=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@local}}, &(0x7f0000000240)=0xe8) ioprio_set$uid(0x3, r0, 0x1) 05:06:25 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000bd0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:25 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c0fb64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2055.371549][ T3566] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2055.466588][ T3566] CPU: 1 PID: 3566 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2055.474624][ T3566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2055.484683][ T3566] Call Trace: [ 2055.488020][ T3566] dump_stack+0x172/0x1f0 [ 2055.492457][ T3566] dump_header+0x10f/0xb6c [ 2055.496918][ T3566] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2055.502742][ T3566] ? ___ratelimit+0x60/0x595 [ 2055.507354][ T3566] ? do_raw_spin_unlock+0x57/0x270 [ 2055.512478][ T3566] oom_kill_process.cold+0x10/0x15 [ 2055.517604][ T3566] out_of_memory+0x79a/0x1280 [ 2055.522309][ T3566] ? lock_downgrade+0x880/0x880 [ 2055.527192][ T3566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2055.533470][ T3566] ? oom_killer_disable+0x280/0x280 [ 2055.538715][ T3566] ? find_held_lock+0x35/0x130 [ 2055.543528][ T3566] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2055.549115][ T3566] ? memcg_event_wake+0x230/0x230 [ 2055.554186][ T3566] ? do_raw_spin_unlock+0x57/0x270 [ 2055.559420][ T3566] ? _raw_spin_unlock+0x2d/0x50 [ 2055.564287][ T3566] try_charge+0x102c/0x15c0 [ 2055.568830][ T3566] ? find_held_lock+0x35/0x130 [ 2055.573621][ T3566] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2055.579181][ T3566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2055.585439][ T3566] ? kasan_check_read+0x11/0x20 [ 2055.590508][ T3566] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2055.596080][ T3566] mem_cgroup_try_charge+0x24d/0x5e0 [ 2055.601395][ T3566] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2055.607041][ T3566] __handle_mm_fault+0x1e1f/0x3ec0 [ 2055.612257][ T3566] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2055.617815][ T3566] ? find_held_lock+0x35/0x130 [ 2055.622592][ T3566] ? handle_mm_fault+0x322/0xb30 [ 2055.622618][ T3566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2055.622638][ T3566] ? kasan_check_read+0x11/0x20 [ 2055.622658][ T3566] handle_mm_fault+0x43f/0xb30 [ 2055.633837][ T3566] __do_page_fault+0x5ef/0xda0 [ 2055.634298][ T3566] do_page_fault+0x71/0x581 [ 2055.634312][ T3566] ? page_fault+0x8/0x30 [ 2055.634321][ T3566] page_fault+0x1e/0x30 [ 2055.634329][ T3566] RIP: 0033:0x45b75d [ 2055.634349][ T3566] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 2055.634358][ T3566] RSP: 002b:0000000000a4fa98 EFLAGS: 00010202 [ 2055.634378][ T3566] RAX: ffffffffffffffea RBX: 00007f71d9337700 RCX: 00007f71d9337700 [ 2055.699327][ T3566] RDX: 00000000003d0f00 RSI: 00007f71d9336db0 RDI: 000000000040fbb0 [ 2055.707321][ T3566] RBP: 0000000000a4fcb0 R08: 00007f71d93379d0 R09: 00007f71d9337700 05:06:25 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000580)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x4, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) io_setup(0x2, &(0x7f00000003c0)) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000480)="abc76beaa24f1eb1e72bd9029fdb14c848c7b1c5517a56e01730c8ec3d56a92741c054f939b421fe92d1b79da610c1478b6b1dc247b01ccd704a15027cc80a9899485f1bb8d96cf0bbb59bd793f64c68ebaa728fe6993e2334eb969d403588c0baa9e79d1d72e383f020d43d703ecafa47a0ad900c42dd0220de5920e37c2bae1e2763aa9d5a3317d7631b33a01b7c5df0287b7291b5d65915b4d4ea68846f61529348338a895d816c60a18efe3f47d567dae176f77990becc2e43a97fe5b7af88652c68737b50522db21dca9e515bac8677d9d8e25b6047a04e417dbe7a2ee5435c040f539d38dc91ab27142a650560a1aa912c66ddfa851cbbce56f66de173") r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) ioctl$TIOCGDEV(r3, 0x80045432, &(0x7f0000000400)) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:25 executing program 2: write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002f80)='io.stat\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000002fc0)=0x1, 0x4) 05:06:25 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000bf0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2055.715316][ T3566] R10: 00007f71d9336dc0 R11: 0000000000000246 R12: 0000000000000000 [ 2055.723305][ T3566] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac 05:06:25 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c29b64c0f05bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:25 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x6, 0x8800) write$FUSE_IOCTL(r0, &(0x7f0000000140)={0x20, 0x0, 0x0, {0x0, 0x0, 0xffffffffffffd983}}, 0xfffffffffffffcd2) [ 2055.804149][ T3566] memory: usage 307200kB, limit 307200kB, failcnt 9470 [ 2055.827904][ T3680] Unknown ioctl -2147199950 [ 2055.833408][ T3566] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2055.892867][ T3566] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2055.941956][ T3566] Memory cgroup stats for /syz1: cache:108KB rss:128988KB rss_huge:63488KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:122844KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:26 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db010000c00f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:26 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0xfffffffffffffee5) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, 0x0, 0xc014) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = dup2(r2, r0) bind$pptp(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) listen(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f0000000140)={0x5, 0x8000, 0x5, 0x3ff, 0x0}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={r4, 0x4, 0x30}, 0xc) r5 = socket$inet6_sctp(0xa, 0x0, 0x84) sendmsg$IPVS_CMD_DEL_SERVICE(r3, 0x0, 0x40800) ioctl$BLKIOMIN(r1, 0x1278, &(0x7f0000000200)) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, 0x0, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r6, 0x10, &(0x7f00000002c0)={0x1a5}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2056.004165][ T3566] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=21382,uid=0 [ 2056.144873][ T3566] Memory cgroup out of memory: Killed process 21382 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB [ 2056.187843][ T1044] oom_reaper: reaped process 21382 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2056.348475][ T3572] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 2056.387166][ T3680] Unknown ioctl -2147199950 [ 2056.412438][ T3572] CPU: 1 PID: 3572 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2056.420461][ T3572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2056.430623][ T3572] Call Trace: [ 2056.433940][ T3572] dump_stack+0x172/0x1f0 [ 2056.438310][ T3572] dump_header+0x10f/0xb6c [ 2056.442932][ T3572] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2056.448749][ T3572] ? ___ratelimit+0x60/0x595 [ 2056.453353][ T3572] ? do_raw_spin_unlock+0x57/0x270 [ 2056.458500][ T3572] oom_kill_process.cold+0x10/0x15 [ 2056.463621][ T3572] out_of_memory+0x79a/0x1280 [ 2056.468313][ T3572] ? oom_killer_disable+0x280/0x280 [ 2056.473536][ T3572] ? find_held_lock+0x35/0x130 [ 2056.478313][ T3572] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2056.483877][ T3572] ? memcg_event_wake+0x230/0x230 [ 2056.488914][ T3572] ? do_raw_spin_unlock+0x57/0x270 [ 2056.494027][ T3572] ? _raw_spin_unlock+0x2d/0x50 [ 2056.498888][ T3572] try_charge+0xa87/0x15c0 [ 2056.503327][ T3572] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2056.508978][ T3572] ? rcu_read_lock_sched_held+0x110/0x130 [ 2056.514740][ T3572] ? __alloc_pages_nodemask+0x61d/0x8d0 [ 2056.520301][ T3572] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2056.525855][ T3572] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2056.531062][ T3572] ? cache_grow_begin+0x594/0x860 [ 2056.536087][ T3572] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2056.541384][ T3572] ? trace_hardirqs_on+0x67/0x230 [ 2056.546420][ T3572] cache_grow_begin+0x5c0/0x860 [ 2056.551278][ T3572] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2056.557518][ T3572] ? __cpuset_node_allowed+0x136/0x540 [ 2056.562983][ T3572] fallback_alloc+0x1fd/0x2d0 [ 2056.567681][ T3572] ____cache_alloc_node+0x1be/0x1e0 [ 2056.572908][ T3572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2056.579185][ T3572] kmem_cache_alloc_node+0xe3/0x710 [ 2056.588294][ T3572] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2056.593676][ T3572] ? trace_hardirqs_on+0x67/0x230 [ 2056.598825][ T3572] copy_process.part.0+0x1d08/0x7980 [ 2056.604119][ T3572] ? debug_check_no_obj_freed+0x200/0x464 [ 2056.609884][ T3572] ? find_held_lock+0x35/0x130 [ 2056.614670][ T3572] ? debug_check_no_obj_freed+0x200/0x464 [ 2056.620410][ T3572] ? kasan_check_write+0x14/0x20 [ 2056.625365][ T3572] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2056.631790][ T3572] ? filename_parentat.isra.0+0x2d5/0x410 [ 2056.637525][ T3572] ? getname+0x20/0x20 [ 2056.641607][ T3572] ? __cleanup_sighand+0x60/0x60 [ 2056.646673][ T3572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2056.652930][ T3572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2056.659540][ T3572] ? getname_flags+0x300/0x5b0 [ 2056.664312][ T3572] ? getname_flags+0x300/0x5b0 [ 2056.669110][ T3572] ? rcu_read_lock_sched_held+0x110/0x130 [ 2056.674834][ T3572] ? kmem_cache_free+0x225/0x260 [ 2056.679885][ T3572] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 2056.685790][ T3572] _do_fork+0x257/0xfd0 [ 2056.689959][ T3572] ? fork_idle+0x1d0/0x1d0 [ 2056.694380][ T3572] ? __ia32_sys_mkdir+0x80/0x80 [ 2056.699236][ T3572] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2056.704694][ T3572] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2056.710154][ T3572] ? do_syscall_64+0x26/0x610 [ 2056.714840][ T3572] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2056.720920][ T3572] ? do_syscall_64+0x26/0x610 [ 2056.725608][ T3572] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2056.731168][ T3572] __ia32_sys_fork+0x1f/0x30 [ 2056.735775][ T3572] do_syscall_64+0x103/0x610 [ 2056.740384][ T3572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2056.746278][ T3572] RIP: 0033:0x2000000a [ 2056.750366][ T3572] Code: Bad RIP value. [ 2056.754440][ T3572] RSP: 002b:00007f71d9357bd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000039 [ 2056.762854][ T3572] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 000000002000000a [ 2056.771325][ T3572] RDX: 0000000000004c00 RSI: 0000000000000000 RDI: 000000000d00001a [ 2056.779308][ T3572] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2056.787288][ T3572] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2056.795260][ T3572] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2056.806865][ T3572] memory: usage 305156kB, limit 307200kB, failcnt 9470 [ 2056.817908][ T3572] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2056.825949][ T3572] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2056.845712][ T3572] Memory cgroup stats for /syz1: cache:108KB rss:126896KB rss_huge:61440KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:120784KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2056.891778][ T3572] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 2056.907189][ T3572] ,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=22905,uid=0 [ 2056.929531][ T3572] Memory cgroup out of memory: Killed process 22905 (syz-executor.1) total-vm:72448kB, anon-rss:2176kB, file-rss:34816kB, shmem-rss:0kB 05:06:27 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfffffff00f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 0: syz_execute_func(&(0x7f0000000180)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x3ff, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) 05:06:27 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0205bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00460dc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x1) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:27 executing program 2: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x361000, 0x0) ioctl$sock_bt_cmtp_CMTPCONNADD(r0, 0x400443c8, &(0x7f0000000100)={r0, 0xe90}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000080)={0x7fff, 0x4, 0x4, 0xb71, 0x6, 0x5}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0305bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfffffff40f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0405bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x1000, 0x2000) setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000180)={0x0, 0x7530}, 0x10) 05:06:27 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfffffff50f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00001ac4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 0: r0 = socket(0x13, 0x800, 0x5) getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r1 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x400, 0x200000) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000240)=""/185) shutdown(r0, 0x0) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x1, 0x2) write$FUSE_IOCTL(r2, &(0x7f0000000000)={0x20}, 0x20) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000380)) write$ppp(r2, &(0x7f0000000300)="5d689967cfe2506ce1ef32ac6f55fdcea03c6e2bd6c229bd79091061d684fa921f836b440b247e013e831d6c369ba29ca0853fa0792c7d423189802d2445707b89548d61a48032f75e8a4b88064036dd0a12ebf62fc301e0290347d5fb8acc2afbae001905029ededd2e7993", 0x6c) 05:06:27 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c1005bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:27 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c2905bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2057.719782][ T4037] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2057.834559][ T4037] CPU: 0 PID: 4037 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2057.842605][ T4037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2057.852677][ T4037] Call Trace: [ 2057.856006][ T4037] dump_stack+0x172/0x1f0 [ 2057.860385][ T4037] dump_header+0x10f/0xb6c [ 2057.864828][ T4037] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2057.870669][ T4037] ? ___ratelimit+0x60/0x595 [ 2057.875293][ T4037] ? do_raw_spin_unlock+0x57/0x270 [ 2057.880458][ T4037] oom_kill_process.cold+0x10/0x15 [ 2057.885597][ T4037] out_of_memory+0x79a/0x1280 [ 2057.890443][ T4037] ? lock_downgrade+0x880/0x880 [ 2057.895349][ T4037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2057.901635][ T4037] ? oom_killer_disable+0x280/0x280 [ 2057.906860][ T4037] ? find_held_lock+0x35/0x130 [ 2057.911670][ T4037] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2057.917252][ T4037] ? memcg_event_wake+0x230/0x230 [ 2057.922318][ T4037] ? do_raw_spin_unlock+0x57/0x270 [ 2057.927502][ T4037] ? _raw_spin_unlock+0x2d/0x50 [ 2057.932431][ T4037] try_charge+0x102c/0x15c0 [ 2057.936979][ T4037] ? find_held_lock+0x35/0x130 [ 2057.941849][ T4037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2057.947514][ T4037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2057.953778][ T4037] ? kasan_check_read+0x11/0x20 [ 2057.958658][ T4037] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2057.964503][ T4037] mem_cgroup_try_charge+0x24d/0x5e0 [ 2057.969822][ T4037] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2057.975492][ T4037] wp_page_copy+0x408/0x1740 [ 2057.980129][ T4037] ? find_held_lock+0x35/0x130 05:06:27 executing program 0: syz_execute_func(&(0x7f0000000140)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab21440fec3f3fddea660f79cec462b1f72ec3c4899294d800000000000fc4634148690000c2a0c10b00cca27a0e0fc442cd376d000f2b3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") [ 2057.985021][ T4037] ? pmd_pfn+0x1d0/0x1d0 [ 2057.989291][ T4037] ? lock_downgrade+0x880/0x880 [ 2057.994159][ T4037] ? swp_swapcount+0x540/0x540 [ 2057.998952][ T4037] ? kasan_check_read+0x11/0x20 [ 2058.003850][ T4037] ? do_raw_spin_unlock+0x57/0x270 [ 2058.008989][ T4037] do_wp_page+0x48e/0x1500 [ 2058.013440][ T4037] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2058.018851][ T4037] __handle_mm_fault+0x22e8/0x3ec0 [ 2058.024100][ T4037] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2058.029672][ T4037] ? find_held_lock+0x35/0x130 [ 2058.029695][ T4037] ? handle_mm_fault+0x322/0xb30 [ 2058.029720][ T4037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2058.039440][ T4037] ? kasan_check_read+0x11/0x20 [ 2058.039486][ T4037] handle_mm_fault+0x43f/0xb30 [ 2058.055739][ T4037] __do_page_fault+0x5ef/0xda0 [ 2058.060539][ T4037] do_page_fault+0x71/0x581 [ 2058.065049][ T4037] ? page_fault+0x8/0x30 [ 2058.069314][ T4037] page_fault+0x1e/0x30 [ 2058.073492][ T4037] RIP: 0033:0x40c0dc [ 2058.077410][ T4037] Code: 88 48 20 48 8b 4c 24 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 5c 89 48 24 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 4d 71 ff [ 2058.097057][ T4037] RSP: 002b:0000000000a4fbd0 EFLAGS: 00010297 [ 2058.103143][ T4037] RAX: 0000000000000030 RBX: 0000000000000064 RCX: 0000000000000000 [ 2058.111124][ T4037] RDX: 00000000000000a0 RSI: 00007ff76ea8adb0 RDI: 000000000073bfa8 [ 2058.119108][ T4037] RBP: 00000000000009e1 R08: 0000000000000000 R09: 00007ff76ea8b700 [ 2058.127091][ T4037] R10: 00007ff76ea8b9d0 R11: 0000000000000202 R12: 000000000073bfa0 05:06:28 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) write$UHID_INPUT(r0, &(0x7f00000013c0)={0x8, "339f3dee2d9a677f03f30e02c0fff5bb45f36193909815b247010756e1fc0b85f4206bdc44b3e77f011b1113571afb190a4e88f648e5a425d3845027ae3ecadcc6854762d0e167db577e69d2582afc0b84c445929444da762904edbc013fcce2e8bcb45349fff520c390d7e6fb632079aab70d5a30b73776839e0e14d35cb78af021eb0b2cb9cbe089a072f6ab6556c38df7bd7e2b3a39c96fce01afa16b2c612b62d5176d74d8b88ee38275442d5c2a8b9e751bfdc0b175000185ade3b38082e61a033480b6a303802434b8c72f7d008535aed2a0306d80e108c8e118a42499f9e530637ad1869e5862792312b409db2f47b684a6c9027177137ff4e707c4802b02ac51936a957e71b2671838e5889a6f3ace55a1adfbc69408dd8ace0fbb11560c1c502e6c50c07ab3ebaaa600adf2b1cd230ab7587c2f47b3e1638eaefa124ad23ac64df20de5e5277d8adbd03d5dae7d23ed729229f2467440b08275f76d5599c6c15b9fdd73be8920a6966e308897839447499668e0cb3520bd7f3a87556540544d90b877f2206b3c2c86b7e0a8abc55f5c4af6b3128036317f38896876a1e718a0fb57e857f0d3799f0ad58203c446967633ead1c8e00956142a1b8671df5f89de9f6d22030848350f374135ede387a80173c88b0ade619b2b3258ed492fc9df2db857e0f5e50e713b5d68f7524c16b0cfb5d57d0c15313b5c7f72fcaa2a71c475fed5af45cd7b22d2921fe3552b5316d7b699cb372802decdf5336aa5563d91c5c383218a6b9678b79434ea43318e1888a4e35292c835864bf91bc8e32ff3b0d94a97a5d72d08e08d5bdb6b118b8576703dabd025df323bd01ad2ed70fcec6c5087da112ce6557701b077303c61b72d575a71522574c6e001a2a1f324a90260d8fb311569fbdd4977d77a5491a3ed379d3334de4a767192ea6b5194a62ef2282f3db1d20a90e9098aa93594ec3ae77aade5d5cd125bde907aded7b76bc0789ae076280b9459b7ef52784b943128ecbab995d7e4a6a2175d096ceecc260ecf93d4bb3fa815ab51574791881b7b41ec480b67f12050c4e6be12a68ac922b4212e1d438e8d0cef98a77f89db9d87499f8cc236b04ab0475329068613a1c9702e87978e599d4b5c5dbba5fc7333efda041031f6300302933378905bb8cee32962f292592a81abf5425998ff03f6f82ae57757a24c081debacfdc7941f5b971338d70adbd22a41d8464a74b6a36d5cabcb410efd82a1a635c4df45106b8986497d085bc4ab31ccd8607186014f94a4f2cc0d173177605c1ddc41d826d28d9e63deb4848f401ac472f4fb6dbba8ae422351df9bc167a4197fd19a8bffa0a3ea8601a8d54cc2498b9b7b8426e80f5f4fee54c0e476de08d7ca79756f8cffa0f9717d3a4a720cca0511de44e4c04c9777ec6e2bddcb6e52284bdcd090d0faffbd625a8d43624f4911233d85c8e8298d8e694a97620814566e1646add29a104c7ce7d27d2c3058b453f87c626048bb008551182ffb5f19647bacf888edfdeabd63b8ba32c989d626e810046fd6f9520a1afad931a767d73697dd309ed80afbad2169ef5b762d5192d5990e7f8fe6777586ea2a0f8da4a6095344b61340a72048c39a3d9105911f0d0c3cad7b737afbaebb156105ad3e173efa025eab6ba1ca32c398a3a557afd74f8e65fd699cb391e31824da4ef1305f66f9f6aec41540a819aa2e90a16676d3948b6ef7d24a032fdd04a2b45803469fe7bd527b7d26c8dc3409524f2dbb158b4804b414f14deae19043e7a91a6e7e51574076a4c9b03554f2c569149e698f9d79e31254667ac564e63aa4dd0772192f61a5efb3b8649f9f944e06042a0e8a13a9b0250599261d2f417569a18b130414ff566b5685cf4f14e20f54e4edeb3a072f0fcc043f1a761965ff5000c599bbaa27eacfce171660c375bf3c29f77435f5e3263084b027b4a883f6c0f6b291267802d928c21406a28841e5b571c29de741f165b0ff5c10b4db1022c8ab6e87369421a03fb53ed62c48dfd71d07f35fd8c0c2333d5bf7ab6e98c25da90ffa48a3b7f53b3a62c4febc0f28f750fbe429c45aa13e4041227bb9ad05c576709e9fe91779c94f4e3ce3b58db62682aa101dae786bbf1ec4017f765c8126d55f665f3376e865e1f5ed171f7780f4219b2da9ae9915c93571118458e396161648b060d034b6f9b4ace0661a684f6d3b4db2543462bbfd2074daa174ffef83a2c7e8a1ed93eb74299a752625bd29b2f3a4ebfe20ce191035b03a461be68bce7d80c2b9598c307aec9c940f1476d7c859dd4428e904bb4a285597ff3fee51df09d48bff898c63f96ddd564a3700246ac93e23e2eadacbfb568b235cc2a20e92fee56d22b74bbc9e5e39ed5afa713ec9ddfa74f85d5c7d32a4ae8c37293663dab04fae5b360e579f64db3402a71cb92c4c0486289a368d8e49baf1ab7531961222608988d0ceade6f45381ca9b0171a00207752fbef623b676cac1b7de6348cb8787574f34ec736e1ec92fa349a91f1ac97bb6163683044d634b92a1a80390a4ce708d5e0914930c77fa87522d728ec5a6b8af263464bf25f086f6e496f86cf1219450f9f31c200d799e9aa27da80841d2cf82fe2d35989f891be85f07b600105c0d126a4f770f8fb4ff606f9a0eacf4e31ce95256d36f42cf53165974fbb07ca5604f5e574ba9abfee0ba379fd33c58e434e21613333c89ff0603737a79768e0c555127f6e9313751dc5b7371a4b16376ecd0a72ae65b89a29d53647460708ecaa3932fa285474d01bbc5ecfb9ff69f03a7c4e451193587241403e8aa2a127922ff96ada09c0fb6505ec09434b7174b84e5fe70cac2345de5516436a6ab24394b708eabc3e096626cb5a1eeffbe3b66d27be62f0ff71fb0ca16749d3b0b06c929c4c45ace2bbe3fb028494eb0d0fbe0a0b39a51b8ab53d34d9a754000323705354457983dae2e0e732c69ac714c1fee9c32b1ff725fdc3ed17a1d11ffffcedea0392fb674159b7995763208d687ab22ac89b7c10365414401c683b9523124c23d937dba860dcc24eeb0b931c1c368ebc958b484c01248ca1fd8812e368e56df1fcdd6cfa9fea86624742c2930a32c6932f75371f510fa66e88b22775afc722fe339a52a345a61482636ac67da4b29c96c0ecb7d345ecf6fa298ba04db4d7fff738fa74e70b412a3657a5f3ae9cf95dcb746e180886c97664274ba823743491631f107b5bc87609297d3ab5fa7e4750134bf69ec0841133b11f8eccb256398ebb581d61d3e6697838cfe181bb9f43753ceb0ec5f905cb907f9a2d4bf8047e31d41293c6a1f65914826cf64104171d2390cab74168f6064a5d935e44810b918a676f381e6ebe6cdfb08011e67ba1f19975a564f65397863ffc52717db0b662c7a933ae8c1d69671b83e8819b12be1f6cb7aecb9b11f4632bcaae594502a2eb58a7f1a52a7a1e120c269ba7bffd63fcf29afa2cb0305419e31810cd334e031b388764561a3e904a0ae6648fbbc8506f0554ccd8bfcfda49c319b3d8f20638bc7cf2abc6c22c8de09cd505dcf5ad818a5633455a5ba81ad3e12aa69eed9b45f5da131096dd86ab9a4e8429ee82b27e9a6c0020199319c1810022fea3720c018733fa4c8ef0b71508e14f6d6e5e86b1b029b937965273674eebb988fe7c346cc6e5a52645d8cfba0130a65ba360877979367033f9a072c53c377998b050abc65ab1eaa9b5738f626c2d15a7b23e4074b20eb225d2391dd0b9798117d9e5972c0e8435b1eb11d91f7b713270f76c7ac0647cd2d2d8ba06c2969bf53b3c919e463e62c10d285f65f4d54a6e91492059d491d51bc3119c5067d1ff23d86cb7affa51d7062de593f19a0bb33a7b414aabc8b5460122e0665082a49a175ea014eedaac92de8c9871109c9c88be1556f51e4cb769127de402d3511a929a6d28b06e82ff8c5300a244eb929136286d7921e7ce0c89099847a63e864208c74641542289a198af9a82bce8cfe603639db52126be9e2e04e7045246941c030adb1dbc035ea1b752b3ac7d6dc49185435f7cad092dca826a033e5e5f99306557f203d6d4cc0aec4590af5578e8de65a4b45eaadef3167e0de148860790961d4c9474648479f37d56cf87b62f8748f23972a99584eaa13b6f4487d42794bffb1b6fbcff60e8f2488f76a98ab06fe71908fb7c30a8bb79df3d784e81556c4f22edbcd5da2bfb5f094453e1705acd47828f35bee859a193c77c7b14492b87ca0815bbe8f2011e905e79afaefdcfc7ae3872a8e9b2d2fe476431aa27aa6573c85737176a699809a56f6ac7a86e20e55d312e322d26245b858a768fc0e2990575b956e5a0c735030683fd5fa276368891386d46f209b4818ef655784a428722930fc73c9fcb59d33b80c9cba930e02730f108d7d0bb4d9da4e4fcad0f549841a5bc2bd23d07e30f07ed92f0e0c4f9f9d7c48f3674c6457f280b1c5f23c916f9e9015458365abc563700ca8cd1ffab0071e57abae2fb264493bcb4fd220b1d6e62f27b27eeddf24bc04651b51d579e28c56646cec04468ea2f727c89271c4ffca760b1c95c2807037d5488e2ebddf3b19954ca9feb164eedfa012f269cff510436c8aa591b46045825c989578cfd68a7090c790d2863c2758b63314269a5b066539363af3a87f9115108616a098daf3ace26f88037c43e39eec1328c53f8d602e471099af9dd1076228bb86c13b27ca4b8b02498304c8fea4907b6ddc60308eb12a8870d6bd0e451146d82ede95aef23bb51252e21ae18114c4e0ebdde8c81fab9cb6e31983f4e3d1a07f5aee1fae73987de29a50424c5ef980175eaa71f4b3c029f1ac09aa74fe707c7a59f0c0c890d0d5c9f19795d194a843bf7cedf2893c7038cc09876f649c7fbe660617a9fdfbef3a651e7c4f80bccde3a5990037ce0de9e2d685aa5a50073c665032bde90052e524c1500742b1b2d717b35c178e36e99cee5f93f047f90325b50d0b6dcbc7699f6603b43eea030b593951e113ba4921892246c360c895cb4be1ad9eacd1a15a77f6c8edfefe33372e08e80bffb5ee9fe6dabe3ce6a63cf8d33232513fcaec61d8563b6c873437ea44daef6cca54f3a36acce7c0d9a315b1038c2b755cb85caa713855170c04edf3bc55607ba985edeb78af2688f87c9b7bd80b705a72bff71ef3be80d8b57bc9ad3c79097b6818af05ce2deb3ca6c3937cc7385612860eda7ec647fe61cda4f28deed5d3fefe1933f1c0cd4992ee4d33044db5df7a0ffbf5fc4b81c649153b493febcf8936fb612d1857b1f889eefa7f703aa612b3a54fd76b8931d63ed10eb14288ee2b426e4e599ee2fa6944b6b2081523e3bf817c123f3e08f3990ec2a2ab423ff005e02c1fa2ae99c61982a21d0ec010bf54a2b68d9dd678ee8e33c7a65737c373aa3f1071d16bd082135eb07f6f6a0c779717c8dff008343284bdee4a941b99e6259b2134db2fce63fbcd21e87aba47dd70683ca0df6434325db94715ca6e6837a05110b8bfc2e3a77349bf8c950204426c0113847999cde7382a043c5f3968eb33369aff1f25660457307587832cd5f7ffcbb790e3fb91d1776f406fc1380d42a63272b69c8ba84fb8d41fdcea04d3c704b294ac0b6fa6d2202cadcfcf47c92da0bd62d71ba1990264dfcd091e1bdf6b2a7856aad4c595394c48cc3a5978f15105bc259a0397957bdedfe8450d22bf02471c0337df2a74abec01da8746b158e260ac73054eaf76d4fd207e263f2b01a5f61c8a291a91e8ffe495d122d9dca3b559", 0x1000}, 0x1006) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:28 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64cf005bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:28 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00fb22c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2058.135079][ T4037] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000073bfac 05:06:28 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f29bf29000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2058.308445][ T4037] memory: usage 307200kB, limit 307200kB, failcnt 12740 [ 2058.318287][ T4037] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2058.331347][ T4037] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:28 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2058.342080][ T4037] Memory cgroup stats for /syz2: cache:48KB rss:88676KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:88660KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2058.390853][ T4037] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=20933,uid=0 [ 2058.409714][ T4037] Memory cgroup out of memory: Killed process 20933 (syz-executor.2) total-vm:72448kB, anon-rss:2172kB, file-rss:34816kB, shmem-rss:0kB [ 2058.429029][ T1044] oom_reaper: reaped process 20933 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2058.431663][ T4039] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2058.498799][ T4039] CPU: 0 PID: 4039 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2058.506835][ T4039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2058.516904][ T4039] Call Trace: [ 2058.520214][ T4039] dump_stack+0x172/0x1f0 [ 2058.524557][ T4039] dump_header+0x10f/0xb6c [ 2058.528982][ T4039] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2058.534810][ T4039] ? ___ratelimit+0x60/0x595 [ 2058.539415][ T4039] ? do_raw_spin_unlock+0x57/0x270 [ 2058.544540][ T4039] oom_kill_process.cold+0x10/0x15 [ 2058.549725][ T4039] out_of_memory+0x79a/0x1280 [ 2058.554423][ T4039] ? oom_killer_disable+0x280/0x280 [ 2058.559632][ T4039] ? find_held_lock+0x35/0x130 [ 2058.564418][ T4039] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2058.569977][ T4039] ? memcg_event_wake+0x230/0x230 [ 2058.575026][ T4039] ? do_raw_spin_unlock+0x57/0x270 [ 2058.580152][ T4039] ? _raw_spin_unlock+0x2d/0x50 [ 2058.585015][ T4039] try_charge+0x102c/0x15c0 [ 2058.589527][ T4039] ? find_held_lock+0x35/0x130 [ 2058.594318][ T4039] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2058.599896][ T4039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2058.606157][ T4039] ? kasan_check_read+0x11/0x20 [ 2058.611019][ T4039] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2058.616579][ T4039] mem_cgroup_try_charge+0x24d/0x5e0 [ 2058.621880][ T4039] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2058.627524][ T4039] wp_page_copy+0x408/0x1740 [ 2058.632140][ T4039] ? find_held_lock+0x35/0x130 [ 2058.636935][ T4039] ? pmd_pfn+0x1d0/0x1d0 [ 2058.641194][ T4039] ? lock_downgrade+0x880/0x880 [ 2058.646078][ T4039] ? swp_swapcount+0x540/0x540 [ 2058.650855][ T4039] ? kasan_check_read+0x11/0x20 [ 2058.655722][ T4039] ? do_raw_spin_unlock+0x57/0x270 [ 2058.660850][ T4039] do_wp_page+0x48e/0x1500 [ 2058.665281][ T4039] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2058.670687][ T4039] __handle_mm_fault+0x22e8/0x3ec0 [ 2058.675830][ T4039] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2058.681414][ T4039] ? find_held_lock+0x35/0x130 [ 2058.686192][ T4039] ? handle_mm_fault+0x322/0xb30 [ 2058.691152][ T4039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2058.697412][ T4039] ? kasan_check_read+0x11/0x20 [ 2058.702283][ T4039] handle_mm_fault+0x43f/0xb30 [ 2058.707064][ T4039] __do_page_fault+0x5ef/0xda0 [ 2058.711852][ T4039] do_page_fault+0x71/0x581 [ 2058.716390][ T4039] ? page_fault+0x8/0x30 [ 2058.720655][ T4039] page_fault+0x1e/0x30 [ 2058.724899][ T4039] RIP: 0033:0x4573fb [ 2058.728802][ T4039] Code: 25 20 06 00 00 b8 20 39 41 00 48 89 15 ce f3 5f 00 48 85 c0 74 08 4c 89 cf e8 31 c5 fb ff 45 85 f6 0f 85 58 01 00 00 48 85 db <48> c7 05 8a cb 2b 00 00 00 00 00 48 c7 05 6f cb 2b 00 00 00 00 00 [ 2058.748410][ T4039] RSP: 002b:0000000000a4fd30 EFLAGS: 00010206 [ 2058.754482][ T4039] RAX: 0000000000000000 RBX: 0000000000a4fd30 RCX: 0000000000413933 [ 2058.762464][ T4039] RDX: 00000450d7e0d0e5 RSI: 0000000000000018 RDI: 000000000263ec20 [ 2058.770879][ T4039] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2058.778854][ T4039] R10: 000000000263ec10 R11: 0000000000000202 R12: 0000000000000001 [ 2058.786831][ T4039] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:06:28 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf02000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2058.837928][ T4039] memory: usage 307200kB, limit 307200kB, failcnt 3355 [ 2058.859633][ T4039] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2058.917589][ T4039] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2058.951527][ T4039] Memory cgroup stats for /syz5: cache:52KB rss:202444KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202560KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2059.073763][ T4039] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=3591,uid=0 [ 2059.108207][ T4039] Memory cgroup out of memory: Killed process 3591 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 2059.178712][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2059.197074][ T7890] CPU: 1 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2059.205083][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2059.215155][ T7890] Call Trace: [ 2059.218465][ T7890] dump_stack+0x172/0x1f0 [ 2059.222807][ T7890] dump_header+0x10f/0xb6c [ 2059.227211][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2059.233001][ T7890] ? ___ratelimit+0x60/0x595 [ 2059.237575][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2059.242683][ T7890] oom_kill_process.cold+0x10/0x15 [ 2059.247906][ T7890] out_of_memory+0x79a/0x1280 [ 2059.252591][ T7890] ? oom_killer_disable+0x280/0x280 [ 2059.257782][ T7890] ? find_held_lock+0x35/0x130 [ 2059.262549][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2059.268078][ T7890] ? memcg_event_wake+0x230/0x230 [ 2059.273092][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2059.278191][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2059.283028][ T7890] try_charge+0xa87/0x15c0 [ 2059.287429][ T7890] ? find_held_lock+0x35/0x130 [ 2059.292183][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2059.297713][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2059.303941][ T7890] ? kasan_check_read+0x11/0x20 [ 2059.308786][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2059.314318][ T7890] mem_cgroup_try_charge+0x24d/0x5e0 [ 2059.319597][ T7890] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2059.325218][ T7890] wp_page_copy+0x408/0x1740 [ 2059.329798][ T7890] ? find_held_lock+0x35/0x130 [ 2059.334561][ T7890] ? pmd_pfn+0x1d0/0x1d0 [ 2059.338790][ T7890] ? lock_downgrade+0x880/0x880 [ 2059.343632][ T7890] ? swp_swapcount+0x540/0x540 [ 2059.348387][ T7890] ? kasan_check_read+0x11/0x20 [ 2059.353225][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2059.358323][ T7890] do_wp_page+0x48e/0x1500 [ 2059.362736][ T7890] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2059.368124][ T7890] __handle_mm_fault+0x22e8/0x3ec0 [ 2059.373222][ T7890] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2059.378751][ T7890] ? find_held_lock+0x35/0x130 [ 2059.383498][ T7890] ? handle_mm_fault+0x322/0xb30 [ 2059.388427][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2059.394667][ T7890] ? kasan_check_read+0x11/0x20 [ 2059.399502][ T7890] handle_mm_fault+0x43f/0xb30 [ 2059.404249][ T7890] __do_page_fault+0x5ef/0xda0 [ 2059.409003][ T7890] do_page_fault+0x71/0x581 [ 2059.413485][ T7890] ? page_fault+0x8/0x30 [ 2059.417709][ T7890] page_fault+0x1e/0x30 [ 2059.421846][ T7890] RIP: 0033:0x4574da [ 2059.425725][ T7890] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 2059.445332][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00010246 [ 2059.451398][ T7890] RAX: 0000000000000000 RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2059.459356][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 2059.467322][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2059.475283][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 00000000000000ca [ 2059.483239][ T7890] R13: 0000000000002423 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2059.493171][ T7890] memory: usage 307072kB, limit 307200kB, failcnt 3356 [ 2059.500203][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2059.507847][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2059.514962][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:202576KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202528KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2059.537613][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19896,uid=0 [ 2059.553038][ T7890] Memory cgroup out of memory: Killed process 19896 (syz-executor.5) total-vm:72844kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB 05:06:29 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfffffffb0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:29 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x40100, 0x0) setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000180)=0x80000000, 0x4) 05:06:29 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf03000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2059.570279][ T1044] oom_reaper: reaped process 19896 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:06:29 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000223c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:29 executing program 0: syz_execute_func(&(0x7f00000001c0)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efafc422e9900c13440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x20000) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000180)=0x2) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000040)={0x4, 0x2, 0x9}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x0, 0x0, 0x4}}, 0x20) io_uring_enter(r0, 0x6, 0x564, 0x3, &(0x7f00000000c0)={0xffba}, 0x8) 05:06:29 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000480)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x1) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f00000003c0), &(0x7f0000000400)=0x40) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) 05:06:29 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000580000383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec4417d70fe20c3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0c421fd2817ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_GET_NR_MMU_PAGES(r0, 0xae45, 0x7fff) 05:06:29 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70dbfffffffe0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00003fc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000380)={0x100000000, 0x9, 0x6, 0x1ff, 0x3f}) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x40, 0x0) write$FUSE_IOCTL(r1, &(0x7f0000000180)={0x20, 0x0, 0xffffffffffffffff, {0x0, 0x0, 0x0, 0x10000000000}}, 0x20) dup(r0) syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00') getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000001c0)={{{@in=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@multicast1}}, &(0x7f00000002c0)=0xe8) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f00000003c0)={'hwsim0\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}) bind$xdp(r1, &(0x7f0000000300)={0x2c, 0x4, r2, 0x28, r1}, 0x10) ioctl$BLKRESETZONE(r1, 0x40101283, &(0x7f0000000400)={0x7fffffff, 0x20}) 05:06:30 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf05000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/snmp\x00') setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f00000002c0)=0x100000001, 0x4) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20}, 0x20) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x0, 0x0) symlink(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='./file0\x00') ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000001c0)={0x6, &(0x7f0000000180)=[{}, {}, {}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc010641d, &(0x7f0000000240)={r2, &(0x7f0000000200)=""/13}) 05:06:30 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x4000, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000180)={0x1, [0x0]}, &(0x7f00000001c0)=0x8) 05:06:30 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000040c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00000fff0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf06000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:30 executing program 3: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) socket$inet6(0xa, 0x800, 0x4) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) getpeername$netlink(r0, &(0x7f00000001c0), &(0x7f00000003c0)=0xc) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000400)='/dev/vsock\x00', 0x103, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2060.574572][ T7879] syz-executor.2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2060.625461][ T7879] CPU: 0 PID: 7879 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2060.633496][ T7879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2060.643592][ T7879] Call Trace: [ 2060.646905][ T7879] dump_stack+0x172/0x1f0 [ 2060.651250][ T7879] dump_header+0x10f/0xb6c [ 2060.655676][ T7879] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2060.661500][ T7879] ? ___ratelimit+0x60/0x595 [ 2060.666264][ T7879] ? do_raw_spin_unlock+0x57/0x270 [ 2060.666298][ T7879] oom_kill_process.cold+0x10/0x15 [ 2060.666315][ T7879] out_of_memory+0x79a/0x1280 [ 2060.666331][ T7879] ? lock_downgrade+0x880/0x880 [ 2060.666354][ T7879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2060.666376][ T7879] ? oom_killer_disable+0x280/0x280 [ 2060.666388][ T7879] ? find_held_lock+0x35/0x130 [ 2060.666423][ T7879] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2060.707860][ T7879] ? memcg_event_wake+0x230/0x230 [ 2060.712918][ T7879] ? do_raw_spin_unlock+0x57/0x270 [ 2060.718142][ T7879] ? _raw_spin_unlock+0x2d/0x50 [ 2060.723022][ T7879] try_charge+0x102c/0x15c0 [ 2060.727537][ T7879] ? find_held_lock+0x35/0x130 [ 2060.732351][ T7879] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2060.737933][ T7879] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2060.743509][ T7879] ? find_held_lock+0x35/0x130 [ 2060.748303][ T7879] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2060.753890][ T7879] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2060.759458][ T7879] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2060.764693][ T7879] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2060.770811][ T7879] __memcg_kmem_charge+0x136/0x300 05:06:30 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000d46c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2060.775943][ T7879] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2060.781370][ T7879] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2060.787129][ T7879] ? copy_page_range+0x125a/0x1f90 [ 2060.792253][ T7879] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2060.798519][ T7879] alloc_pages_current+0x107/0x210 [ 2060.803648][ T7879] pte_alloc_one+0x1b/0x1a0 [ 2060.808162][ T7879] __pte_alloc+0x20/0x310 [ 2060.812512][ T7879] copy_page_range+0x1529/0x1f90 [ 2060.817462][ T7879] ? find_held_lock+0x35/0x130 [ 2060.822240][ T7879] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2060.828521][ T7879] ? pmd_alloc+0x180/0x180 [ 2060.832951][ T7879] ? __rb_insert_augmented+0x231/0xdf0 [ 2060.838422][ T7879] ? validate_mm_rb+0xa3/0xc0 [ 2060.843129][ T7879] ? __vma_link_rb+0x279/0x370 [ 2060.847901][ T7879] copy_process.part.0+0x568b/0x7980 [ 2060.853243][ T7879] ? __cleanup_sighand+0x60/0x60 [ 2060.858211][ T7879] _do_fork+0x257/0xfd0 [ 2060.862397][ T7879] ? fork_idle+0x1d0/0x1d0 [ 2060.866845][ T7879] ? trace_hardirqs_on_thunk+0x1a/0x1c 05:06:30 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a00004cc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2060.872315][ T7879] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2060.877811][ T7879] ? do_syscall_64+0x26/0x610 [ 2060.882524][ T7879] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2060.888620][ T7879] ? do_syscall_64+0x26/0x610 [ 2060.893359][ T7879] __x64_sys_clone+0xbf/0x150 [ 2060.898075][ T7879] do_syscall_64+0x103/0x610 [ 2060.902700][ T7879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2060.908615][ T7879] RIP: 0033:0x45737a [ 2060.912531][ T7879] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2060.932157][ T7879] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2060.940601][ T7879] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2060.948598][ T7879] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2060.956598][ T7879] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 0000000001dff940 [ 2060.964583][ T7879] R10: 0000000001dffc10 R11: 0000000000000246 R12: 0000000000000001 05:06:30 executing program 0: syz_execute_func(&(0x7f0000000140)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c000000430f0144d10100000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddeac462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2060.972586][ T7879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 05:06:30 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf07000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2061.004376][ T7879] memory: usage 307200kB, limit 307200kB, failcnt 12776 [ 2061.020672][ T7879] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2061.049407][ T7879] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2061.100375][ T7879] Memory cgroup stats for /syz2: cache:48KB rss:88500KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:88644KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:31 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000060ff0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:31 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf08000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2061.231775][ T7879] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=4614,uid=0 05:06:31 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x2, 0x0) write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20, 0x0, 0x0, {0x0, 0x4}}, 0x20) r1 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0xfffffffffffff793, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000180)=[0x5]) [ 2061.412359][ T7879] Memory cgroup out of memory: Killed process 4614 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB [ 2061.482297][ T7877] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2061.521917][ T7877] CPU: 1 PID: 7877 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2061.529951][ T7877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2061.540024][ T7877] Call Trace: [ 2061.543336][ T7877] dump_stack+0x172/0x1f0 [ 2061.547707][ T7877] dump_header+0x10f/0xb6c [ 2061.552145][ T7877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2061.557964][ T7877] ? ___ratelimit+0x60/0x595 [ 2061.562607][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2061.567765][ T7877] oom_kill_process.cold+0x10/0x15 [ 2061.572902][ T7877] out_of_memory+0x79a/0x1280 [ 2061.577601][ T7877] ? oom_killer_disable+0x280/0x280 [ 2061.584551][ T7877] ? find_held_lock+0x35/0x130 [ 2061.589463][ T7877] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2061.595024][ T7877] ? memcg_event_wake+0x230/0x230 [ 2061.600075][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2061.605214][ T7877] ? _raw_spin_unlock+0x2d/0x50 [ 2061.610099][ T7877] try_charge+0x102c/0x15c0 [ 2061.614634][ T7877] ? find_held_lock+0x35/0x130 [ 2061.619444][ T7877] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2061.625026][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2061.630606][ T7877] ? find_held_lock+0x35/0x130 [ 2061.636157][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2061.641745][ T7877] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2061.647318][ T7877] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2061.652550][ T7877] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2061.658118][ T7877] __memcg_kmem_charge+0x136/0x300 [ 2061.663248][ T7877] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2061.668627][ T7877] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2061.668650][ T7877] ? copy_page_range+0x125a/0x1f90 [ 2061.668667][ T7877] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2061.668684][ T7877] alloc_pages_current+0x107/0x210 [ 2061.668702][ T7877] pte_alloc_one+0x1b/0x1a0 [ 2061.668718][ T7877] __pte_alloc+0x20/0x310 [ 2061.668741][ T7877] copy_page_range+0x1529/0x1f90 [ 2061.704842][ T7877] ? find_held_lock+0x35/0x130 [ 2061.709627][ T7877] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2061.715900][ T7877] ? pmd_alloc+0x180/0x180 [ 2061.720320][ T7877] ? __rb_insert_augmented+0x231/0xdf0 [ 2061.725793][ T7877] ? validate_mm_rb+0xa3/0xc0 [ 2061.730488][ T7877] ? __vma_link_rb+0x279/0x370 [ 2061.735266][ T7877] copy_process.part.0+0x568b/0x7980 [ 2061.740772][ T7877] ? __cleanup_sighand+0x60/0x60 [ 2061.745748][ T7877] _do_fork+0x257/0xfd0 [ 2061.749919][ T7877] ? fork_idle+0x1d0/0x1d0 [ 2061.754335][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2061.759797][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2061.765272][ T7877] ? do_syscall_64+0x26/0x610 [ 2061.769966][ T7877] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2061.776130][ T7877] ? do_syscall_64+0x26/0x610 [ 2061.780826][ T7877] __x64_sys_clone+0xbf/0x150 [ 2061.785513][ T7877] do_syscall_64+0x103/0x610 [ 2061.790098][ T7877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2061.795979][ T7877] RIP: 0033:0x45737a [ 2061.799877][ T7877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2061.819478][ T7877] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2061.827897][ T7877] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2061.835869][ T7877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2061.843850][ T7877] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 0000000001a53940 [ 2061.851824][ T7877] R10: 0000000001a53c10 R11: 0000000000000246 R12: 0000000000000001 [ 2061.859804][ T7877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2061.875196][ T7877] memory: usage 307200kB, limit 307200kB, failcnt 9507 [ 2061.882731][ T7877] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2061.891312][ T7877] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2061.899031][ T7877] Memory cgroup stats for /syz1: cache:108KB rss:127564KB rss_huge:61440KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:121392KB inactive_file:0KB active_file:0KB unevictable:4KB 05:06:31 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0420f381c4900ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:31 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db00ffffff0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:31 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf09000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:31 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r0 = socket$bt_cmtp(0x1f, 0x3, 0x5) recvmmsg(r0, &(0x7f0000008500)=[{{&(0x7f0000000140)=@alg, 0x80, &(0x7f0000001800)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/253, 0xfd}, {&(0x7f00000012c0)=""/42, 0x2a}, {&(0x7f0000001300)=""/136, 0x88}, {&(0x7f00000013c0)=""/245, 0xf5}, {&(0x7f00000014c0)=""/217, 0xd9}, {&(0x7f00000015c0)=""/213, 0xd5}, {&(0x7f00000016c0)=""/57, 0x39}, {&(0x7f0000001700)=""/70, 0x46}, {&(0x7f0000001780)=""/118, 0x76}], 0xa, &(0x7f00000018c0)=""/14, 0xe}, 0x9}, {{&(0x7f0000001900)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, &(0x7f0000001a00)=[{&(0x7f0000001980)=""/75, 0x4b}], 0x1}, 0x8097}, {{&(0x7f0000001a40)=@isdn, 0x80, &(0x7f0000002dc0)=[{&(0x7f0000001ac0)=""/144, 0x90}, {&(0x7f0000001b80)=""/103, 0x67}, {&(0x7f0000001c00)=""/4096, 0x1000}, {&(0x7f0000002c00)=""/139, 0x8b}, {&(0x7f0000002cc0)=""/60, 0x3c}, {&(0x7f0000002d00)=""/45, 0x2d}, {&(0x7f0000002d40)=""/89, 0x59}], 0x7}, 0x6}, {{&(0x7f0000002e40)=@generic, 0x80, &(0x7f0000003040)=[{&(0x7f0000002ec0)=""/175, 0xaf}, {&(0x7f0000002f80)=""/168, 0xa8}], 0x2, &(0x7f0000003080)=""/129, 0x81}, 0x6}, {{&(0x7f0000003140)=@un=@abs, 0x80, &(0x7f00000054c0)=[{&(0x7f00000031c0)=""/59, 0x3b}, {&(0x7f0000003200)=""/10, 0xa}, {&(0x7f0000003240)=""/113, 0x71}, {&(0x7f00000032c0)=""/4096, 0x1000}, {&(0x7f00000042c0)=""/242, 0xf2}, {&(0x7f00000043c0)=""/4096, 0x1000}, {&(0x7f00000053c0)=""/239, 0xef}], 0x7, &(0x7f0000005540)=""/4096, 0x1000}, 0x4}, {{&(0x7f0000006540)=@generic, 0x80, &(0x7f0000006a40)=[{&(0x7f00000065c0)=""/160, 0xa0}, {&(0x7f0000006680)=""/92, 0x5c}, {&(0x7f0000006700)=""/121, 0x79}, {&(0x7f0000006780)=""/207, 0xcf}, {&(0x7f0000006880)=""/200, 0xc8}, {&(0x7f0000006980)=""/175, 0xaf}], 0x6, &(0x7f0000006ac0)=""/245, 0xf5}, 0x80000000}, {{&(0x7f0000006bc0)=@hci, 0x80, &(0x7f0000006d40)=[{&(0x7f0000006c40)=""/229, 0xe5}], 0x1}, 0x80d}, {{0x0, 0x0, &(0x7f0000007000)=[{&(0x7f0000006d80)=""/34, 0x22}, {&(0x7f0000006dc0)=""/127, 0x7f}, {&(0x7f0000006e40)=""/173, 0xad}, {&(0x7f0000006f00)=""/215, 0xd7}], 0x4, &(0x7f0000007040)}, 0x7}, {{&(0x7f0000007080)=@pptp={0x18, 0x2, {0x0, @multicast2}}, 0x80, &(0x7f00000083c0)=[{&(0x7f0000007100)=""/8, 0x8}, {&(0x7f0000007140)=""/104, 0x68}, {&(0x7f00000071c0)=""/183, 0xb7}, {&(0x7f0000007280)=""/126, 0x7e}, {&(0x7f0000007300)=""/180, 0xb4}, {&(0x7f00000073c0)=""/4096, 0x1000}], 0x6, &(0x7f0000008440)=""/130, 0x82}, 0x2}], 0x9, 0x40010000, &(0x7f0000008740)={0x0, 0x1c9c380}) [ 2061.922079][ T7877] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=4058,uid=0 [ 2061.938107][ T7877] Memory cgroup out of memory: Killed process 4058 (syz-executor.1) total-vm:72580kB, anon-rss:2216kB, file-rss:35796kB, shmem-rss:0kB [ 2061.956017][ T1044] oom_reaper: reaped process 4058 (syz-executor.1), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 2061.966510][ T4906] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 05:06:31 executing program 3: r0 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r1, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00', 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) write$FUSE_BMAP(r1, &(0x7f0000000680)={0x18, 0x0, 0x8, {0x9}}, 0x18) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f00000002c0)={0x3, 0x800}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x400001}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x6c, r0, 0xb02, 0x70bd25, 0x25dfdbfd, {}, [{{0x8, 0x1, r2}, {0x44, 0x2, [{0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0xffffffffffffffc1}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x10}, 0x48c0) sendmsg$tipc(r1, &(0x7f0000000580)={&(0x7f00000003c0)=@nameseq={0x1e, 0x1, 0x3, {0x43, 0x3, 0x4}}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000500)="3b7511c05b3b5714aebc64d913a489fa55e5bff41de3b9cc0a45f1b75ed03ba104174ba60a5892f9491368655cce1991355ea8dcb6305b776e91c6df67b9a4762da06aff0f688025", 0x48}, {&(0x7f0000000600)="dcc588fc6589c8bcaa9044b5384726506e0ed4e9c6355632b11c656b56f85f550881b393867023129c7f5c13b64a50a1dec28c5293b49e23730041746befb761cd98c463577ad542678cc1189767fb896edfa6c4fc4595f240a5d07118e9eaa91e5654c206f5", 0x66}], 0x2}, 0x800) ioctl$sock_SIOCADDDLCI(r3, 0x8980, &(0x7f0000000180)={'bridge_slave_1\x00', 0x7}) socket$nl_route(0x10, 0x3, 0x0) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r4 = accept$alg(r3, 0x0, 0x0) r5 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r4, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) fstatfs(r5, &(0x7f0000000480)=""/128) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2062.039484][ T4906] CPU: 0 PID: 4906 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2062.047534][ T4906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2062.057635][ T4906] Call Trace: [ 2062.060954][ T4906] dump_stack+0x172/0x1f0 [ 2062.065301][ T4906] dump_header+0x10f/0xb6c [ 2062.069754][ T4906] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2062.075592][ T4906] ? ___ratelimit+0x60/0x595 [ 2062.080209][ T4906] ? do_raw_spin_unlock+0x57/0x270 [ 2062.085360][ T4906] oom_kill_process.cold+0x10/0x15 [ 2062.090499][ T4906] out_of_memory+0x79a/0x1280 [ 2062.095193][ T4906] ? oom_killer_disable+0x280/0x280 [ 2062.100414][ T4906] ? find_held_lock+0x35/0x130 [ 2062.105230][ T4906] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2062.110902][ T4906] ? memcg_event_wake+0x230/0x230 [ 2062.116013][ T4906] ? do_raw_spin_unlock+0x57/0x270 [ 2062.121174][ T4906] ? _raw_spin_unlock+0x2d/0x50 [ 2062.126034][ T4906] try_charge+0x102c/0x15c0 [ 2062.130537][ T4906] ? find_held_lock+0x35/0x130 [ 2062.135317][ T4906] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2062.140882][ T4906] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2062.146433][ T4906] ? find_held_lock+0x35/0x130 [ 2062.151192][ T4906] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2062.156734][ T4906] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2062.162307][ T4906] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2062.167510][ T4906] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2062.173066][ T4906] __memcg_kmem_charge+0x136/0x300 [ 2062.178177][ T4906] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2062.183537][ T4906] ? find_held_lock+0x35/0x130 [ 2062.188294][ T4906] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2062.194011][ T4906] ? sched_clock+0x2e/0x50 [ 2062.198431][ T4906] ? find_held_lock+0x35/0x130 [ 2062.203183][ T4906] ? psi_memstall_leave+0x12e/0x180 [ 2062.208391][ T4906] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2062.214628][ T4906] alloc_pages_current+0x107/0x210 [ 2062.219750][ T4906] pte_alloc_one+0x1b/0x1a0 [ 2062.224243][ T4906] __handle_mm_fault+0x3491/0x3ec0 [ 2062.229374][ T4906] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2062.234931][ T4906] ? find_held_lock+0x35/0x130 [ 2062.239699][ T4906] ? handle_mm_fault+0x322/0xb30 [ 2062.244634][ T4906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2062.250886][ T4906] ? kasan_check_read+0x11/0x20 [ 2062.255772][ T4906] handle_mm_fault+0x43f/0xb30 [ 2062.260573][ T4906] __do_page_fault+0x5ef/0xda0 [ 2062.265357][ T4906] do_page_fault+0x71/0x581 [ 2062.269857][ T4906] ? page_fault+0x8/0x30 [ 2062.274107][ T4906] page_fault+0x1e/0x30 [ 2062.278282][ T4906] RIP: 0033:0x402170 [ 2062.282185][ T4906] Code: Bad RIP value. 05:06:32 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/pfkey\x00', 0x401, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000480)={0xa30000, 0x9, 0x0, [], &(0x7f0000000400)={0xbb0937, 0x2c08, [], @value64=0x3}}) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r1, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r2, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r3 = accept$alg(r2, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r3, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2062.286249][ T4906] RSP: 002b:00007fec78bdf638 EFLAGS: 00010206 [ 2062.292481][ T4906] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 000000002000000a [ 2062.300459][ T4906] RDX: 00007fec78bdf640 RSI: 00007fec78bdf770 RDI: 000000000000000b [ 2062.308450][ T4906] RBP: 0000000000000032 R08: 0000000000000005 R09: 0000000000000006 [ 2062.316435][ T4906] R10: 0000000000000007 R11: 0000000000000206 R12: 000000000000000b [ 2062.324411][ T4906] R13: 000000000000000c R14: 000000000000000d R15: 00000000ffffffff [ 2062.354057][ T4906] memory: usage 307176kB, limit 307200kB, failcnt 3413 [ 2062.361015][ T4906] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.403234][ T4906] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.421391][ T4906] Memory cgroup stats for /syz5: cache:52KB rss:202476KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202516KB inactive_file:0KB active_file:0KB unevictable:0KB [ 2062.479836][ T4906] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=4869,uid=0 [ 2062.498313][ T4906] Memory cgroup out of memory: Killed process 4869 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB [ 2062.541606][ T7877] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2062.555942][ T7877] CPU: 0 PID: 7877 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2062.563957][ T7877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2062.574332][ T7877] Call Trace: [ 2062.577668][ T7877] dump_stack+0x172/0x1f0 [ 2062.582018][ T7877] dump_header+0x10f/0xb6c [ 2062.586439][ T7877] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2062.592237][ T7877] ? ___ratelimit+0x60/0x595 [ 2062.596826][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2062.601958][ T7877] oom_kill_process.cold+0x10/0x15 [ 2062.607085][ T7877] out_of_memory+0x79a/0x1280 [ 2062.611757][ T7877] ? oom_killer_disable+0x280/0x280 [ 2062.616972][ T7877] ? find_held_lock+0x35/0x130 [ 2062.621739][ T7877] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2062.627267][ T7877] ? memcg_event_wake+0x230/0x230 [ 2062.632281][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2062.637399][ T7877] ? _raw_spin_unlock+0x2d/0x50 [ 2062.642268][ T7877] try_charge+0x102c/0x15c0 [ 2062.646777][ T7877] ? find_held_lock+0x35/0x130 [ 2062.651548][ T7877] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2062.657107][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2062.662775][ T7877] ? find_held_lock+0x35/0x130 [ 2062.667529][ T7877] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2062.673066][ T7877] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2062.678621][ T7877] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2062.683826][ T7877] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2062.689378][ T7877] __memcg_kmem_charge+0x136/0x300 [ 2062.694508][ T7877] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2062.699901][ T7877] ? __pud_alloc+0x1d3/0x250 [ 2062.704492][ T7877] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2062.710192][ T7877] ? __pud_alloc+0x1d3/0x250 [ 2062.714917][ T7877] ? lock_downgrade+0x880/0x880 [ 2062.719787][ T7877] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2062.726042][ T7877] alloc_pages_current+0x107/0x210 [ 2062.731172][ T7877] ? do_raw_spin_unlock+0x57/0x270 [ 2062.736299][ T7877] __pmd_alloc+0x41/0x460 [ 2062.740651][ T7877] ? pmd_val+0x100/0x100 [ 2062.744886][ T7877] pmd_alloc+0x10c/0x180 [ 2062.749124][ T7877] copy_page_range+0x62e/0x1f90 [ 2062.754006][ T7877] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2062.759751][ T7877] ? vma_compute_subtree_gap+0x158/0x230 [ 2062.766322][ T7877] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2062.771912][ T7877] ? pmd_alloc+0x180/0x180 [ 2062.776432][ T7877] ? validate_mm_rb+0xa3/0xc0 [ 2062.781130][ T7877] ? __vma_link_rb+0x279/0x370 [ 2062.785913][ T7877] copy_process.part.0+0x568b/0x7980 [ 2062.791225][ T7877] ? __cleanup_sighand+0x60/0x60 [ 2062.796188][ T7877] _do_fork+0x257/0xfd0 [ 2062.800360][ T7877] ? fork_idle+0x1d0/0x1d0 [ 2062.804794][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2062.810237][ T7877] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2062.815692][ T7877] ? do_syscall_64+0x26/0x610 [ 2062.820387][ T7877] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2062.826445][ T7877] ? do_syscall_64+0x26/0x610 [ 2062.831151][ T7877] __x64_sys_clone+0xbf/0x150 [ 2062.835849][ T7877] do_syscall_64+0x103/0x610 [ 2062.840468][ T7877] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2062.846373][ T7877] RIP: 0033:0x45737a [ 2062.850258][ T7877] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2062.869856][ T7877] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2062.878268][ T7877] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2062.886243][ T7877] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2062.894213][ T7877] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 0000000001a53940 [ 2062.902191][ T7877] R10: 0000000001a53c10 R11: 0000000000000246 R12: 0000000000000001 [ 2062.910152][ T7877] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2062.922647][ T7877] memory: usage 307028kB, limit 307200kB, failcnt 9531 [ 2062.929652][ T7877] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.953038][ T7877] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2062.960520][ T7877] Memory cgroup stats for /syz1: cache:108KB rss:127564KB rss_huge:61440KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:121356KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2062.983687][ T7877] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=4141,uid=0 [ 2062.999320][ T7877] Memory cgroup out of memory: Killed process 4141 (syz-executor.1) total-vm:72580kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 2063.016121][ T1044] oom_reaper: reaped process 4141 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2063.031056][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 2063.046091][ T7890] CPU: 1 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2063.054275][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2063.064358][ T7890] Call Trace: [ 2063.067764][ T7890] dump_stack+0x172/0x1f0 [ 2063.072130][ T7890] dump_header+0x10f/0xb6c [ 2063.076579][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2063.082434][ T7890] ? ___ratelimit+0x60/0x595 [ 2063.087047][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2063.092178][ T7890] oom_kill_process.cold+0x10/0x15 [ 2063.097317][ T7890] out_of_memory+0x79a/0x1280 [ 2063.102046][ T7890] ? oom_killer_disable+0x280/0x280 [ 2063.107261][ T7890] ? find_held_lock+0x35/0x130 [ 2063.112050][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2063.117694][ T7890] ? memcg_event_wake+0x230/0x230 [ 2063.122747][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2063.127934][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2063.132788][ T7890] try_charge+0xa87/0x15c0 [ 2063.137216][ T7890] ? find_held_lock+0x35/0x130 [ 2063.142005][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2063.147568][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2063.153835][ T7890] ? kasan_check_read+0x11/0x20 [ 2063.158730][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2063.164297][ T7890] mem_cgroup_try_charge+0x24d/0x5e0 [ 2063.169597][ T7890] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2063.175256][ T7890] wp_page_copy+0x408/0x1740 [ 2063.179883][ T7890] ? find_held_lock+0x35/0x130 [ 2063.184669][ T7890] ? pmd_pfn+0x1d0/0x1d0 [ 2063.188925][ T7890] ? lock_downgrade+0x880/0x880 [ 2063.193779][ T7890] ? swp_swapcount+0x540/0x540 [ 2063.198554][ T7890] ? kasan_check_read+0x11/0x20 [ 2063.203413][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2063.208589][ T7890] do_wp_page+0x48e/0x1500 [ 2063.213012][ T7890] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2063.218444][ T7890] __handle_mm_fault+0x22e8/0x3ec0 [ 2063.223605][ T7890] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2063.229175][ T7890] ? find_held_lock+0x35/0x130 [ 2063.233945][ T7890] ? handle_mm_fault+0x322/0xb30 [ 2063.238905][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2063.245165][ T7890] ? kasan_check_read+0x11/0x20 [ 2063.250045][ T7890] handle_mm_fault+0x43f/0xb30 [ 2063.254837][ T7890] __do_page_fault+0x5ef/0xda0 [ 2063.259632][ T7890] do_page_fault+0x71/0x581 [ 2063.264150][ T7890] page_fault+0x1e/0x30 [ 2063.268355][ T7890] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 2063.274708][ T7890] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 2063.294332][ T7890] RSP: 0018:ffff88805e5a7af8 EFLAGS: 00010202 [ 2063.300526][ T7890] RAX: ffffed10142fbe07 RBX: 0000000000000038 RCX: 0000000000000007 [ 2063.308525][ T7890] RDX: 0000000000000000 RSI: ffff8880a17df000 RDI: 0000000000738020 [ 2063.316557][ T7890] RBP: ffff88805e5a7b30 R08: badc0ffeebadface R09: ffffed10142fbe07 [ 2063.324551][ T7890] R10: ffffed10142fbe06 R11: ffff8880a17df037 R12: 0000000000738020 [ 2063.332535][ T7890] R13: ffff8880a17df000 R14: 0000000000738058 R15: 00007ffffffff000 [ 2063.340562][ T7890] ? copyout+0xe2/0x100 [ 2063.344755][ T7890] copy_page_to_iter+0x3b6/0xd60 [ 2063.349719][ T7890] pipe_read+0x285/0x940 [ 2063.353976][ T7890] ? aa_path_link+0x460/0x460 [ 2063.358673][ T7890] new_sync_read+0x4c4/0x740 [ 2063.363265][ T7890] ? do_iter_readv_writev+0x8e0/0x8e0 [ 2063.368635][ T7890] ? debug_object_activate+0x2c8/0x4f0 [ 2063.374150][ T7890] ? security_file_permission+0x94/0x380 [ 2063.379803][ T7890] __vfs_read+0xe4/0x110 [ 2063.384058][ T7890] vfs_read+0x194/0x3e0 [ 2063.388238][ T7890] ksys_read+0x14f/0x2d0 [ 2063.392514][ T7890] ? kernel_write+0x120/0x120 [ 2063.397204][ T7890] ? do_syscall_64+0x26/0x610 [ 2063.401889][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2063.407986][ T7890] ? do_syscall_64+0x26/0x610 [ 2063.412693][ T7890] __x64_sys_read+0x73/0xb0 [ 2063.417210][ T7890] do_syscall_64+0x103/0x610 [ 2063.421832][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2063.427769][ T7890] RIP: 0033:0x412ae0 [ 2063.431666][ T7890] Code: 01 f0 ff ff 0f 83 70 1b 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d ad 37 64 00 00 75 14 b8 00 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 44 1b 00 00 c3 48 83 ec 08 e8 6a fc ff ff [ 2063.451362][ T7890] RSP: 002b:0000000000a4fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2063.459797][ T7890] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000412ae0 [ 2063.467891][ T7890] RDX: 0000000000000038 RSI: 0000000000738020 RDI: 00000000000000f9 [ 2063.475881][ T7890] RBP: 000000000000242f R08: 0000000000006000 R09: 0000000000004000 [ 2063.483859][ T7890] R10: 0000000000a4f710 R11: 0000000000000246 R12: 0000000000000000 [ 2063.491849][ T7890] R13: 0000000000a4fdb0 R14: 00000000001f738a R15: 0000000000a4fdc0 [ 2063.503802][ T7890] memory: usage 306980kB, limit 307200kB, failcnt 3413 [ 2063.510959][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2063.518727][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2063.525720][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:202476KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202512KB inactive_file:0KB active_file:0KB unevictable:0KB 05:06:33 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a000088c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:33 executing program 2: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000140)='/dev/capi20\x00', 0x8000, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000180)='security.evm\x00', &(0x7f00000001c0)=@ng={0x4, 0xc, "d087dac489413cb3ac1f8f27bece8f9a"}, 0x12, 0x0) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) pkey_alloc(0x0, 0x1) 05:06:33 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") r0 = syz_open_dev$dmmidi(&(0x7f00000001c0)='/dev/dmmidi#\x00', 0x6, 0x40000) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000fff000/0x1000)=nil, 0x1000}, 0x1}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) r1 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x1ff, 0x0) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f0000000180)) 05:06:33 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:33 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2063.548382][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=17238,uid=0 [ 2063.564048][ T7890] Memory cgroup out of memory: Killed process 17238 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 2063.581534][ T1044] oom_reaper: reaped process 17238 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 05:06:33 executing program 5: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf11000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db3fffffff0f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:33 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x400000, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@loopback, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000280)=0xe8) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x2}, 0x20) 05:06:33 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0b000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:33 executing program 2: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0a000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") modify_ldt$read_default(0x2, &(0x7f0000000180)=""/8, 0xfffffd20) r0 = socket$inet6(0xa, 0x80003, 0x2) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000140)={0x5, 0x5, 0x7, 0x9}, 0x8) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:33 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0000c0c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2063.925210][ T7890] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 2064.034457][ T7890] CPU: 0 PID: 7890 Comm: syz-executor.5 Not tainted 5.1.0-rc7+ #100 [ 2064.042518][ T7890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2064.052603][ T7890] Call Trace: [ 2064.055930][ T7890] dump_stack+0x172/0x1f0 [ 2064.060306][ T7890] dump_header+0x10f/0xb6c [ 2064.064816][ T7890] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2064.070678][ T7890] ? ___ratelimit+0x60/0x595 [ 2064.075329][ T7890] ? do_raw_spin_unlock+0x57/0x270 05:06:34 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0c000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2064.080511][ T7890] oom_kill_process.cold+0x10/0x15 [ 2064.085664][ T7890] out_of_memory+0x79a/0x1280 [ 2064.090402][ T7890] ? lock_downgrade+0x880/0x880 [ 2064.095298][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2064.101583][ T7890] ? oom_killer_disable+0x280/0x280 [ 2064.106850][ T7890] ? find_held_lock+0x35/0x130 [ 2064.111658][ T7890] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2064.117241][ T7890] ? memcg_event_wake+0x230/0x230 [ 2064.122409][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2064.127562][ T7890] ? _raw_spin_unlock+0x2d/0x50 [ 2064.132442][ T7890] try_charge+0x102c/0x15c0 [ 2064.137052][ T7890] ? find_held_lock+0x35/0x130 [ 2064.137077][ T7890] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2064.137099][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2064.147410][ T7890] ? find_held_lock+0x35/0x130 [ 2064.147426][ T7890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2064.147449][ T7890] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2064.147463][ T7890] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2064.147479][ T7890] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2064.147496][ T7890] __memcg_kmem_charge+0x136/0x300 [ 2064.147517][ T7890] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2064.147538][ T7890] ? __pud_alloc+0x1d3/0x250 [ 2064.194961][ T7890] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2064.200704][ T7890] ? __pud_alloc+0x1d3/0x250 [ 2064.205324][ T7890] ? lock_downgrade+0x880/0x880 [ 2064.210217][ T7890] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2064.216483][ T7890] alloc_pages_current+0x107/0x210 [ 2064.221622][ T7890] ? do_raw_spin_unlock+0x57/0x270 [ 2064.226767][ T7890] __pmd_alloc+0x41/0x460 [ 2064.231130][ T7890] ? pmd_val+0x100/0x100 [ 2064.235489][ T7890] pmd_alloc+0x10c/0x180 [ 2064.239786][ T7890] copy_page_range+0x62e/0x1f90 [ 2064.244675][ T7890] ? find_held_lock+0x35/0x130 [ 2064.249475][ T7890] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2064.255833][ T7890] ? debug_smp_processor_id+0x3c/0x280 [ 2064.261339][ T7890] ? copy_process.part.0+0x3121/0x7980 [ 2064.266851][ T7890] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2064.272890][ T7890] ? vma_compute_subtree_gap+0x158/0x230 [ 2064.278552][ T7890] ? vma_gap_callbacks_rotate+0x62/0x80 [ 2064.284125][ T7890] ? pmd_alloc+0x180/0x180 [ 2064.288559][ T7890] ? __rb_insert_augmented+0x231/0xdf0 [ 2064.294029][ T7890] ? validate_mm_rb+0xa3/0xc0 [ 2064.298734][ T7890] ? __vma_link_rb+0x279/0x370 [ 2064.303531][ T7890] copy_process.part.0+0x568b/0x7980 [ 2064.308869][ T7890] ? __cleanup_sighand+0x60/0x60 [ 2064.313845][ T7890] _do_fork+0x257/0xfd0 [ 2064.318028][ T7890] ? fork_idle+0x1d0/0x1d0 [ 2064.322473][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2064.327952][ T7890] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2064.333433][ T7890] ? do_syscall_64+0x26/0x610 [ 2064.338130][ T7890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2064.344229][ T7890] ? do_syscall_64+0x26/0x610 [ 2064.348951][ T7890] __x64_sys_clone+0xbf/0x150 [ 2064.353669][ T7890] do_syscall_64+0x103/0x610 [ 2064.358313][ T7890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2064.364256][ T7890] RIP: 0033:0x45737a [ 2064.368173][ T7890] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 2064.387803][ T7890] RSP: 002b:0000000000a4fd30 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 2064.396271][ T7890] RAX: ffffffffffffffda RBX: 0000000000a4fd30 RCX: 000000000045737a [ 2064.404261][ T7890] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 2064.412249][ T7890] RBP: 0000000000a4fd70 R08: 0000000000000001 R09: 000000000263e940 [ 2064.420234][ T7890] R10: 000000000263ec10 R11: 0000000000000246 R12: 0000000000000001 [ 2064.428258][ T7890] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000a4fdc0 [ 2064.441870][ T7890] memory: usage 307080kB, limit 307200kB, failcnt 3447 [ 2064.449384][ T7890] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2064.461004][ T7890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:34 executing program 1: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf1a0022fbc4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2064.487577][ T7890] Memory cgroup stats for /syz5: cache:52KB rss:202332KB rss_huge:155648KB shmem:156KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202528KB inactive_file:0KB active_file:0KB unevictable:0KB 05:06:34 executing program 0: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") modify_ldt$read_default(0x2, &(0x7f0000000140)=""/142, 0x8e) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2064.578283][ T7890] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=5174,uid=0 [ 2064.614317][ T7890] Memory cgroup out of memory: Killed process 5174 (syz-executor.5) total-vm:72580kB, anon-rss:2212kB, file-rss:35792kB, shmem-rss:0kB 05:06:34 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000040)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x15, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffa, 0x0, 0x3f, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x2, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(r1, &(0x7f0000000480)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) accept$alg(r1, 0x0, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000200)=@nl=@proc, 0x34e, &(0x7f0000000500), 0x11, &(0x7f00000011c0)=""/157, 0xffffffbd}}], 0x4000000000002ae, 0x0, &(0x7f00000003c0)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2064.743241][ T5381] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 2064.787832][ T5381] CPU: 1 PID: 5381 Comm: syz-executor.2 Not tainted 5.1.0-rc7+ #100 [ 2064.795874][ T5381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2064.805953][ T5381] Call Trace: [ 2064.809283][ T5381] dump_stack+0x172/0x1f0 [ 2064.813656][ T5381] dump_header+0x10f/0xb6c [ 2064.818123][ T5381] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2064.823972][ T5381] ? ___ratelimit+0x60/0x595 [ 2064.828602][ T5381] ? do_raw_spin_unlock+0x57/0x270 [ 2064.833768][ T5381] oom_kill_process.cold+0x10/0x15 [ 2064.838921][ T5381] out_of_memory+0x79a/0x1280 [ 2064.843642][ T5381] ? oom_killer_disable+0x280/0x280 [ 2064.848880][ T5381] ? find_held_lock+0x35/0x130 [ 2064.853679][ T5381] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2064.859251][ T5381] ? memcg_event_wake+0x230/0x230 [ 2064.864311][ T5381] ? do_raw_spin_unlock+0x57/0x270 [ 2064.869454][ T5381] ? _raw_spin_unlock+0x2d/0x50 [ 2064.874334][ T5381] try_charge+0x102c/0x15c0 [ 2064.878874][ T5381] ? find_held_lock+0x35/0x130 [ 2064.883670][ T5381] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2064.889258][ T5381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2064.895526][ T5381] ? kasan_check_read+0x11/0x20 [ 2064.898790][ T1554] page:ffffea00011c8000 count:512 mapcount:0 mapping:ffff88808bb973e1 index:0x20000 [ 2064.900405][ T5381] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2064.900693][ T1554] compound_mapcount: -1 [ 2064.909800][ T5381] mem_cgroup_try_charge+0x24d/0x5e0 [ 2064.909823][ T5381] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 2064.909842][ T5381] wp_page_copy+0x408/0x1740 05:06:34 executing program 0: r0 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x3ff, 0x200) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180), &(0x7f00000001c0)=0xb) syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf04000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) [ 2064.909855][ T5381] ? find_held_lock+0x35/0x130 [ 2064.909881][ T5381] ? pmd_pfn+0x1d0/0x1d0 [ 2064.909896][ T5381] ? lock_downgrade+0x880/0x880 [ 2064.909910][ T5381] ? swp_swapcount+0x540/0x540 [ 2064.909926][ T5381] ? kasan_check_read+0x11/0x20 [ 2064.909941][ T5381] ? do_raw_spin_unlock+0x57/0x270 [ 2064.909957][ T5381] do_wp_page+0x48e/0x1500 [ 2064.909979][ T5381] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 2064.910003][ T5381] __handle_mm_fault+0x22e8/0x3ec0 [ 2064.910020][ T5381] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 2064.910031][ T5381] ? find_held_lock+0x35/0x130 [ 2064.910045][ T5381] ? handle_mm_fault+0x322/0xb30 [ 2064.910065][ T5381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2064.910079][ T5381] ? kasan_check_read+0x11/0x20 [ 2064.910096][ T5381] handle_mm_fault+0x43f/0xb30 [ 2064.910112][ T5381] __do_page_fault+0x5ef/0xda0 [ 2064.910131][ T5381] do_page_fault+0x71/0x581 [ 2064.910144][ T5381] ? page_fault+0x8/0x30 [ 2064.910156][ T5381] page_fault+0x1e/0x30 [ 2064.910167][ T5381] RIP: 0033:0x41088c [ 2064.910183][ T5381] Code: 89 b5 38 ff ff ff 48 83 c8 01 48 89 05 3d fc 63 00 48 8b 05 16 26 30 00 49 c7 85 c8 02 00 00 90 2e 71 00 49 89 85 c0 02 00 00 <4c> 89 70 08 4c 89 35 f9 25 30 00 48 c7 05 0e fc 63 00 00 00 00 00 [ 2064.910191][ T5381] RSP: 002b:0000000000a4fae0 EFLAGS: 00010202 [ 2064.910202][ T5381] RAX: 00007ff76eaac9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 2064.910210][ T5381] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007ff76ea8b6a0 [ 2064.910218][ T5381] RBP: 0000000000a4fbc0 R08: 0000000000714800 R09: 0000000000714800 [ 2064.910226][ T5381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000a4fcb0 [ 2064.910234][ T5381] R13: 00007ff76ea8b700 R14: 00007ff76ea8b9c0 R15: 000000000073bfac [ 2064.924856][ T5381] memory: usage 307200kB, limit 307200kB, failcnt 12819 [ 2064.935895][ T1554] anon [ 2064.935909][ T1554] flags: 0x1fffc000009000d(locked|uptodate|dirty|head|swapbacked) [ 2064.939479][ T5381] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2064.967754][ T5381] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 05:06:35 executing program 4: syz_execute_func(&(0x7f0000000000)="994a2ae92c02b64c0f05bf0d000000c4a37bf0c5e041e2e9c422e9aabb3c0000004a0fc7a4ea70db000000000f383a9e02000000110f4e5bc4a265aa104b26660f38091e2fa2631bc421045f4607c421dd589fc4e10bf8e426f2f045f619640f0f6f43a038fd52262e2e66450f7d64c60865f2ad0383397fd3ff3a0065f20f7cd8efa1a12ad764d38f53efaf6766f2ab440fec3f67ddea660f79cec462b1f72ec3c4899294d800000000000fc4634148f70000c2a0c10b00cca27a0e0fc442cd376d000f9f3c6436b2aa66450fc4650000c4e39978c104d9a1e8719e70ddcdcda2660f38346800c4e3295d4c3dc8a3c4c1045ccc7d75c4426507af0f0000000f5fd25cf3460f2ad0f30f5ea5a9a50000ffff660f79ca553131b83a00a2f1fbfb766208cf") write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0xfffffffffffffef9}, 0xfffffc34) 05:06:35 executing program 3: syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) fsetxattr$security_evm(r0, &(0x7f0000000400)='security.evm\x00', &(0x7f0000000280)=@sha1={0x1, "ec5112ee7e5ed867dea8bb695666a22f9c509452"}, 0x4, 0x2) setsockopt$RXRPC_UPGRADEABLE_SERVICE(0xffffffffffffffff, 0x110, 0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000005c0)={'team0\x00'}) ioctl$VIDIOC_S_AUDIO(r0, 0x40345622, &(0x7f00000002c0)={0x6, "226619b5d5a8ef4d0f023a539bfb983480203f579aa61e19a729d03ad4106206", 0x0, 0x1}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{0x0}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}}], 0x3, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) ioctl$sock_SIOCADDDLCI(r1, 0x8980, &(0x7f0000000180)={'tunl0\x00', 0x7}) getsockname(0xffffffffffffffff, &(0x7f0000000200)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x80) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) r2 = accept$alg(r1, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x80000, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) [ 2064.981874][ T1554] raw: 01fffc000009000d dead000000000100 dead000000000200 ffff88808bb973e1 [ 2065.004967][ T5381] Memory cgroup stats for /syz2: cache:48KB rss:88460KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:88620KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2065.027939][ T5381] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=5159,uid=0 [ 2065.187332][ T1554] raw: 0000000000020000 0000000000000000 0000020000000000 ffff88809b88e200 [ 2065.206587][ T1554] page dumped because: VM_BUG_ON_PAGE(compound_mapcount(head)) [ 2065.224434][ T1554] page->mem_cgroup:ffff88809b88e200 [ 2065.232320][ T1554] ------------[ cut here ]------------ [ 2065.237809][ T1554] kernel BUG at mm/huge_memory.c:2716! [ 2065.258269][ T1554] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 2065.263249][ T5381] Memory cgroup out of memory: Killed process 5159 (syz-executor.2) total-vm:72580kB, anon-rss:2212kB, file-rss:35780kB, shmem-rss:0kB [ 2065.264398][ T1554] CPU: 1 PID: 1554 Comm: kswapd0 Not tainted 5.1.0-rc7+ #100 [ 2065.264406][ T1554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2065.264427][ T1554] RIP: 0010:split_huge_page_to_list+0x20cc/0x2de0 [ 2065.264440][ T1554] Code: e8 79 32 c5 ff 48 c7 c6 40 2d 74 87 4c 89 e7 e8 1a a2 ee ff 0f 0b e8 63 32 c5 ff 48 c7 c6 80 2d 74 87 4c 89 e7 e8 04 a2 ee ff <0f> 0b e8 4d 32 c5 ff 4d 8d 77 ff e9 e6 e7 ff ff 41 be 02 00 00 00 [ 2065.264448][ T1554] RSP: 0018:ffff8880a5c8f630 EFLAGS: 00010293 [ 2065.264459][ T1554] RAX: ffff8880a5c72480 RBX: ffffea00011c8080 RCX: 0000000000000000 [ 2065.264466][ T1554] RDX: 0000000000000000 RSI: ffffffff819a0ce2 RDI: ffffed1014b91eaa [ 2065.264474][ T1554] RBP: ffff8880a5c8f7a0 R08: 0000000000000021 R09: ffffed1015d23ef1 [ 2065.264482][ T1554] R10: ffffed1015d23ef0 R11: ffff8880ae91f787 R12: ffffea00011c8000 [ 2065.264489][ T1554] R13: 01fffc000009000d R14: 00000000fffffffe R15: ffffea00011c8054 [ 2065.264500][ T1554] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2065.264507][ T1554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2065.264514][ T1554] CR2: 000000000000000d CR3: 0000000061ecf000 CR4: 00000000001406e0 [ 2065.264526][ T1554] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2065.264534][ T1554] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2065.264538][ T1554] Call Trace: [ 2065.264566][ T1554] ? can_split_huge_page+0x490/0x490 [ 2065.264590][ T1554] deferred_split_scan+0x64b/0xa60 [ 2065.264610][ T1554] ? split_huge_page_to_list+0x2de0/0x2de0 [ 2065.264632][ T1554] do_shrink_slab+0x400/0xa80 [ 2065.264654][ T1554] shrink_slab+0x4be/0x5e0 [ 2065.320602][ T5501] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 2065.322181][ T1554] ? unregister_memcg_shrinker.isra.0+0x50/0x50 [ 2065.322203][ T1554] ? __lock_acquire+0x548/0x3fb0 [ 2065.333178][ T5501] CPU: 0 PID: 5501 Comm: syz-executor.1 Not tainted 5.1.0-rc7+ #100 [ 2065.336277][ T1554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.344273][ T5501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2065.352278][ T1554] shrink_node+0x552/0x1570 [ 2065.360240][ T5501] Call Trace: [ 2065.368231][ T1554] ? shrink_node_memcg+0x1430/0x1430 [ 2065.377169][ T5501] dump_stack+0x172/0x1f0 [ 2065.383762][ T1554] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2065.391741][ T5501] dump_header+0x10f/0xb6c [ 2065.399719][ T1554] ? pgdat_balanced+0x13a/0x180 [ 2065.407697][ T5501] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2065.410966][ T1554] balance_pgdat+0x56c/0xe80 [ 2065.416246][ T5501] ? ___ratelimit+0x60/0x595 [ 2065.421380][ T1554] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2065.427198][ T5501] ? do_raw_spin_unlock+0x57/0x270 [ 2065.431862][ T1554] ? kasan_check_read+0x11/0x20 [ 2065.436270][ T5501] oom_kill_process.cold+0x10/0x15 [ 2065.448320][ T1554] ? mem_cgroup_shrink_node+0x6e0/0x6e0 [ 2065.454553][ T5501] out_of_memory+0x79a/0x1280 [ 2065.459466][ T1554] ? finish_task_switch+0x1f0/0x780 [ 2065.467445][ T5501] ? oom_killer_disable+0x280/0x280 [ 2065.473694][ T1554] ? __switch_to_asm+0x34/0x70 [ 2065.483755][ T5501] ? find_held_lock+0x35/0x130 [ 2065.488254][ T1554] kswapd+0x5f4/0xfd0 [ 2065.491517][ T5501] mem_cgroup_out_of_memory+0x1ca/0x230 [ 2065.496812][ T1554] ? balance_pgdat+0xe80/0xe80 [ 2065.501128][ T5501] ? memcg_event_wake+0x230/0x230 [ 2065.507372][ T1554] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2065.511808][ T5501] ? do_raw_spin_unlock+0x57/0x270 [ 2065.516652][ T1554] ? trace_hardirqs_on+0x67/0x230 [ 2065.522462][ T5501] ? _raw_spin_unlock+0x2d/0x50 [ 2065.527039][ T1554] ? finish_wait+0x260/0x260 [ 2065.531620][ T5501] try_charge+0x102c/0x15c0 [ 2065.536897][ T1554] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 2065.541989][ T5501] ? find_held_lock+0x35/0x130 [ 2065.546840][ T1554] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2065.551965][ T5501] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 2065.557511][ T1554] ? __kthread_parkme+0xfb/0x1b0 [ 2065.562205][ T5501] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2065.567398][ T1554] kthread+0x357/0x430 [ 2065.572578][ T5501] ? find_held_lock+0x35/0x130 [ 2065.577334][ T1554] ? balance_pgdat+0xe80/0xe80 [ 2065.582116][ T5501] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2065.586137][ T1554] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 2065.595195][ T5501] __memcg_kmem_charge_memcg+0x7c/0x130 [ 2065.600252][ T1554] ret_from_fork+0x3a/0x50 [ 2065.605292][ T5501] ? memcg_kmem_put_cache+0xb0/0xb0 [ 2065.610570][ T1554] Modules linked in: [ 2065.615705][ T5501] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 2065.666814][ T3875] kobject: 'loop4' (0000000062be9caa): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2065.668482][ T5501] __memcg_kmem_charge+0x136/0x300 [ 2065.668501][ T5501] __alloc_pages_nodemask+0x4bf/0x8d0 [ 2065.668523][ T5501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.673308][ T3875] kobject: 'loop3' (000000007bdca78b): kobject_uevent_env [ 2065.677371][ T5501] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 2065.677392][ T5501] ? copy_process.part.0+0x1d08/0x7980 [ 2065.677408][ T5501] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2065.677430][ T5501] ? trace_hardirqs_on+0x67/0x230 [ 2065.691395][ T3875] kobject: 'loop3' (000000007bdca78b): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2065.694024][ T5501] ? kasan_check_read+0x11/0x20 [ 2065.694045][ T5501] copy_process.part.0+0x3e0/0x7980 [ 2065.694058][ T5501] ? psi_memstall_leave+0x11c/0x180 [ 2065.694072][ T5501] ? sched_clock+0x2e/0x50 [ 2065.694087][ T5501] ? psi_memstall_leave+0x12e/0x180 [ 2065.694109][ T5501] ? find_held_lock+0x35/0x130 [ 2065.704500][ T3875] kobject: 'loop4' (0000000062be9caa): kobject_uevent_env [ 2065.709338][ T5501] ? psi_memstall_leave+0x12e/0x180 [ 2065.709381][ T5501] ? __cleanup_sighand+0x60/0x60 [ 2065.709404][ T5501] ? __lock_acquire+0x548/0x3fb0 [ 2065.713408][ T3875] kobject: 'loop4' (0000000062be9caa): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2065.718919][ T5501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.718939][ T5501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.718953][ T5501] ? debug_smp_processor_id+0x3c/0x280 [ 2065.718974][ T5501] _do_fork+0x257/0xfd0 [ 2065.718997][ T5501] ? fork_idle+0x1d0/0x1d0 [ 2065.740703][ T1554] ---[ end trace dca4745dde5a2a03 ]--- [ 2065.745954][ T5501] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 2065.745968][ T5501] ? lock_downgrade+0x880/0x880 [ 2065.745981][ T5501] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2065.745996][ T5501] ? blkcg_exit_queue+0x30/0x30 [ 2065.746011][ T5501] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2065.746032][ T5501] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2065.753187][ T1554] RIP: 0010:split_huge_page_to_list+0x20cc/0x2de0 [ 2065.758867][ T5501] ? do_syscall_64+0x26/0x610 [ 2065.758881][ T5501] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2065.758892][ T5501] ? do_syscall_64+0x26/0x610 [ 2065.758908][ T5501] __x64_sys_clone+0xbf/0x150 [ 2065.758927][ T5501] do_syscall_64+0x103/0x610 [ 2065.758947][ T5501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2065.764475][ T1554] Code: e8 79 32 c5 ff 48 c7 c6 40 2d 74 87 4c 89 e7 e8 1a a2 ee ff 0f 0b e8 63 32 c5 ff 48 c7 c6 80 2d 74 87 4c 89 e7 e8 04 a2 ee ff <0f> 0b e8 4d 32 c5 ff 4d 8d 77 ff e9 e6 e7 ff ff 41 be 02 00 00 00 [ 2065.769696][ T5501] RIP: 0033:0x45b779 [ 2065.769716][ T5501] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 2065.769733][ T5501] RSP: 002b:0000000000a4fa98 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 2065.774824][ T1554] RSP: 0018:ffff8880a5c8f630 EFLAGS: 00010293 [ 2065.784924][ T5501] RAX: ffffffffffffffda RBX: 00007f71d9337700 RCX: 000000000045b779 [ 2065.784932][ T5501] RDX: 00007f71d93379d0 RSI: 00007f71d9336db0 RDI: 00000000003d0f00 [ 2065.784939][ T5501] RBP: 0000000000a4fcb0 R08: 00007f71d9337700 R09: 00007f71d9337700 [ 2065.784945][ T5501] R10: 00007f71d93379d0 R11: 0000000000000202 R12: 0000000000000000 [ 2065.784951][ T5501] R13: 0000000000a4fb4f R14: 00007f71d93379c0 R15: 000000000073bfac [ 2065.797255][ T5501] memory: usage 307200kB, limit 307200kB, failcnt 9568 [ 2065.801754][ T3875] kobject: 'loop0' (000000005adf4779): kobject_uevent_env [ 2065.812477][ T5501] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2065.824047][ T3875] kobject: 'loop0' (000000005adf4779): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 2065.832849][ T5501] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 2065.839595][ T1554] RAX: ffff8880a5c72480 RBX: ffffea00011c8080 RCX: 0000000000000000 [ 2065.876903][ T5501] Memory cgroup stats for /syz1: cache:108KB rss:127544KB rss_huge:61440KB shmem:128KB mapped_file:132KB dirty:0KB writeback:132KB swap:0KB inactive_anon:80KB active_anon:121428KB inactive_file:0KB active_file:0KB unevictable:4KB [ 2065.898714][ T1554] RDX: 0000000000000000 RSI: ffffffff819a0ce2 RDI: ffffed1014b91eaa [ 2065.908625][ T5501] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=5398,uid=0 [ 2065.924795][ T1554] RBP: ffff8880a5c8f7a0 R08: 0000000000000021 R09: ffffed1015d23ef1 [ 2065.924805][ T1554] R10: ffffed1015d23ef0 R11: ffff8880ae91f787 R12: ffffea00011c8000 [ 2065.924813][ T1554] R13: 01fffc000009000d R14: 00000000fffffffe R15: ffffea00011c8054 [ 2065.924824][ T1554] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2065.924832][ T1554] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2065.924839][ T1554] CR2: 00007f8854cdb900 CR3: 000000005662a000 CR4: 00000000001406e0 [ 2065.924851][ T1554] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2065.924858][ T1554] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2065.924874][ T1554] Kernel panic - not syncing: Fatal exception [ 2065.932320][ T1554] Kernel Offset: disabled [ 2066.214467][ T1554] Rebooting in 86400 seconds..